Malware Analysis Report

2024-09-09 17:53

Sample ID 240613-g8nnws1gjn
Target a433c3e248a97470d4c9d905dc99cd8c_JaffaCakes118
SHA256 7c5f5c6a31611c6fed9fea6d8071269952e54a22c74eeccad65ea5b0eabdd0ca
Tags
discovery evasion impact
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

7c5f5c6a31611c6fed9fea6d8071269952e54a22c74eeccad65ea5b0eabdd0ca

Threat Level: Shows suspicious behavior

The file a433c3e248a97470d4c9d905dc99cd8c_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery evasion impact

Loads dropped Dex/Jar

Requests dangerous framework permissions

Queries information about active data network

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 06:28

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 06:28

Reported

2024-06-13 06:31

Platform

android-x86-arm-20240611.1-en

Max time kernel

7s

Max time network

140s

Command Line

com.raa.wdxfde

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.raa.wdxfde/files/less/uqsVxr.jar N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.raa.wdxfde

Network

Country Destination Domain Proto
GB 142.250.180.14:443 tcp
N/A 224.0.0.251:5353 udp
CN 116.62.181.149:8080 tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp

Files

/data/data/com.raa.wdxfde/files/less/uqsVxr.jar

MD5 a1b12aec94204a62904ee0f4e119269d
SHA1 4a1ca96928212b47d0463151ffb81a3064f2883f
SHA256 a2b351ea8805e393a5ee6312a7082bf810b047ccfbb827d51bc0386a8bd23830
SHA512 a5371647c0467cc842afc8eda699c1028240126ae22e0dc33fe250e19cb93f57c72b6a1297cf55911725408d41f47ac2c637cef747ac7bcfe8daff3a49c94d4c

/data/user/0/com.raa.wdxfde/files/less/uqsVxr.jar

MD5 5d9aa2b3757c19de41687e710bf75da9
SHA1 898004702420c5ee65e81360997bfd361ab5682e
SHA256 a99f45c2732a7c907586f35745bf9ab1211b227c1d81b0a17b4ee8b3593426fd
SHA512 44530d5d1fd229566f01ff933871f3ae7fd254d92f81b8df4b9312743df42bd1fa4daa61e6e082f16a0a808d56ee04949c210e8ce10c6dd0e206c05018346e10