Malware Analysis Report

2024-09-09 13:21

Sample ID 240613-fsewdavfrg
Target a3eba782bd45b94b8a40d5c388ed1310_JaffaCakes118
SHA256 eb4c7fc0878b786a53e0123c3dacb485610fa4dbf64fac4a5faf14d542dfa625
Tags
collection discovery persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

eb4c7fc0878b786a53e0123c3dacb485610fa4dbf64fac4a5faf14d542dfa625

Threat Level: Shows suspicious behavior

The file a3eba782bd45b94b8a40d5c388ed1310_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

collection discovery persistence

Reads the content of the call log.

Queries the mobile country code (MCC)

Declares services with permission to bind to the system

Requests dangerous framework permissions

Queries information about active data network

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks memory information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 05:07

Signatures

Declares services with permission to bind to the system

Description Indicator Process Target
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read the user's calendar data. android.permission.READ_CALENDAR N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 05:07

Reported

2024-06-13 05:11

Platform

android-x86-arm-20240611.1-en

Max time kernel

3s

Max time network

138s

Command Line

info.tikusoft.l8

Signatures

Reads the content of the call log.

collection
Description Indicator Process Target
URI accessed for read content://call_log/calls N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

info.tikusoft.l8

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 cp.g365.cn udp
HK 154.211.12.106:80 cp.g365.cn tcp
HK 154.211.12.106:80 cp.g365.cn tcp
GB 172.217.16.238:80 android.clients.google.com tcp
GB 172.217.16.238:80 android.clients.google.com tcp
GB 172.217.16.238:80 android.clients.google.com tcp
GB 172.217.16.238:80 android.clients.google.com tcp
GB 172.217.16.238:80 android.clients.google.com tcp
GB 172.217.16.238:80 android.clients.google.com tcp
GB 172.217.16.238:80 android.clients.google.com tcp
GB 172.217.16.238:80 android.clients.google.com tcp
GB 172.217.16.238:80 android.clients.google.com tcp
GB 172.217.16.238:80 android.clients.google.com tcp
GB 172.217.16.238:80 android.clients.google.com tcp
GB 172.217.16.238:80 android.clients.google.com tcp
GB 172.217.16.238:80 android.clients.google.com tcp
GB 172.217.16.238:80 android.clients.google.com tcp
GB 172.217.16.238:80 android.clients.google.com tcp
GB 172.217.16.238:80 android.clients.google.com tcp
GB 172.217.16.238:80 android.clients.google.com tcp
GB 172.217.16.238:80 android.clients.google.com tcp
GB 172.217.16.238:80 android.clients.google.com tcp
GB 172.217.16.238:80 android.clients.google.com tcp
GB 172.217.16.238:80 android.clients.google.com tcp
GB 172.217.16.238:80 android.clients.google.com tcp
GB 172.217.16.238:80 android.clients.google.com tcp
GB 172.217.16.238:80 android.clients.google.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.238:443 android.apis.google.com tcp

Files

/data/data/info.tikusoft.l8/cache/fonts/font_0x7f070003

MD5 d5c46b134c17b2138dcd1bb0efa67049
SHA1 7d0421de4e1398fb9087378a9ccc9297bdbc84b9
SHA256 94df4e4976db8ddaec27f8e8c33eef912e744fb200ca09051794b38e5a502fc0
SHA512 439ee91745e269e0b61af6d8d15616f69113cc3342fc68bf37a10fe329b1ce6894532fffe809a3ba2cc02c5864c5ecb51792759a5807615e7fe94ad765bbf6f1

/data/data/info.tikusoft.l8/files/drawables.db

MD5 db5fc5d312b7a060a86ef1e4fa508ffd
SHA1 c108fd1042d4f4be9873fe2eabf92ef77cc5cf1a
SHA256 baf87052a1aa099973907dfcaee80cc80d909e6fb959ddbe9d79f31903a09f4b
SHA512 8eaffffba6c684bc7d032b131d1c241254cf386fc1308207fcb28945c1df33c3beab18eaed496629ec6b40f72de337157d395d6780271cf2b1a7ef7433200855

/data/data/info.tikusoft.l8/files/drawables.db

MD5 b5afdad270cf425697146980b72323be
SHA1 25a355f8a9d1edcb8e36a0047d27807b554b5ffe
SHA256 74b5f622f6bf24214bce769d30eda536f07bb9d53ec9e61283d2b0c03c9a8b5c
SHA512 17c515a91a6342ecaea4fa7c50d5ca4261719d97b4494fb6b59eeb5b3f005b656f5b6a737506e049f311e0d64f5329589b990c79c6ab5dad08f94b6508041e3c

/data/data/info.tikusoft.l8/files/drawables.db

MD5 5580fe2c60f41019d84220b5d4b62826
SHA1 d33f4c52846b7ca44953e3d3bc6c0435e4251248
SHA256 ddd2da2e8d9924db0da85e55cab58be76d211e2759eb1676b8fab5fd332d304c
SHA512 8d5d061e05a6b595662959ccc3cbdc5ed64ae512c56a25f1577673c87b8f9165eb29e727ad82725f824510809974df0f0b6348ef4044a08b6029c5d502bf906a

/data/data/info.tikusoft.l8/files/drawables.db

MD5 4931337391475849eccc96d4de496b94
SHA1 6c71dfaed5c1b1df0f1cda797e051003fa4d0dbf
SHA256 58ffa3cb56821c9d90ab8f3f2a83db31df52f28e080cbae3f528e3a5aeeb5db2
SHA512 bd9af86070848aa503ae2ccbfba20a4e11f6bb062e1181e3468452f881e18ac21246ade6a6668539a54be3834631599fbadebc997533803930327f05b84bc29d

/data/data/info.tikusoft.l8/files/drawables.db

MD5 fa9a470c6be1dad1d30d2aa7bf538903
SHA1 01a0ecf8f9d0c3734437fe0f2465cf9fd8dc89ee
SHA256 ae4f2379aad5e0f86c495b148fa0224b59fc2940ccbaec4b7facaa22f040db29
SHA512 8746f317ca862aba0bc5e20735f67a77dbff761e9fff5981f6f23b7f1568593742f5a0305378004c58e7990dbe62cd7c8161627c324596a0e15f8bddc18f6868

/data/data/info.tikusoft.l8/files/drawables.db

MD5 87757d8a52749d0c930bc5be8d6fc263
SHA1 57cdf06557d8592adabc2f24e448a975fea8adee
SHA256 16b958534b40524a1ae8aef983be54286d0efe56298a59b44dbdfbb8f35fdca4
SHA512 b1b49d0c59a15e9ffa723fdecd74077dd8779c111f11bd15b11691e0db2145af8445868cb9faa66b141ca39f82e0d3d1b397b0932e523c0d6acf294d59ff3b6c

/data/data/info.tikusoft.l8/cache/fonts/font_0x7f070004

MD5 5673da52c98bb6cb33ada5aaf649703e
SHA1 a18dcbf99c8d2325c2fbf22a64e8cc28a0cf4d3b
SHA256 16466ef65064e6f3885a6d2806b8949ac1ac38b524dd0cf8fc96565eb4cc28e8
SHA512 9728536f1e67069b4c44effc3245d81f61fb79c811a4bd2d3879f57eb220e475dfee0639dbecbe03f411aa8f1e2e84fc38a966ba38982b0b35e2b2a98549583a

/data/data/info.tikusoft.l8/databases/DownloadsDB-journal

MD5 823a36db5297cd5c70628a31a6cdd4c7
SHA1 1b9d80e651ec5e296342972985878c6fb04d2b27
SHA256 0094014b71d18be805d7d371d2c328be71074d8118f700189ee6e44a83a35cd2
SHA512 331bbf04cd6edfc73f3ef5b20eb408be0b8028e3bd3891f887765f5b9011fe1dd11d39408c1b07e55f049ad3a0dd718a0d77b9dc7dae7d91e95bf485734c1865

/data/data/info.tikusoft.l8/databases/DownloadsDB

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/info.tikusoft.l8/databases/DownloadsDB-shm

MD5 cf845a781c107ec1346e849c9dd1b7e8
SHA1 b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA256 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA512 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

/data/data/info.tikusoft.l8/databases/DownloadsDB-wal

MD5 3e6c15a077e9a8ac2abab186b4acc4d3
SHA1 1db5f5f5b8754e7093e1d364652ead139d75176b
SHA256 a2ef7932fd72706789280a1568876108e0a12274058766a4cd1b525f370aa18a
SHA512 bdb2c1d5f059996ee3aee21afa35cbb05f9d06c40c6650e77c33f2d13b8482fc8034176dfd98a6b2ce8694b92d7e0170ea833f0dd513dd4cea55d057c9185221