Analysis Overview
SHA256
9c91f511a4c6d71f59cac878c6948143033e0876a30d8f83090777f58c6b98c6
Threat Level: Likely malicious
The file a408440e12dd4d74902d09911ea4832b_JaffaCakes118 was found to be: Likely malicious.
Malicious Activity Summary
Checks if the Android device is rooted.
Requests dangerous framework permissions
Queries information about active data network
Queries information about the current Wi-Fi connection
Checks the presence of a debugger
Registers a broadcast receiver at runtime (usually for listening for system events)
Uses Crypto APIs (Might try to encrypt user data)
Checks memory information
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-06-13 05:40
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to read or write the system settings. | android.permission.WRITE_SETTINGS | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 05:40
Reported
2024-06-13 05:43
Platform
android-x86-arm-20240611.1-en
Max time kernel
105s
Max time network
178s
Command Line
Signatures
Checks if the Android device is rooted.
| Description | Indicator | Process | Target |
| N/A | /system/app/Superuser.apk | N/A | N/A |
| N/A | /sbin/su | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Checks the presence of a debugger
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.taotaosheng.optimize.picasso
/system/bin/sh -c getprop ro.board.platform
getprop ro.board.platform
/system/bin/sh -c type su
logcat -d -v threadtime
/system/bin/sh -c getprop ro.miui.ui.version.name
getprop ro.miui.ui.version.name
/system/bin/sh -c getprop ro.build.version.emui
getprop ro.build.version.emui
/system/bin/sh -c getprop ro.lenovo.series
getprop ro.lenovo.series
/system/bin/sh -c getprop ro.build.nubia.rom.name
getprop ro.build.nubia.rom.name
/system/bin/sh -c getprop ro.meizu.product.model
getprop ro.meizu.product.model
/system/bin/sh -c getprop ro.build.version.opporom
getprop ro.build.version.opporom
/system/bin/sh -c getprop ro.vivo.os.build.display.id
getprop ro.vivo.os.build.display.id
/system/bin/sh -c getprop ro.aa.romver
getprop ro.aa.romver
/system/bin/sh -c getprop ro.lewa.version
getprop ro.lewa.version
/system/bin/sh -c getprop ro.gn.gnromvernumber
getprop ro.gn.gnromvernumber
/system/bin/sh -c getprop ro.build.tyd.kbstyle_version
getprop ro.build.tyd.kbstyle_version
/system/bin/sh -c getprop ro.build.fingerprint
getprop ro.build.fingerprint
/system/bin/sh -c getprop ro.build.rom.id
getprop ro.build.rom.id
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.204.74:443 | tcp | |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | android.bugly.qq.com | udp |
| CN | 14.22.7.140:80 | android.bugly.qq.com | tcp |
| GB | 216.58.201.110:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |
| CN | 14.22.7.199:80 | android.bugly.qq.com | tcp |
| GB | 216.58.212.202:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 216.58.212.202:443 | semanticlocation-pa.googleapis.com | tcp |
| CN | 119.147.179.152:80 | android.bugly.qq.com | tcp |
| US | 1.1.1.1:53 | android.bugly.qq.com | udp |
| CN | 14.22.7.140:80 | android.bugly.qq.com | tcp |
| CN | 119.147.179.152:80 | android.bugly.qq.com | tcp |
| CN | 14.22.7.199:80 | android.bugly.qq.com | tcp |
Files
/data/data/com.taotaosheng.optimize.picasso/databases/bugly_db_legu-journal
| MD5 | 9c083f795c172a533029e602822c541a |
| SHA1 | 8e7cbadc3296a841fb5ba5409b06e4ace79c0938 |
| SHA256 | cfc24e4fe21cf88059c9b1cd3b302d2a6b39dbd6e6549ece026012c76bd88fda |
| SHA512 | ce560081d68fa8729fb73088134c6bcfa3da3aa746b084187ce0c1ca3c7fa31bb5b0c22a693c3e2fdec91b071393fb5b25b1e8c844844a25c558e62728c91f59 |
/data/data/com.taotaosheng.optimize.picasso/databases/bugly_db_legu
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/com.taotaosheng.optimize.picasso/databases/bugly_db_legu-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/com.taotaosheng.optimize.picasso/databases/bugly_db_legu-wal
| MD5 | 514238b0c8ba81716f363c273b8122e0 |
| SHA1 | 735925bc60e506ecd63bcc341c4fd8cd24f477e3 |
| SHA256 | 5cb09c666fc58ac96fd508c07c31eea1caf17c623780f7cad3e101cf40e7a0f8 |
| SHA512 | e20f0c28d0f1e5199bbf58dc61e5c96a8c8924e6a99813f33dd2d43ccf9c099d986c6a6b70e223bff88448931c5e47286f4c0e54dd9c6e512b10efc9d3959bed |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 05:40
Reported
2024-06-13 05:43
Platform
android-x64-arm64-20240611.1-en
Max time kernel
3s
Max time network
132s
Command Line
Signatures
Checks the presence of a debugger
Processes
com.taotaosheng.optimize.picasso
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.187.206:443 | tcp | |
| GB | 142.250.187.206:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.187.200:443 | ssl.google-analytics.com | tcp |
| GB | 216.58.212.234:443 | tcp | |
| GB | 216.58.212.196:443 | tcp | |
| GB | 216.58.212.196:443 | tcp |
Files
/data/user/0/com.taotaosheng.optimize.picasso/databases/bugly_db_legu-journal
| MD5 | e8fe664a13cbaf23bfeb16af9a69fe59 |
| SHA1 | 08cbdcf2dcf1a2055f7241e64e60b765d0134c52 |
| SHA256 | 0fa6589b9a15b8a047168c6e397789f3bbbe77f047f6acec57dab15cfc97f6ba |
| SHA512 | 1b86179734b5ca154dbb4a806fa2b8ccd595e3a1b3abf159eba146d57dae167450701ceac009cfe969de6acd54246362af66e15242140d524cb2c3f5e47fd81a |
/data/user/0/com.taotaosheng.optimize.picasso/databases/bugly_db_legu
| MD5 | 69c81aac919582263c22e2f201e3d357 |
| SHA1 | a55e198c7b40c4543ab41b6d2cb2af83b245d3b8 |
| SHA256 | 2a142f29d89ef9f2b24d392bcab046a44b33a76222f138590aa8bbb2fc2fb3a7 |
| SHA512 | 98e24e3245002b215c108014802f16c85cd58dfd3f5163a9821718bcf9741aa14223d65b78242fdc020d11e792377ce1cd4d0404ed5ebe474823429b52bb5b98 |
/data/user/0/com.taotaosheng.optimize.picasso/databases/bugly_db_legu-journal
| MD5 | 96874af33711e62dba1df31483cf8080 |
| SHA1 | facd17d1fc7ead60aaf1fd5eea29bef4cf266b3b |
| SHA256 | 3d53acade8e6cd97c5b15cc34a4c9e211408f954b22595dfc6e3e72dbf3b4be2 |
| SHA512 | 115224f91b26297a51b48f5fa80c4d7504943a88a5d224e343ec817a4367a3ca11a70e3e9cd3b34353690f61b3b5a482616fb88f115416330e9aaae165d68a14 |
/data/user/0/com.taotaosheng.optimize.picasso/databases/bugly_db_legu-journal
| MD5 | 68817ddb92a7b6e1f210bf65875d6b50 |
| SHA1 | fdf9f07d54797c32a48e51e390cdba2ff5b28716 |
| SHA256 | 12309336e718f59bed9dcb702e17a0b91b5f99b56828f8c75d02431093ad9e8f |
| SHA512 | ba0e6fae6df7284310aa3a8a6086595140cd3ab6a421205cbf2f429fd726788a2df80507308cf5e0dd5fa63d4eae2b5cf2a3c11877d850b68e4453cda135f3fc |
/data/user/0/com.taotaosheng.optimize.picasso/databases/bugly_db_legu-journal
| MD5 | 4bd9fafce687151c9eeb5070e9be56d9 |
| SHA1 | 4fb6f6c741e057a99f31b3c2fbd9bd9aed19a60d |
| SHA256 | daf90c8616262ed76fa2cc3daef10c233d1cd6349380d1acf26054d1be4c595c |
| SHA512 | 7b0628564da5a360a9d304f49fdeec16ef383164b1a7712fce224bee60ff4233549dcd76ed1d6d96f70d9efd58db1681787cffe06227be99f163657d1697c14a |
/data/user/0/com.taotaosheng.optimize.picasso/databases/bugly_db_legu-journal
| MD5 | 1081875d5c157882c7b9ae002b555927 |
| SHA1 | 89c064e5c66a82b78b9e96f2045b3323c0974a67 |
| SHA256 | afa785212e9b1b6edc00a41b31079734aedbfcc951954760ccca4142b65149ed |
| SHA512 | d37b14fa31169ac2feee9716260f8ee05013894826f8a22485c964a0523b74243f1fbc602e7ca12b2f0f3c3bb9d617ffe90c5fd73aae81bf4de3b78b1bb4dea4 |
/data/user/0/com.taotaosheng.optimize.picasso/databases/bugly_db_legu-journal
| MD5 | 44bc3fea43c0e424b47494f79a937164 |
| SHA1 | f21d888cfc032f92efe38c05b9fc4e1da019c337 |
| SHA256 | b56b35d0e1d86d19174036017f44612e0c75ad7b81f54b75c82c1841a69865cd |
| SHA512 | 9fb180c952db51e5df0fcdadd3f8c3ee668a4f518a8b9a82b7471f4b7baed5b33bb9ed7bfb857451fe3347d90ab95e85509d64458629380adfe9409efd2b47a7 |
/data/user/0/com.taotaosheng.optimize.picasso/app_bugly/tomb_1718257258376.txt
| MD5 | bd0f8f8f3ad93fa07623422ec6e72003 |
| SHA1 | c3589295e7a4ddcf35bcd7a2c13bfd381783821a |
| SHA256 | 7fe875398dea7537a57a77c5275cbc8647aaf63ab6fd9148443b65df2e1d0647 |
| SHA512 | 2ec3e073321262b667afbf98fe4e9f51e4c0c58baaad506b120239031f10699d699b94470bef13007bd6199df3d3b03f1eaf147c0cba5178aee7e267072b1c0b |