Analysis Overview
SHA256
a9d096152e30950093856c611c57a80461952ba12992c623a328420a00c234df
Threat Level: Shows suspicious behavior
The file a56ee60631964e11dea6cb92da087f6b_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Acquires the wake lock
Queries information about active data network
Queries information about the current Wi-Fi connection
Requests dangerous framework permissions
Uses Crypto APIs (Might try to encrypt user data)
Checks CPU information
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-06-13 12:02
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. | android.permission.SYSTEM_ALERT_WINDOW | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read or write the system settings. | android.permission.WRITE_SETTINGS | N/A | N/A |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 12:02
Reported
2024-06-13 12:05
Platform
android-x86-arm-20240611.1-en
Max time kernel
7s
Max time network
140s
Command Line
Signatures
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Processes
com.upgadata.up7723
Network
| Country | Destination | Domain | Proto |
| GB | 172.217.169.74:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
Files
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | 9781ca003f10f8d0c9c1945b63fdca7f |
| SHA1 | 4156cf5dc8d71dbab734d25e5e1598b37a5456f4 |
| SHA256 | 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793 |
| SHA512 | 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03 |
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | 04e08163a2b79d697ca7b818f2fbb3d8 |
| SHA1 | 532e6c175926107638fda83667b24b4bd8cb489f |
| SHA256 | 1ab5773004ff5441614a07079bcc6b86b753fbcc12fb23f455f704156f7d30f1 |
| SHA512 | 919f779be91fa68b5b42dd4029af69929d7606ed74eb714551d7818db527ec33264f36512fc482949191d141e1ebbc4b9cf35c556d064db1e8cf977290f4e366 |
/storage/emulated/0/.DataStorage/ContextData.xml
| MD5 | 428f3ced1a0a45e2f94e475a207ac0da |
| SHA1 | c1fd56bc8d959e7579701bddd63715050514ce01 |
| SHA256 | 32269c87828e0082fe32b18e997a819631c09afec5972ff228102f3e8f5eba4b |
| SHA512 | 59a484916cb86f1164c4d533cfc17ef825b6598f2a4068468f8504c275883192cc762957f7eac7ad4b535980971006d03d5172cdc263505fbef768298894d414 |
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | 758dbe501b7133e4466196576a23a80e |
| SHA1 | 7b7b1d948ddc345959ebecda3bd94b966409ca5c |
| SHA256 | 3a1465471525ab7b9598bfe4467a78575556a257e0e6702af28114cae67f6e56 |
| SHA512 | 78f4ab5feae26f123296ead4b0139142f45124e9ba85e8a96a2e83e707d5690a393cf251b94b3a647800d76ffc1050026bbf6992b106b6b60310f26436f5c946 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-13 12:02
Reported
2024-06-13 12:02
Platform
android-33-x64-arm64-20240611.1-en
Max time network
9s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| GB | 172.217.169.36:443 | udp | |
| GB | 172.217.169.36:443 | tcp | |
| BE | 173.194.76.188:5228 | tcp | |
| GB | 172.217.16.228:443 | tcp | |
| GB | 216.58.201.106:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral4
Detonation Overview
Submitted
2024-06-13 12:02
Reported
2024-06-13 12:05
Platform
android-x86-arm-20240611.1-en
Max time network
172s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.204.78:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.238:443 | android.apis.google.com | tcp |
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-06-13 12:02
Reported
2024-06-13 12:05
Platform
android-x64-20240611.1-en
Max time network
138s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.180.8:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.200.10:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| GB | 172.217.169.68:443 | tcp | |
| GB | 172.217.169.68:443 | tcp | |
| GB | 142.250.200.46:443 | tcp | |
| GB | 216.58.212.238:443 | tcp | |
| GB | 142.250.200.2:443 | tcp |
Files
Analysis: behavioral6
Detonation Overview
Submitted
2024-06-13 12:02
Reported
2024-06-13 12:05
Platform
android-x64-arm64-20240611.1-en
Max time network
133s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.187.200:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.187.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.212.238:443 | android.apis.google.com | tcp |
| GB | 142.250.179.228:443 | tcp | |
| GB | 142.250.179.228:443 | tcp |
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 12:02
Reported
2024-06-13 12:05
Platform
android-x86-arm-20240611.1-en
Max time kernel
128s
Max time network
165s
Command Line
Signatures
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Processes
com.jiayou.dudu.egamemod
com.jiayou.dudu.egamemod:ngds
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | pushnode.gameservice.com | udp |
| US | 13.248.169.48:6225 | pushnode.gameservice.com | tcp |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.238:443 | android.apis.google.com | tcp |
| GB | 216.58.212.202:443 | tcp | |
| US | 13.248.169.48:6225 | pushnode.gameservice.com | tcp |
| US | 13.248.169.48:6225 | pushnode.gameservice.com | tcp |
Files
/storage/emulated/0/7723box_pjz.apk
| MD5 | c2ca346c035c9289f1d8a9e52b9843af |
| SHA1 | 3f93bb083a90da85bb5b54368219056da3c19310 |
| SHA256 | 928f9ec0b8fb5ea2e10a47c904e832fc0854d0640f6d936a1961eb7abf9cef4c |
| SHA512 | acb46a7229be9a3ae93666cefbc424cacbb28b60c483f981724da16a2f381b52e95e4d65481f9e7e946bd6dc0bc11a53bccfe9af223993ddce97c91f143f5915 |