Malware Analysis Report

2024-09-09 17:48

Sample ID 240613-m8rcnswdlg
Target a53821a8528f0621598254304cbe8590_JaffaCakes118
SHA256 badb8c11aa10e797bbcc5fec4f87867ba28a163f774271e0ef0d34c7097c0c5b
Tags
evasion impact
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

badb8c11aa10e797bbcc5fec4f87867ba28a163f774271e0ef0d34c7097c0c5b

Threat Level: Shows suspicious behavior

The file a53821a8528f0621598254304cbe8590_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

evasion impact

Launchs application installer.

Requests dangerous framework permissions

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 11:08

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 11:08

Reported

2024-06-13 11:11

Platform

android-x86-arm-20240611.1-en

Max time kernel

179s

Max time network

160s

Command Line

catch_.me_.if_.you_.can_

Signatures

Launchs application installer.

evasion
Description Indicator Process Target
Intent action android.intent.action.INSTALL_PACKAGE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

catch_.me_.if_.you_.can_

chmod 0755 /storage/emulated/legacy/Android/data/catch_.me_.if_.you_.can_/cache/temp.apk

su

chmod 0755 /storage/emulated/0/Android/data/catch_.me_.if_.you_.can_/cache/temp.apk

su

su

su

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.201.110:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp

Files

/data/data/catch_.me_.if_.you_.can_/files/GG-KdRh/version.gg

MD5 daecf755df5b1d637033bb29b319c39a
SHA1 885aba7b4535633430e023f582f2c13c5f34851d
SHA256 c1e3e8cd31833bed4df0ec7381cb09d9d7a98271929974a773611311789392e3
SHA512 ed3573e7cf189bfd70ba38d029194a2b2af2aef4264056c34b87bf07468e33618826ee43d4bfb55735239e0cb27e35e3ac6e00bcf820027fbfb48c9182ef949b

/data/data/catch_.me_.if_.you_.can_/files/temp.apk

MD5 8bb0c362ec1ae7c789464ccd058ebb22
SHA1 15f6d0e27a8dd9af089eda2234b4665e97228b40
SHA256 224f1e73a3ba92a2d768dc2fecb56a1d2f720248ee90b071170b107ae6f09ec1
SHA512 ad4c5af2a522e032f26491b75fac7ca07c6fca771563bb2a3ab0dc8db94accb77cbc77bbbb96d5fbc09d2440272c25e0928a06719b23adcd0b3ab72786055fa2

/data/data/catch_.me_.if_.you_.can_/files/resources.arsc

MD5 64c8829b6ac1e192bd629b35ed39d688
SHA1 ea05ae5f27c1dbc6717a97ba8fc1364a9283b0f6
SHA256 c3d5026f305c9dcf7f59d67942b5a7fee280f0a398fcd6d42fa029252cc23cf5
SHA512 098b8a57f1e7112080dcc06b9cd8bc747a76f9507a2ce141d650351aa31cd2450cbf2de2eacfd8d75faaea77eed44996e545c9d82ad739fb1451db2e10273f55

/data/data/catch_.me_.if_.you_.can_/files/classes.dex

MD5 b43f7e911fb406dd8101db8737fe7176
SHA1 549a78b57e504888377b4d0fe1b3d99416705c4d
SHA256 5efd8eb011d26123d8e32b4b9ddf629dd939005e3485cb2889325b0cb164507e
SHA512 b8748d771b3aa4701ef9a2da8eef243ec59374d0d5a3e9a5ae8dd9545d10168d5a0f1109f5f99c7254d139f0565ebdf6036d96711ae0c987debd55d0d03fbc86

/storage/emulated/0/Android/data/catch_.me_.if_.you_.can_/cache/temp.apk

MD5 ba442ec931787aab7951badaa09d19f2
SHA1 1e6f163f7704f87b3049f1e8dd076c0f9d8cd65e
SHA256 7bd1ff71170baaaab19e68a603f624a36dd35167b03ebbfc35a6352cf2bb360d
SHA512 491b6d3eec645e91660a4ea6629ea5ab6d50d33840e24078aedeaee336a717dfe2db197e7dc93e4eda56688bd5dacf52dc8eace28c6c2f4b74dee368f5f729e4

/storage/emulated/0/Android/data/catch_.me_.if_.you_.can_/cache/temp.apk

MD5 bd4ec513222aa4b4d51e04d3f49248a4
SHA1 413e082c9533724b6fae90f4aa2f3ca02254e4d7
SHA256 dae6c576979b466d2ae3f039a1bdda2321180b53a879ff2f37e72987f06a8470
SHA512 da5f8120f818f0310df757a7da2d4a08ca009c6555df68684f712c538c2082e532a7a7a529b8983da4f6b831a27e2bacd22eaf7079befb88803d3ca5a45a8f02

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 11:08

Reported

2024-06-13 11:11

Platform

android-x64-20240611.1-en

Max time kernel

88s

Max time network

149s

Command Line

catch_.me_.if_.you_.can_

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

catch_.me_.if_.you_.can_

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.40:443 ssl.google-analytics.com tcp
GB 142.250.179.234:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
GB 142.250.200.14:443 tcp
GB 172.217.169.66:443 tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp
GB 216.58.204.78:443 tcp

Files

/data/data/catch_.me_.if_.you_.can_/files/GG-J1Pt/version.gg

MD5 daecf755df5b1d637033bb29b319c39a
SHA1 885aba7b4535633430e023f582f2c13c5f34851d
SHA256 c1e3e8cd31833bed4df0ec7381cb09d9d7a98271929974a773611311789392e3
SHA512 ed3573e7cf189bfd70ba38d029194a2b2af2aef4264056c34b87bf07468e33618826ee43d4bfb55735239e0cb27e35e3ac6e00bcf820027fbfb48c9182ef949b

/data/data/catch_.me_.if_.you_.can_/files/temp.apk

MD5 8bb0c362ec1ae7c789464ccd058ebb22
SHA1 15f6d0e27a8dd9af089eda2234b4665e97228b40
SHA256 224f1e73a3ba92a2d768dc2fecb56a1d2f720248ee90b071170b107ae6f09ec1
SHA512 ad4c5af2a522e032f26491b75fac7ca07c6fca771563bb2a3ab0dc8db94accb77cbc77bbbb96d5fbc09d2440272c25e0928a06719b23adcd0b3ab72786055fa2

/data/data/catch_.me_.if_.you_.can_/files/resources.arsc

MD5 b94c08aa2ff367bad87b9f2bb932c045
SHA1 cbe25567e8b6160d4bdc6103cf1dc6ec2edfef6f
SHA256 bf7f6dafefd56470b678ddc525781a5f9f61fb220d3fe2cc6c4f087a1f61f1d1
SHA512 149b1c3cfb9e04a2efbc9b6ad0dabeeab7430eece830a1055b7fba0444e99d43641f7f8ce1124d7af522320d678d532197696882074c19996f0e1b32c8cf8710

/data/data/catch_.me_.if_.you_.can_/files/classes.dex

MD5 baf0cac67eaa55c4b8fbf58351afd00d
SHA1 afd596623ffdee998685c770a308d6e692bab2b0
SHA256 62ea041fa4695773b54039dab38282c1d3f9c3def5965d80eff6853ca8f8926d
SHA512 719ca2189eea3745c4e4f117e24ee1fbf5c279f35409940cea64b65c6c37002edbd1de911127f0d0f9565a9e1ddf64fc545c8a4f25e5d29c174cd6142bebecc8

/storage/emulated/0/Android/data/catch_.me_.if_.you_.can_/cache/temp.apk

MD5 91551e8032f4a037884b103d533069b7
SHA1 0049839ff2be04a11b03e224b4066b808e23cdd5
SHA256 e85e7a1e02f923cbc8547b156822f12a1806575acfe8851b1c1a8dc757b7f3ce
SHA512 01c09a0a4d787c8689ffa224d0e2029db102162646cb0b65172901411168bbc80f5e485bc852450c8c2b5a113ead73a4583e2e6d3e271d6157369a045f96810f

/storage/emulated/0/Android/data/catch_.me_.if_.you_.can_/cache/temp.apk

MD5 e05674b71d6634a8453c8ac17b9e9a40
SHA1 09bef0c7637ede96e2774e538bc64c37891fe1e1
SHA256 5ee0286bf53acd469a3663c7309103f6356674dc2c1740b5ccbb6fc6b80cf719
SHA512 cfddd36dfe8683ea628a1af0fda70c260685efa589bdaf69fe33bf9f222583bd4dee3f293e4fb99de7828d974104e6e932756056ce7dee64f3d75efa5cf3e8ed

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-13 11:08

Reported

2024-06-13 11:11

Platform

android-x64-arm64-20240611.1-en

Max time kernel

179s

Max time network

132s

Command Line

catch_.me_.if_.you_.can_

Signatures

Launchs application installer.

evasion
Description Indicator Process Target
Intent action android.intent.action.INSTALL_PACKAGE N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

catch_.me_.if_.you_.can_

Network

Country Destination Domain Proto
GB 142.250.187.206:443 tcp
GB 142.250.187.206:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.8:443 ssl.google-analytics.com tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp

Files

/data/user/0/catch_.me_.if_.you_.can_/files/GG-Eln0/version.gg

MD5 daecf755df5b1d637033bb29b319c39a
SHA1 885aba7b4535633430e023f582f2c13c5f34851d
SHA256 c1e3e8cd31833bed4df0ec7381cb09d9d7a98271929974a773611311789392e3
SHA512 ed3573e7cf189bfd70ba38d029194a2b2af2aef4264056c34b87bf07468e33618826ee43d4bfb55735239e0cb27e35e3ac6e00bcf820027fbfb48c9182ef949b

/data/user/0/catch_.me_.if_.you_.can_/files/temp.apk

MD5 8bb0c362ec1ae7c789464ccd058ebb22
SHA1 15f6d0e27a8dd9af089eda2234b4665e97228b40
SHA256 224f1e73a3ba92a2d768dc2fecb56a1d2f720248ee90b071170b107ae6f09ec1
SHA512 ad4c5af2a522e032f26491b75fac7ca07c6fca771563bb2a3ab0dc8db94accb77cbc77bbbb96d5fbc09d2440272c25e0928a06719b23adcd0b3ab72786055fa2

/data/user/0/catch_.me_.if_.you_.can_/files/resources.arsc

MD5 7d000bb6d71db02bd6f478a02813b076
SHA1 e8126d1c015e7dae58289f089be33aa9ea52458f
SHA256 7cd3e31b592653f55a5bc4dfa13bc5ad2987629d93d081212bb78b1f06fc0be0
SHA512 426bd36c4ba75bff95e4b5d5e085eaf2ce29d18336a355bdb2895e4fb066614b2739fddf21aa5e1e98a76a56e12814f9f32844defb085bef789a5f2eed2bcb48

/data/user/0/catch_.me_.if_.you_.can_/files/classes.dex

MD5 db4d95f32ea2c9bc7a6749fa87eae324
SHA1 56b49f02b9a310f80f630506c22669f95c117b1b
SHA256 525d730f567c6579bdc98b7d552e2b2f28f0b84fd4af0f3923f13847ef4e42fd
SHA512 cc6b0de2748c111b76b061b4879da6e5342d2a5cfc9406816babd777a9f634019082034ece6f322dc7e85d31cb42d7107f050ceff27a42a22fe76dcb3251f8cf

/storage/emulated/0/Android/data/catch_.me_.if_.you_.can_/cache/temp.apk (deleted)

MD5 d895e0b1aef28ced3ceca572ad145531
SHA1 8bf6a92d1a77852c56774c1c1189eb27b4a50f1d
SHA256 8aaec18ba78be5a08ffb96633b67ea4630cde6711eda4a0205d318fb24d895e4
SHA512 fe2d3d7ad80f25cc83b3545cde4efa78d6c738377286daa9c27e730095a4721e40fdec672dbfd23b1e83bf2a318ff2264dcbd3f8472f3e3d28e103d4c67b659f

/storage/emulated/0/Android/data/catch_.me_.if_.you_.can_/cache/temp.apk

MD5 9a742ff3a201f098d87d92f7dc71f4ce
SHA1 93b2e89de1207dbafe211ca234a5d0df89f1ca46
SHA256 dcefa8e19c34b5692b72838d29d06873a313cd9e7d9d5a6fc473013ac9c0db63
SHA512 c3989740348a5831c2bbe8dbb79543148c4d41adceac5a4e8f607eb59937544148f08d6c778cb4be5ffd1a285966f46ddf743a211f6d6bb56294689ec4ecd352