Malware Analysis Report

2024-09-09 17:50

Sample ID 240613-gpc32swgmf
Target a41874ee4e52c7b2c0549b727a0a8c67_JaffaCakes118
SHA256 249476baa3055e6eacaf200557d3e856c8d3224c62757ef4525c51c74b93b1ba
Tags
discovery evasion impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

249476baa3055e6eacaf200557d3e856c8d3224c62757ef4525c51c74b93b1ba

Threat Level: Likely malicious

The file a41874ee4e52c7b2c0549b727a0a8c67_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

discovery evasion impact persistence

Checks if the Android device is rooted.

Checks Android system properties for emulator presence.

Loads dropped Dex/Jar

Queries information about running processes on the device

Queries the mobile country code (MCC)

Requests dangerous framework permissions

Queries information about active data network

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

Checks CPU information

Checks memory information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 05:58

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 05:58

Reported

2024-06-13 06:01

Platform

android-x86-arm-20240611.1-en

Max time kernel

179s

Max time network

136s

Command Line

com.raongames.stickmanandgun2

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A

Checks Android system properties for emulator presence.

evasion
Description Indicator Process Target
Accessed system property key: ro.product.model N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.raongames.stickmanandgun2/cache/1582435991586.jar N/A N/A
N/A /data/user/0/com.raongames.stickmanandgun2/cache/1582435991586.jar N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.raongames.stickmanandgun2

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.raongames.stickmanandgun2/cache/1582435991586.jar --output-vdex-fd=84 --oat-fd=88 --oat-location=/data/user/0/com.raongames.stickmanandgun2/cache/oat/x86/1582435991586.odex --compiler-filter=quicken --class-loader-context=&

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 stats.unity3d.com udp
US 1.1.1.1:53 impact.applifier.com udp
US 1.1.1.1:53 googleads.g.doubleclick.net udp
GB 142.250.180.2:443 googleads.g.doubleclick.net tcp
US 130.211.33.175:443 impact.applifier.com tcp
GB 142.250.180.2:443 googleads.g.doubleclick.net tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
GB 142.250.180.2:443 googleads.g.doubleclick.net tcp
US 1.1.1.1:53 config.uca.cloud.unity3d.com udp
US 34.111.113.40:443 config.uca.cloud.unity3d.com tcp
US 1.1.1.1:53 graph.facebook.com udp
GB 157.240.214.1:443 graph.facebook.com tcp
US 1.1.1.1:53 api.uca.cloud.unity3d.com udp
US 34.107.172.168:443 api.uca.cloud.unity3d.com tcp
GB 172.217.169.10:443 tcp

Files

/data/data/com.raongames.stickmanandgun2/cache/1582435991586.jar

MD5 e8e0527a01aefdb89afd2c508f131da1
SHA1 f1103e6b260c657ceb3d95f1b023af3fda8b133a
SHA256 f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce
SHA512 fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34

/data/user/0/com.raongames.stickmanandgun2/cache/1582435991586.jar

MD5 fde2ee00cbd121cfab5290b078aa3ceb
SHA1 e2b77d5320e155e413d040a8c20020962065b2f8
SHA256 2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685
SHA512 a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56

/data/user/0/com.raongames.stickmanandgun2/cache/1582435991586.jar

MD5 2048eb6124a452540ee51dae4145aadf
SHA1 d05005b2cd7fe4cd652b0d7fd1bdac2c19d51451
SHA256 105c54b6fe3f25350e92187467761598e4c21d62b1091b77d091f65f3bd98864
SHA512 bb6cb3853dd2a5d0701e20607d4e153ae201268dd2e5e2d06cc2df208b3b4dc50132a4ab428251b1644d2399fcc717662438d082ff14203387bab8794109d44d

/storage/emulated/0/Android/data/com.raongames.stickmanandgun2/files/Unity/0f7d0542-4312-488f-acc6-48f76684f303/Cloud/Analytics/values

MD5 24804a4a2c37406047146ca4639de337
SHA1 55ed33da11bb9dacfa26c740cfdfac0cbcd416c3
SHA256 0a67eebbc169317acdc75c2b36ac7a5d08c71dd37665c2f11d827e75cf08772b
SHA512 efc65949ff9e0cfa7b3de4c0b9e7705197481c329bbb79ef25bf311a5fe4b4e50a7d289510463674dd48d9dfacd5c23765112e72c430cd196cbd5e1c5ffb4c98

/storage/emulated/0/Android/data/com.raongames.stickmanandgun2/files/Unity/0f7d0542-4312-488f-acc6-48f76684f303/Cloud/Analytics/values

MD5 427fa4bbd732b3c931bef15c8286a427
SHA1 1c50516fff70b51cb52e44c0c835691f3a0f24de
SHA256 eb0e95f4a0eeee9481cdcbce074c7707ef3753ae44e857e738e677a39a022a3c
SHA512 c0157088a233311d888b78d52de061b77f6a7849b63fab916db65f06c6c92bdd6000ae956534cef010e5347075431f1c4b74aa5ad4bec3c1696b7480b29d50f0

/storage/emulated/0/Android/data/com.raongames.stickmanandgun2/files/Unity/0f7d0542-4312-488f-acc6-48f76684f303/Cloud/Analytics/values

MD5 6e484f43a7f73e61caa9eb7eb46c3eed
SHA1 34038f8425cc1f2103e3d99149aff5027802a8ee
SHA256 4f1e91181aa0b75d100fa79870a14761454b37477cd28e2ad38aec36e211aaf3
SHA512 33783a3647325ddd71fb6f66b768dc21014571868dae751a6d50ad377b2b57a295b06e8b48b0573c5b9c49b96d7af1758ab32a4586e34620168cc0a427623cba

/storage/emulated/0/Android/data/com.raongames.stickmanandgun2/files/Unity/0f7d0542-4312-488f-acc6-48f76684f303/Cloud/Analytics/1718258345578/s1718258345578

MD5 dbe2bcf29bfe3da00f0d04ac44ff6c42
SHA1 37a2e7edcd12c52c7baa27c72ddc45b82298964a
SHA256 d573e1f832b154d315e6090d1f29e09ae48775dbb1651664a67609d3e9be028b
SHA512 48f0902409f0885102e8b4df2579288cee4d56b57515ddb636ed9cf8c9a638612e4777c999865cb222b2c65b451f78caba8e9a090c67a43ed855a67aa7cc07e0

/storage/emulated/0/Android/data/com.raongames.stickmanandgun2/files/Unity/0f7d0542-4312-488f-acc6-48f76684f303/Cloud/Analytics/1718258345578/e1718258345578

MD5 dbdb3437752fe8cef32f832fe2cf8f4d
SHA1 71d6707c26ef7cd18240904432f3d460df5474b5
SHA256 5d83c1854b6938a342acbf3853f8126f9f36d2fa6c7ef19e97d4c7bf94fdf465
SHA512 b07e15ebb2adf20a782765a1cad871edd0d906443e9c61997b7aa7c30bb3fcfb0f85244632d2a93e24277bd4d2038fd088a12b3dcb1860213c75ee9e32b50f27

/storage/emulated/0/Android/data/com.raongames.stickmanandgun2/files/Unity/0f7d0542-4312-488f-acc6-48f76684f303/Cloud/Analytics/values

MD5 05fb6cf15665a9a127faa9d0c6f64a81
SHA1 08be4951b4676915d641651e1e2653f59f0d1d55
SHA256 62342769f8c28d01a3c875e58469dff484255e79aed4eb8a042bcd9fb3ab49ed
SHA512 c6b8d9aa3c35b36b8e30ba6dd7035fba537769edd84f6f1c556b24d877742c25dfc971b38530a1c7d412065a3fffe93f37978c7a6473a1fdc8f18c9f03aef285

/storage/emulated/0/Android/data/com.raongames.stickmanandgun2/files/Unity/0f7d0542-4312-488f-acc6-48f76684f303/Cloud/Analytics/1718258345578/e1718258345578

MD5 3d9482605c05ba39d672d7f7b7340fbb
SHA1 e7720bafc07a66de179c15daa528c622f7cc4522
SHA256 613ffc9814f0527f3b965d9f8583d9c383c01084976f42f252e6d529d9a33ee4
SHA512 3434c1fc746863f7143a57c9121af079b56adc9753558b4b100dcd94a78c9ab43f616508a8cd68a5cae42a416824eb5e9107415e8d030d4298852e6bce874fd7

/storage/emulated/0/Android/data/com.raongames.stickmanandgun2/files/Unity/0f7d0542-4312-488f-acc6-48f76684f303/Cloud/Analytics/values

MD5 639f405f6a0a4b3100c3f2350f898746
SHA1 fbe0a4739d3a3e10152940500b17bb918b29e2af
SHA256 f94ca8b3211d6dcee0cc3f08ba0711f1742409ddafdc2b14dbe24a7250eded9f
SHA512 e67b1ba5034ef84c8cb6d08f3c1030ff1c06220775a01754c348c0e4f675e9e731e5e2f57febd09fb3d45e899aca644d2115da9575b52d068090a91a76c4bd8c

/storage/emulated/0/Android/data/com.raongames.stickmanandgun2/files/Unity/0f7d0542-4312-488f-acc6-48f76684f303/Cloud/Analytics/config

MD5 8673a8ac0b06a9d056d08d62f857ba4b
SHA1 a351bea1932270bafbe468584058fef20dcfc31e
SHA256 83b3f90c4edf1f122c8faf9784ca0aee4dd017c65493ac181c1814211703db96
SHA512 edf28eb7fcef654f139285d308f817ee230d6f064a4c865109d6dfe6f73c11f8f35737c8159c8a302118237ab980899ba5773f547cc9da4028643a53b08e324f

/storage/emulated/0/Android/data/com.raongames.stickmanandgun2/files/Unity/0f7d0542-4312-488f-acc6-48f76684f303/Cloud/Analytics/values

MD5 b82b5f61dd52bc9b42604a5f1fc9cb38
SHA1 19ae8265d54987a173c5abc2aacc6d0dc9827fe1
SHA256 e2e3f92cb3cf1f5264b3ade1445bede39670b624541bde01d4c5f384d4200756
SHA512 b76f05e133f647cea2c81524ac0777745c5ae9845bfba2977154c722c6e81b989989af44342b84537a96a3b84b41073b56a0be7a8da1755540b453a843b53d4e

/data/data/com.raongames.stickmanandgun2/files/AppEventsLogger.persistedsessioninfo

MD5 a1b31decff59a5439febb824830e90f4
SHA1 d197ed1759d30c359855161737b2dc195e420bac
SHA256 9e87de9247beb57bf4fb42519cad18c015cf9ff2a261103e62f619e88b0d9702
SHA512 0161e2543e3f02bd3ebe74d15ee68cc30a89aad6a43e50a40e43295ef2f993b7c65022af148a6d62476842e9c9bc7f58a8efd7db743276d296a93e4a139c481f