Analysis Overview
SHA256
d3f589154cc6061a04138c8f7c5bece2b0c9081ff7045dfce905fcaeabe30619
Threat Level: Shows suspicious behavior
The file a57ddc51440144634a73d00aff697d02_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Queries information about running processes on the device
Requests dangerous framework permissions
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-06-13 12:17
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. | android.permission.SYSTEM_ALERT_WINDOW | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an application to record audio. | android.permission.RECORD_AUDIO | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read or write the system settings. | android.permission.WRITE_SETTINGS | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Required to be able to access the camera device. | android.permission.CAMERA | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 12:17
Reported
2024-06-13 12:20
Platform
android-x86-arm-20240611.1-en
Max time kernel
3s
Max time network
131s
Command Line
Signatures
Queries information about running processes on the device
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
Processes
cn.com.jyscPhone
getprop ro.product.cpu.abi
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.178.3:443 | tcp | |
| GB | 142.250.187.234:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| GB | 216.58.204.78:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.212.238:443 | android.apis.google.com | tcp |
| GB | 142.250.187.234:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 142.250.187.234:443 | semanticlocation-pa.googleapis.com | tcp |
Files
/data/data/cn.com.jyscPhone/.cache/libvdog.so
| MD5 | 1b6f9d271465a68d4abe70b4b30f5616 |
| SHA1 | ea2156aab034117ac2997d7437d13634672b95ff |
| SHA256 | fd4cf956b123cc25fadf290f8708430feae6987bee3e8d8fea96c2b7f8fc4a20 |
| SHA512 | 1c916d8273caf61a257a8d8518de2a03b251682cd1bd8ea2236ab9141ce1b669d41829c6bd1e7cbd970316f81820b2c01cab36609c95d920d22ae667cc22e7f8 |
/data/data/cn.com.jyscPhone/.cache/libhdog.so
| MD5 | b72b632e0dca729bbdc749105400e45e |
| SHA1 | e8558a2f6f2fa63c123169ff984bed37f721e91f |
| SHA256 | 15e1bec27b8a87124b0073485eb1620a2b0997375892faa31cd42859a7dac4a7 |
| SHA512 | 6cd455869d0e177ca0e4188ff01c6ba7d949aec7d78cfe534dad5c3029109c91e9c7ae9afb0c0ca756eec26733530fbb328412e9784c5a5fe3762ea33147e1df |
/data/data/cn.com.jyscPhone/.cache/cert0
| MD5 | 3feacc51e84067d8f13ecec69174883b |
| SHA1 | a6e5f6e149d821a6a7e6bcc9e64237f241848299 |
| SHA256 | 689112dfb0f6188f8e3739e69faadb84f50e8f435a4c71d5b46e9d937cbbf59f |
| SHA512 | e8497435985c455e20373404c140959636790a4cd6f781238acf19bbbb0d2e372fdfd607452d93d2c16111f82e9e6af34bec4595d68d15003fb3a06262215134 |
/data/data/cn.com.jyscPhone/.cache/main.data
| MD5 | 8fcf915fbe1f061e7210ebd484d001e4 |
| SHA1 | db5abf9ab694b5165c8dc363081c3a4fa35174ca |
| SHA256 | a002a9cfe41a02602c73de61734e7942dde1c73828cf982bfb99bc833d5d603a |
| SHA512 | 3bcf168f3f069b3a6d7b0543f45f946ec9c3c0812b083e64b231eea857c7df12f7be609aaf221262acce25be29945383ad9195847dce38dfc9e1dabb07c1ef99 |
/data/data/cn.com.jyscPhone/.cache/datarc
| MD5 | d872f33f22c9f7970e244dc7d45021d5 |
| SHA1 | 9c4eb55cdbd0d0a67ac8482f8db8ba6722f62445 |
| SHA256 | 77fe100cbac2c5c7f8137df7201f925333d6c8882c27ec4dc5c612936b0eb7be |
| SHA512 | 4214ccbe77e5048d356a91a36090dc1f75b4b929fb57550f6635dfd25ff679d46a85c0c6fe71133bfaabb9980776401cc2800fcdbe9de645b7b33d14bdbd85c9 |
/data/data/cn.com.jyscPhone/.cache/res.data
| MD5 | a5ffaa68cd0ea4a6dcda3a272f289c98 |
| SHA1 | 14aaf72f2b08fa2606e2c7518d9ff79511c56a7d |
| SHA256 | 1ad4fd5110cb88498da68668677fdc015e1514170c70d25ee85d58ce59ec3e3f |
| SHA512 | 63021bddd5b0ca199306137ea6dc89aa8d60b75984ed7d4e66bdb4dad244fe7302528bf3461c3c0fc4a3fe338b5df2c2cb348223e575c78417fcc18393a549cb |
/data/data/cn.com.jyscPhone/.meta-inf/enc.mf
| MD5 | 7dbf806f862f1b62a492f86fe6850188 |
| SHA1 | 44fe423c44c6337d599e14238e4d01672adc2f82 |
| SHA256 | 98467daec186419e01528d4abbd677931f289b863981ff7f79fda9cfad785b1e |
| SHA512 | 2420dc13808a2ba59084460f576c0c93bc2ad0bfabe0d48599d82c3fe9fe1aae7b12cdccaa27e4197fe4d5639792ed36515d59a9f737c4c630a5d02748ca4404 |
/data/data/cn.com.jyscPhone/.cache/classes.dex
| MD5 | 8cdc9e71711ae0ed23480f1d89d2d740 |
| SHA1 | c4994a3d47178eddd24466d5695df51a3c3ddcc2 |
| SHA256 | 488618d278264f01e24fd10dbff64ab227f30f75561927d204aea8309b9c0fd6 |
| SHA512 | 2ce0530bc0141c577f99287206b94b80b1a0f3d619b5082deb6ef5b6255058c4a0461c5e4fca2652e0f3e99d28582a60f6708c28a99db253e13184421ae47044 |
/data/data/cn.com.jyscPhone/.cache/classes2.dex
| MD5 | 3e3e434ea6768bbaff484b1d0ea20883 |
| SHA1 | 399091907374c07d234e589ed4b2b1dba7f26951 |
| SHA256 | 92e9b161b7b89e58c284db242aa1ab3d50862265ff4d18ec4739d7afc7fa7284 |
| SHA512 | 80aeb6009b01f989e58ded3fb33008a363a2ab082a7f0be79e6cba2aec885000314975994127dad9c7b333c386101a97f6c74fe3b9e29f983614387d964d7a0e |