Analysis Overview
SHA256
badb8c11aa10e797bbcc5fec4f87867ba28a163f774271e0ef0d34c7097c0c5b
Threat Level: Shows suspicious behavior
The file a53821a8528f0621598254304cbe8590_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Launchs application installer.
Requests dangerous framework permissions
Uses Crypto APIs (Might try to encrypt user data)
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-06-13 11:08
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. | android.permission.SYSTEM_ALERT_WINDOW | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 11:08
Reported
2024-06-13 11:11
Platform
android-x86-arm-20240611.1-en
Max time kernel
179s
Max time network
160s
Command Line
Signatures
Launchs application installer.
| Description | Indicator | Process | Target |
| Intent action | android.intent.action.INSTALL_PACKAGE | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. | android.permission.SYSTEM_ALERT_WINDOW | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
catch_.me_.if_.you_.can_
chmod 0755 /storage/emulated/legacy/Android/data/catch_.me_.if_.you_.can_/cache/temp.apk
su
chmod 0755 /storage/emulated/0/Android/data/catch_.me_.if_.you_.can_/cache/temp.apk
su
su
su
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.201.110:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.238:443 | android.apis.google.com | tcp |
Files
/data/data/catch_.me_.if_.you_.can_/files/GG-KdRh/version.gg
| MD5 | daecf755df5b1d637033bb29b319c39a |
| SHA1 | 885aba7b4535633430e023f582f2c13c5f34851d |
| SHA256 | c1e3e8cd31833bed4df0ec7381cb09d9d7a98271929974a773611311789392e3 |
| SHA512 | ed3573e7cf189bfd70ba38d029194a2b2af2aef4264056c34b87bf07468e33618826ee43d4bfb55735239e0cb27e35e3ac6e00bcf820027fbfb48c9182ef949b |
/data/data/catch_.me_.if_.you_.can_/files/temp.apk
| MD5 | 8bb0c362ec1ae7c789464ccd058ebb22 |
| SHA1 | 15f6d0e27a8dd9af089eda2234b4665e97228b40 |
| SHA256 | 224f1e73a3ba92a2d768dc2fecb56a1d2f720248ee90b071170b107ae6f09ec1 |
| SHA512 | ad4c5af2a522e032f26491b75fac7ca07c6fca771563bb2a3ab0dc8db94accb77cbc77bbbb96d5fbc09d2440272c25e0928a06719b23adcd0b3ab72786055fa2 |
/data/data/catch_.me_.if_.you_.can_/files/resources.arsc
| MD5 | 64c8829b6ac1e192bd629b35ed39d688 |
| SHA1 | ea05ae5f27c1dbc6717a97ba8fc1364a9283b0f6 |
| SHA256 | c3d5026f305c9dcf7f59d67942b5a7fee280f0a398fcd6d42fa029252cc23cf5 |
| SHA512 | 098b8a57f1e7112080dcc06b9cd8bc747a76f9507a2ce141d650351aa31cd2450cbf2de2eacfd8d75faaea77eed44996e545c9d82ad739fb1451db2e10273f55 |
/data/data/catch_.me_.if_.you_.can_/files/classes.dex
| MD5 | b43f7e911fb406dd8101db8737fe7176 |
| SHA1 | 549a78b57e504888377b4d0fe1b3d99416705c4d |
| SHA256 | 5efd8eb011d26123d8e32b4b9ddf629dd939005e3485cb2889325b0cb164507e |
| SHA512 | b8748d771b3aa4701ef9a2da8eef243ec59374d0d5a3e9a5ae8dd9545d10168d5a0f1109f5f99c7254d139f0565ebdf6036d96711ae0c987debd55d0d03fbc86 |
/storage/emulated/0/Android/data/catch_.me_.if_.you_.can_/cache/temp.apk
| MD5 | ba442ec931787aab7951badaa09d19f2 |
| SHA1 | 1e6f163f7704f87b3049f1e8dd076c0f9d8cd65e |
| SHA256 | 7bd1ff71170baaaab19e68a603f624a36dd35167b03ebbfc35a6352cf2bb360d |
| SHA512 | 491b6d3eec645e91660a4ea6629ea5ab6d50d33840e24078aedeaee336a717dfe2db197e7dc93e4eda56688bd5dacf52dc8eace28c6c2f4b74dee368f5f729e4 |
/storage/emulated/0/Android/data/catch_.me_.if_.you_.can_/cache/temp.apk
| MD5 | bd4ec513222aa4b4d51e04d3f49248a4 |
| SHA1 | 413e082c9533724b6fae90f4aa2f3ca02254e4d7 |
| SHA256 | dae6c576979b466d2ae3f039a1bdda2321180b53a879ff2f37e72987f06a8470 |
| SHA512 | da5f8120f818f0310df757a7da2d4a08ca009c6555df68684f712c538c2082e532a7a7a529b8983da4f6b831a27e2bacd22eaf7079befb88803d3ca5a45a8f02 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 11:08
Reported
2024-06-13 11:11
Platform
android-x64-20240611.1-en
Max time kernel
88s
Max time network
149s
Command Line
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. | android.permission.SYSTEM_ALERT_WINDOW | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
catch_.me_.if_.you_.can_
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.200.40:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.179.234:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.238:443 | android.apis.google.com | tcp |
| GB | 142.250.200.14:443 | tcp | |
| GB | 172.217.169.66:443 | tcp | |
| GB | 216.58.201.100:443 | tcp | |
| GB | 216.58.201.100:443 | tcp | |
| GB | 216.58.204.78:443 | tcp |
Files
/data/data/catch_.me_.if_.you_.can_/files/GG-J1Pt/version.gg
| MD5 | daecf755df5b1d637033bb29b319c39a |
| SHA1 | 885aba7b4535633430e023f582f2c13c5f34851d |
| SHA256 | c1e3e8cd31833bed4df0ec7381cb09d9d7a98271929974a773611311789392e3 |
| SHA512 | ed3573e7cf189bfd70ba38d029194a2b2af2aef4264056c34b87bf07468e33618826ee43d4bfb55735239e0cb27e35e3ac6e00bcf820027fbfb48c9182ef949b |
/data/data/catch_.me_.if_.you_.can_/files/temp.apk
| MD5 | 8bb0c362ec1ae7c789464ccd058ebb22 |
| SHA1 | 15f6d0e27a8dd9af089eda2234b4665e97228b40 |
| SHA256 | 224f1e73a3ba92a2d768dc2fecb56a1d2f720248ee90b071170b107ae6f09ec1 |
| SHA512 | ad4c5af2a522e032f26491b75fac7ca07c6fca771563bb2a3ab0dc8db94accb77cbc77bbbb96d5fbc09d2440272c25e0928a06719b23adcd0b3ab72786055fa2 |
/data/data/catch_.me_.if_.you_.can_/files/resources.arsc
| MD5 | b94c08aa2ff367bad87b9f2bb932c045 |
| SHA1 | cbe25567e8b6160d4bdc6103cf1dc6ec2edfef6f |
| SHA256 | bf7f6dafefd56470b678ddc525781a5f9f61fb220d3fe2cc6c4f087a1f61f1d1 |
| SHA512 | 149b1c3cfb9e04a2efbc9b6ad0dabeeab7430eece830a1055b7fba0444e99d43641f7f8ce1124d7af522320d678d532197696882074c19996f0e1b32c8cf8710 |
/data/data/catch_.me_.if_.you_.can_/files/classes.dex
| MD5 | baf0cac67eaa55c4b8fbf58351afd00d |
| SHA1 | afd596623ffdee998685c770a308d6e692bab2b0 |
| SHA256 | 62ea041fa4695773b54039dab38282c1d3f9c3def5965d80eff6853ca8f8926d |
| SHA512 | 719ca2189eea3745c4e4f117e24ee1fbf5c279f35409940cea64b65c6c37002edbd1de911127f0d0f9565a9e1ddf64fc545c8a4f25e5d29c174cd6142bebecc8 |
/storage/emulated/0/Android/data/catch_.me_.if_.you_.can_/cache/temp.apk
| MD5 | 91551e8032f4a037884b103d533069b7 |
| SHA1 | 0049839ff2be04a11b03e224b4066b808e23cdd5 |
| SHA256 | e85e7a1e02f923cbc8547b156822f12a1806575acfe8851b1c1a8dc757b7f3ce |
| SHA512 | 01c09a0a4d787c8689ffa224d0e2029db102162646cb0b65172901411168bbc80f5e485bc852450c8c2b5a113ead73a4583e2e6d3e271d6157369a045f96810f |
/storage/emulated/0/Android/data/catch_.me_.if_.you_.can_/cache/temp.apk
| MD5 | e05674b71d6634a8453c8ac17b9e9a40 |
| SHA1 | 09bef0c7637ede96e2774e538bc64c37891fe1e1 |
| SHA256 | 5ee0286bf53acd469a3663c7309103f6356674dc2c1740b5ccbb6fc6b80cf719 |
| SHA512 | cfddd36dfe8683ea628a1af0fda70c260685efa589bdaf69fe33bf9f222583bd4dee3f293e4fb99de7828d974104e6e932756056ce7dee64f3d75efa5cf3e8ed |
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-13 11:08
Reported
2024-06-13 11:11
Platform
android-x64-arm64-20240611.1-en
Max time kernel
179s
Max time network
132s
Command Line
Signatures
Launchs application installer.
| Description | Indicator | Process | Target |
| Intent action | android.intent.action.INSTALL_PACKAGE | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
catch_.me_.if_.you_.can_
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.187.206:443 | tcp | |
| GB | 142.250.187.206:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.200.8:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.179.228:443 | tcp | |
| GB | 142.250.179.228:443 | tcp |
Files
/data/user/0/catch_.me_.if_.you_.can_/files/GG-Eln0/version.gg
| MD5 | daecf755df5b1d637033bb29b319c39a |
| SHA1 | 885aba7b4535633430e023f582f2c13c5f34851d |
| SHA256 | c1e3e8cd31833bed4df0ec7381cb09d9d7a98271929974a773611311789392e3 |
| SHA512 | ed3573e7cf189bfd70ba38d029194a2b2af2aef4264056c34b87bf07468e33618826ee43d4bfb55735239e0cb27e35e3ac6e00bcf820027fbfb48c9182ef949b |
/data/user/0/catch_.me_.if_.you_.can_/files/temp.apk
| MD5 | 8bb0c362ec1ae7c789464ccd058ebb22 |
| SHA1 | 15f6d0e27a8dd9af089eda2234b4665e97228b40 |
| SHA256 | 224f1e73a3ba92a2d768dc2fecb56a1d2f720248ee90b071170b107ae6f09ec1 |
| SHA512 | ad4c5af2a522e032f26491b75fac7ca07c6fca771563bb2a3ab0dc8db94accb77cbc77bbbb96d5fbc09d2440272c25e0928a06719b23adcd0b3ab72786055fa2 |
/data/user/0/catch_.me_.if_.you_.can_/files/resources.arsc
| MD5 | 7d000bb6d71db02bd6f478a02813b076 |
| SHA1 | e8126d1c015e7dae58289f089be33aa9ea52458f |
| SHA256 | 7cd3e31b592653f55a5bc4dfa13bc5ad2987629d93d081212bb78b1f06fc0be0 |
| SHA512 | 426bd36c4ba75bff95e4b5d5e085eaf2ce29d18336a355bdb2895e4fb066614b2739fddf21aa5e1e98a76a56e12814f9f32844defb085bef789a5f2eed2bcb48 |
/data/user/0/catch_.me_.if_.you_.can_/files/classes.dex
| MD5 | db4d95f32ea2c9bc7a6749fa87eae324 |
| SHA1 | 56b49f02b9a310f80f630506c22669f95c117b1b |
| SHA256 | 525d730f567c6579bdc98b7d552e2b2f28f0b84fd4af0f3923f13847ef4e42fd |
| SHA512 | cc6b0de2748c111b76b061b4879da6e5342d2a5cfc9406816babd777a9f634019082034ece6f322dc7e85d31cb42d7107f050ceff27a42a22fe76dcb3251f8cf |
/storage/emulated/0/Android/data/catch_.me_.if_.you_.can_/cache/temp.apk (deleted)
| MD5 | d895e0b1aef28ced3ceca572ad145531 |
| SHA1 | 8bf6a92d1a77852c56774c1c1189eb27b4a50f1d |
| SHA256 | 8aaec18ba78be5a08ffb96633b67ea4630cde6711eda4a0205d318fb24d895e4 |
| SHA512 | fe2d3d7ad80f25cc83b3545cde4efa78d6c738377286daa9c27e730095a4721e40fdec672dbfd23b1e83bf2a318ff2264dcbd3f8472f3e3d28e103d4c67b659f |
/storage/emulated/0/Android/data/catch_.me_.if_.you_.can_/cache/temp.apk
| MD5 | 9a742ff3a201f098d87d92f7dc71f4ce |
| SHA1 | 93b2e89de1207dbafe211ca234a5d0df89f1ca46 |
| SHA256 | dcefa8e19c34b5692b72838d29d06873a313cd9e7d9d5a6fc473013ac9c0db63 |
| SHA512 | c3989740348a5831c2bbe8dbb79543148c4d41adceac5a4e8f607eb59937544148f08d6c778cb4be5ffd1a285966f46ddf743a211f6d6bb56294689ec4ecd352 |