Analysis Overview
SHA256
1105f0b880e6df5119e046d3b379f56dda5d9278e57724176648214dd4c95853
Threat Level: Shows suspicious behavior
The file a568a3b09bef53ecb25a2b70c929d27c_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Declares services with permission to bind to the system
Requests dangerous framework permissions
Queries information about active data network
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-06-13 11:56
Signatures
Declares services with permission to bind to the system
| Description | Indicator | Process | Target |
| Required by remote views services to bind with the system. Allows apps to share and display views across different processes. | android.permission.BIND_REMOTEVIEWS | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 11:56
Reported
2024-06-13 11:59
Platform
android-x86-arm-20240611.1-en
Max time kernel
7s
Max time network
159s
Command Line
Signatures
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Processes
com.samruston.weather
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | geomobileservices-pa.googleapis.com | udp |
| GB | 216.58.204.74:443 | geomobileservices-pa.googleapis.com | tcp |
| GB | 142.250.180.10:443 | geomobileservices-pa.googleapis.com | tcp |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | www.samruston.co.uk | udp |
| DE | 35.156.224.161:80 | www.samruston.co.uk | tcp |
| DE | 35.156.224.161:443 | www.samruston.co.uk | tcp |
| US | 1.1.1.1:53 | samruston.co.uk | udp |
| DE | 3.70.101.28:443 | samruston.co.uk | tcp |
| GB | 216.58.201.110:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |
| GB | 216.58.212.202:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 216.58.212.202:443 | semanticlocation-pa.googleapis.com | tcp |
Files
/data/data/com.samruston.weather/files/places.json
| MD5 | 26a6f3c5c6b5bcd0c182e84147dfd271 |
| SHA1 | dbaa1bfed460eb052f9e0b191bf8f02ba693077c |
| SHA256 | 383eceb5919c6a17db42d4aa6ed3a910b0abd20b52d61e11982e4871e5759217 |
| SHA512 | 3077cda627950ff40e7c0e4caa3051b1d1dff223e94049ea3fb8f9ba691d86284856d037b363e3304d0ee1dc5aa34874da81f751946c4326c8d215f0c0404e15 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 11:56
Reported
2024-06-13 11:59
Platform
android-x64-arm64-20240611.1-en
Max time kernel
7s
Max time network
132s
Command Line
Signatures
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Processes
com.samruston.weather
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.204.78:443 | tcp | |
| GB | 216.58.204.78:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.204.78:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 216.58.204.72:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.178.4:443 | tcp | |
| GB | 142.250.178.4:443 | tcp |
Files
/data/user/0/com.samruston.weather/files/places.json
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |