Analysis Overview
SHA256
53b423aa466e17b62a66fcdfb203f2b1f6a3bf8b322d7def2e008b7ab7655867
Threat Level: Shows suspicious behavior
The file a4d323b79a9021f55934c288a4a5d5cd_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Requests dangerous framework permissions
Queries information about active data network
Uses Crypto APIs (Might try to encrypt user data)
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-06-13 09:21
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Required to be able to access the camera device. | android.permission.CAMERA | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. | android.permission.SYSTEM_ALERT_WINDOW | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 09:21
Reported
2024-06-13 09:25
Platform
android-x86-arm-20240611.1-en
Max time kernel
2s
Max time network
131s
Command Line
Signatures
Processes
com.kuaiyou.xiaoxinyl
Network
| Country | Destination | Domain | Proto |
| GB | 172.217.169.74:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 09:21
Reported
2024-06-13 09:22
Platform
android-x86-arm-20240611.1-en
Max time network
4s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-13 09:21
Reported
2024-06-13 09:22
Platform
android-x64-20240611.1-en
Max time network
5s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral4
Detonation Overview
Submitted
2024-06-13 09:21
Reported
2024-06-13 09:22
Platform
android-x64-arm64-20240611.1-en
Max time network
7s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.187.206:443 | tcp | |
| GB | 142.250.187.206:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-06-13 09:21
Reported
2024-06-13 09:25
Platform
android-x86-arm-20240611.1-en
Max time kernel
39s
Max time network
151s
Command Line
Signatures
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
com.xinkuai.videoplayer
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.180.14:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | videocloud.cn-hangzhou.log.aliyuncs.com | udp |
| CN | 121.199.107.25:443 | videocloud.cn-hangzhou.log.aliyuncs.com | tcp |
| US | 1.1.1.1:53 | l-auth.qupaicloud.com | udp |
| CN | 101.37.135.21:443 | l-auth.qupaicloud.com | tcp |
| CN | 101.37.135.21:443 | l-auth.qupaicloud.com | tcp |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.46:443 | android.apis.google.com | tcp |
| CN | 121.43.10.93:443 | videocloud.cn-hangzhou.log.aliyuncs.com | tcp |
| US | 1.1.1.1:53 | report-api.qupaicloud.com | udp |
| CN | 116.62.89.154:443 | report-api.qupaicloud.com | tcp |
| CN | 116.62.89.154:443 | report-api.qupaicloud.com | tcp |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| GB | 142.250.187.234:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 142.250.187.234:443 | semanticlocation-pa.googleapis.com | tcp |
Files
/storage/emulated/0/Android/data/com.xinkuai.videoplayer/cache/.license
| MD5 | 56fa4b5ffe5a2a6dbcee913fd0a3df36 |
| SHA1 | fdae4229e23232c9a1351311123a0d363e9c854f |
| SHA256 | cb96fb16ecc4c2dab2b52222a372b4182927006150413d99bf21afe0b53697eb |
| SHA512 | b99b8f80b44c8ddb1df16168552925b49bfc4f42993f29b8055bd002d7a050d9a419aaa20bd03d3b38c74df437625f5828daafe5c3e3f59f645a87b3c1f62c28 |
/storage/emulated/0/Android/data/com.xinkuai.videoplayer/cache/.license
| MD5 | 1cbc42338c6ece834aba72025ee85bef |
| SHA1 | 70a00c3b0ee26a76e8e50f2ea8f279977d3dd7ec |
| SHA256 | 3abf2d3bb32d8bf55e3cdd7bf68f9ab0132070ea3a4ed9cf16f5a4a49e0fa7d8 |
| SHA512 | 98302ded309ee4601d51a69873b565a57c964b3dc0044adc8b61d3892956026a2d56a199c9a8fd4204538c02dd83a57e42e9b5ea7ff742f33d6d2f415da4381a |