Analysis Overview
SHA256
249476baa3055e6eacaf200557d3e856c8d3224c62757ef4525c51c74b93b1ba
Threat Level: Likely malicious
The file a41874ee4e52c7b2c0549b727a0a8c67_JaffaCakes118 was found to be: Likely malicious.
Malicious Activity Summary
Checks if the Android device is rooted.
Checks Android system properties for emulator presence.
Loads dropped Dex/Jar
Queries information about running processes on the device
Queries the mobile country code (MCC)
Requests dangerous framework permissions
Queries information about active data network
Registers a broadcast receiver at runtime (usually for listening for system events)
Uses Crypto APIs (Might try to encrypt user data)
Checks CPU information
Checks memory information
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-06-13 05:58
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows access to the list of accounts in the Accounts Service. | android.permission.GET_ACCOUNTS | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 05:58
Reported
2024-06-13 06:01
Platform
android-x86-arm-20240611.1-en
Max time kernel
179s
Max time network
136s
Command Line
Signatures
Checks if the Android device is rooted.
| Description | Indicator | Process | Target |
| N/A | /system/app/Superuser.apk | N/A | N/A |
Checks Android system properties for emulator presence.
| Description | Indicator | Process | Target |
| Accessed system property | key: ro.product.model | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.raongames.stickmanandgun2/cache/1582435991586.jar | N/A | N/A |
| N/A | /data/user/0/com.raongames.stickmanandgun2/cache/1582435991586.jar | N/A | N/A |
Queries information about running processes on the device
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.raongames.stickmanandgun2
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.raongames.stickmanandgun2/cache/1582435991586.jar --output-vdex-fd=84 --oat-fd=88 --oat-location=/data/user/0/com.raongames.stickmanandgun2/cache/oat/x86/1582435991586.odex --compiler-filter=quicken --class-loader-context=&
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | stats.unity3d.com | udp |
| US | 1.1.1.1:53 | impact.applifier.com | udp |
| US | 1.1.1.1:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.180.2:443 | googleads.g.doubleclick.net | tcp |
| US | 130.211.33.175:443 | impact.applifier.com | tcp |
| GB | 142.250.180.2:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.238:443 | android.apis.google.com | tcp |
| GB | 142.250.180.2:443 | googleads.g.doubleclick.net | tcp |
| US | 1.1.1.1:53 | config.uca.cloud.unity3d.com | udp |
| US | 34.111.113.40:443 | config.uca.cloud.unity3d.com | tcp |
| US | 1.1.1.1:53 | graph.facebook.com | udp |
| GB | 157.240.214.1:443 | graph.facebook.com | tcp |
| US | 1.1.1.1:53 | api.uca.cloud.unity3d.com | udp |
| US | 34.107.172.168:443 | api.uca.cloud.unity3d.com | tcp |
| GB | 172.217.169.10:443 | tcp |
Files
/data/data/com.raongames.stickmanandgun2/cache/1582435991586.jar
| MD5 | e8e0527a01aefdb89afd2c508f131da1 |
| SHA1 | f1103e6b260c657ceb3d95f1b023af3fda8b133a |
| SHA256 | f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce |
| SHA512 | fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34 |
/data/user/0/com.raongames.stickmanandgun2/cache/1582435991586.jar
| MD5 | fde2ee00cbd121cfab5290b078aa3ceb |
| SHA1 | e2b77d5320e155e413d040a8c20020962065b2f8 |
| SHA256 | 2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685 |
| SHA512 | a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56 |
/data/user/0/com.raongames.stickmanandgun2/cache/1582435991586.jar
| MD5 | 2048eb6124a452540ee51dae4145aadf |
| SHA1 | d05005b2cd7fe4cd652b0d7fd1bdac2c19d51451 |
| SHA256 | 105c54b6fe3f25350e92187467761598e4c21d62b1091b77d091f65f3bd98864 |
| SHA512 | bb6cb3853dd2a5d0701e20607d4e153ae201268dd2e5e2d06cc2df208b3b4dc50132a4ab428251b1644d2399fcc717662438d082ff14203387bab8794109d44d |
/storage/emulated/0/Android/data/com.raongames.stickmanandgun2/files/Unity/0f7d0542-4312-488f-acc6-48f76684f303/Cloud/Analytics/values
| MD5 | 24804a4a2c37406047146ca4639de337 |
| SHA1 | 55ed33da11bb9dacfa26c740cfdfac0cbcd416c3 |
| SHA256 | 0a67eebbc169317acdc75c2b36ac7a5d08c71dd37665c2f11d827e75cf08772b |
| SHA512 | efc65949ff9e0cfa7b3de4c0b9e7705197481c329bbb79ef25bf311a5fe4b4e50a7d289510463674dd48d9dfacd5c23765112e72c430cd196cbd5e1c5ffb4c98 |
/storage/emulated/0/Android/data/com.raongames.stickmanandgun2/files/Unity/0f7d0542-4312-488f-acc6-48f76684f303/Cloud/Analytics/values
| MD5 | 427fa4bbd732b3c931bef15c8286a427 |
| SHA1 | 1c50516fff70b51cb52e44c0c835691f3a0f24de |
| SHA256 | eb0e95f4a0eeee9481cdcbce074c7707ef3753ae44e857e738e677a39a022a3c |
| SHA512 | c0157088a233311d888b78d52de061b77f6a7849b63fab916db65f06c6c92bdd6000ae956534cef010e5347075431f1c4b74aa5ad4bec3c1696b7480b29d50f0 |
/storage/emulated/0/Android/data/com.raongames.stickmanandgun2/files/Unity/0f7d0542-4312-488f-acc6-48f76684f303/Cloud/Analytics/values
| MD5 | 6e484f43a7f73e61caa9eb7eb46c3eed |
| SHA1 | 34038f8425cc1f2103e3d99149aff5027802a8ee |
| SHA256 | 4f1e91181aa0b75d100fa79870a14761454b37477cd28e2ad38aec36e211aaf3 |
| SHA512 | 33783a3647325ddd71fb6f66b768dc21014571868dae751a6d50ad377b2b57a295b06e8b48b0573c5b9c49b96d7af1758ab32a4586e34620168cc0a427623cba |
/storage/emulated/0/Android/data/com.raongames.stickmanandgun2/files/Unity/0f7d0542-4312-488f-acc6-48f76684f303/Cloud/Analytics/1718258345578/s1718258345578
| MD5 | dbe2bcf29bfe3da00f0d04ac44ff6c42 |
| SHA1 | 37a2e7edcd12c52c7baa27c72ddc45b82298964a |
| SHA256 | d573e1f832b154d315e6090d1f29e09ae48775dbb1651664a67609d3e9be028b |
| SHA512 | 48f0902409f0885102e8b4df2579288cee4d56b57515ddb636ed9cf8c9a638612e4777c999865cb222b2c65b451f78caba8e9a090c67a43ed855a67aa7cc07e0 |
/storage/emulated/0/Android/data/com.raongames.stickmanandgun2/files/Unity/0f7d0542-4312-488f-acc6-48f76684f303/Cloud/Analytics/1718258345578/e1718258345578
| MD5 | dbdb3437752fe8cef32f832fe2cf8f4d |
| SHA1 | 71d6707c26ef7cd18240904432f3d460df5474b5 |
| SHA256 | 5d83c1854b6938a342acbf3853f8126f9f36d2fa6c7ef19e97d4c7bf94fdf465 |
| SHA512 | b07e15ebb2adf20a782765a1cad871edd0d906443e9c61997b7aa7c30bb3fcfb0f85244632d2a93e24277bd4d2038fd088a12b3dcb1860213c75ee9e32b50f27 |
/storage/emulated/0/Android/data/com.raongames.stickmanandgun2/files/Unity/0f7d0542-4312-488f-acc6-48f76684f303/Cloud/Analytics/values
| MD5 | 05fb6cf15665a9a127faa9d0c6f64a81 |
| SHA1 | 08be4951b4676915d641651e1e2653f59f0d1d55 |
| SHA256 | 62342769f8c28d01a3c875e58469dff484255e79aed4eb8a042bcd9fb3ab49ed |
| SHA512 | c6b8d9aa3c35b36b8e30ba6dd7035fba537769edd84f6f1c556b24d877742c25dfc971b38530a1c7d412065a3fffe93f37978c7a6473a1fdc8f18c9f03aef285 |
/storage/emulated/0/Android/data/com.raongames.stickmanandgun2/files/Unity/0f7d0542-4312-488f-acc6-48f76684f303/Cloud/Analytics/1718258345578/e1718258345578
| MD5 | 3d9482605c05ba39d672d7f7b7340fbb |
| SHA1 | e7720bafc07a66de179c15daa528c622f7cc4522 |
| SHA256 | 613ffc9814f0527f3b965d9f8583d9c383c01084976f42f252e6d529d9a33ee4 |
| SHA512 | 3434c1fc746863f7143a57c9121af079b56adc9753558b4b100dcd94a78c9ab43f616508a8cd68a5cae42a416824eb5e9107415e8d030d4298852e6bce874fd7 |
/storage/emulated/0/Android/data/com.raongames.stickmanandgun2/files/Unity/0f7d0542-4312-488f-acc6-48f76684f303/Cloud/Analytics/values
| MD5 | 639f405f6a0a4b3100c3f2350f898746 |
| SHA1 | fbe0a4739d3a3e10152940500b17bb918b29e2af |
| SHA256 | f94ca8b3211d6dcee0cc3f08ba0711f1742409ddafdc2b14dbe24a7250eded9f |
| SHA512 | e67b1ba5034ef84c8cb6d08f3c1030ff1c06220775a01754c348c0e4f675e9e731e5e2f57febd09fb3d45e899aca644d2115da9575b52d068090a91a76c4bd8c |
/storage/emulated/0/Android/data/com.raongames.stickmanandgun2/files/Unity/0f7d0542-4312-488f-acc6-48f76684f303/Cloud/Analytics/config
| MD5 | 8673a8ac0b06a9d056d08d62f857ba4b |
| SHA1 | a351bea1932270bafbe468584058fef20dcfc31e |
| SHA256 | 83b3f90c4edf1f122c8faf9784ca0aee4dd017c65493ac181c1814211703db96 |
| SHA512 | edf28eb7fcef654f139285d308f817ee230d6f064a4c865109d6dfe6f73c11f8f35737c8159c8a302118237ab980899ba5773f547cc9da4028643a53b08e324f |
/storage/emulated/0/Android/data/com.raongames.stickmanandgun2/files/Unity/0f7d0542-4312-488f-acc6-48f76684f303/Cloud/Analytics/values
| MD5 | b82b5f61dd52bc9b42604a5f1fc9cb38 |
| SHA1 | 19ae8265d54987a173c5abc2aacc6d0dc9827fe1 |
| SHA256 | e2e3f92cb3cf1f5264b3ade1445bede39670b624541bde01d4c5f384d4200756 |
| SHA512 | b76f05e133f647cea2c81524ac0777745c5ae9845bfba2977154c722c6e81b989989af44342b84537a96a3b84b41073b56a0be7a8da1755540b453a843b53d4e |
/data/data/com.raongames.stickmanandgun2/files/AppEventsLogger.persistedsessioninfo
| MD5 | a1b31decff59a5439febb824830e90f4 |
| SHA1 | d197ed1759d30c359855161737b2dc195e420bac |
| SHA256 | 9e87de9247beb57bf4fb42519cad18c015cf9ff2a261103e62f619e88b0d9702 |
| SHA512 | 0161e2543e3f02bd3ebe74d15ee68cc30a89aad6a43e50a40e43295ef2f993b7c65022af148a6d62476842e9c9bc7f58a8efd7db743276d296a93e4a139c481f |