Malware Analysis Report

2024-09-09 17:35

Sample ID 240613-pf5eyaybjg
Target a57ddc51440144634a73d00aff697d02_JaffaCakes118
SHA256 d3f589154cc6061a04138c8f7c5bece2b0c9081ff7045dfce905fcaeabe30619
Tags
discovery
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

d3f589154cc6061a04138c8f7c5bece2b0c9081ff7045dfce905fcaeabe30619

Threat Level: Shows suspicious behavior

The file a57ddc51440144634a73d00aff697d02_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery

Queries information about running processes on the device

Requests dangerous framework permissions

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 12:17

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 12:17

Reported

2024-06-13 12:20

Platform

android-x86-arm-20240611.1-en

Max time kernel

3s

Max time network

131s

Command Line

cn.com.jyscPhone

Signatures

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Processes

cn.com.jyscPhone

getprop ro.product.cpu.abi

Network

Country Destination Domain Proto
GB 142.250.178.3:443 tcp
GB 142.250.187.234:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.238:443 android.apis.google.com tcp
GB 142.250.187.234:443 semanticlocation-pa.googleapis.com tcp
GB 142.250.187.234:443 semanticlocation-pa.googleapis.com tcp

Files

/data/data/cn.com.jyscPhone/.cache/libvdog.so

MD5 1b6f9d271465a68d4abe70b4b30f5616
SHA1 ea2156aab034117ac2997d7437d13634672b95ff
SHA256 fd4cf956b123cc25fadf290f8708430feae6987bee3e8d8fea96c2b7f8fc4a20
SHA512 1c916d8273caf61a257a8d8518de2a03b251682cd1bd8ea2236ab9141ce1b669d41829c6bd1e7cbd970316f81820b2c01cab36609c95d920d22ae667cc22e7f8

/data/data/cn.com.jyscPhone/.cache/libhdog.so

MD5 b72b632e0dca729bbdc749105400e45e
SHA1 e8558a2f6f2fa63c123169ff984bed37f721e91f
SHA256 15e1bec27b8a87124b0073485eb1620a2b0997375892faa31cd42859a7dac4a7
SHA512 6cd455869d0e177ca0e4188ff01c6ba7d949aec7d78cfe534dad5c3029109c91e9c7ae9afb0c0ca756eec26733530fbb328412e9784c5a5fe3762ea33147e1df

/data/data/cn.com.jyscPhone/.cache/cert0

MD5 3feacc51e84067d8f13ecec69174883b
SHA1 a6e5f6e149d821a6a7e6bcc9e64237f241848299
SHA256 689112dfb0f6188f8e3739e69faadb84f50e8f435a4c71d5b46e9d937cbbf59f
SHA512 e8497435985c455e20373404c140959636790a4cd6f781238acf19bbbb0d2e372fdfd607452d93d2c16111f82e9e6af34bec4595d68d15003fb3a06262215134

/data/data/cn.com.jyscPhone/.cache/main.data

MD5 8fcf915fbe1f061e7210ebd484d001e4
SHA1 db5abf9ab694b5165c8dc363081c3a4fa35174ca
SHA256 a002a9cfe41a02602c73de61734e7942dde1c73828cf982bfb99bc833d5d603a
SHA512 3bcf168f3f069b3a6d7b0543f45f946ec9c3c0812b083e64b231eea857c7df12f7be609aaf221262acce25be29945383ad9195847dce38dfc9e1dabb07c1ef99

/data/data/cn.com.jyscPhone/.cache/datarc

MD5 d872f33f22c9f7970e244dc7d45021d5
SHA1 9c4eb55cdbd0d0a67ac8482f8db8ba6722f62445
SHA256 77fe100cbac2c5c7f8137df7201f925333d6c8882c27ec4dc5c612936b0eb7be
SHA512 4214ccbe77e5048d356a91a36090dc1f75b4b929fb57550f6635dfd25ff679d46a85c0c6fe71133bfaabb9980776401cc2800fcdbe9de645b7b33d14bdbd85c9

/data/data/cn.com.jyscPhone/.cache/res.data

MD5 a5ffaa68cd0ea4a6dcda3a272f289c98
SHA1 14aaf72f2b08fa2606e2c7518d9ff79511c56a7d
SHA256 1ad4fd5110cb88498da68668677fdc015e1514170c70d25ee85d58ce59ec3e3f
SHA512 63021bddd5b0ca199306137ea6dc89aa8d60b75984ed7d4e66bdb4dad244fe7302528bf3461c3c0fc4a3fe338b5df2c2cb348223e575c78417fcc18393a549cb

/data/data/cn.com.jyscPhone/.meta-inf/enc.mf

MD5 7dbf806f862f1b62a492f86fe6850188
SHA1 44fe423c44c6337d599e14238e4d01672adc2f82
SHA256 98467daec186419e01528d4abbd677931f289b863981ff7f79fda9cfad785b1e
SHA512 2420dc13808a2ba59084460f576c0c93bc2ad0bfabe0d48599d82c3fe9fe1aae7b12cdccaa27e4197fe4d5639792ed36515d59a9f737c4c630a5d02748ca4404

/data/data/cn.com.jyscPhone/.cache/classes.dex

MD5 8cdc9e71711ae0ed23480f1d89d2d740
SHA1 c4994a3d47178eddd24466d5695df51a3c3ddcc2
SHA256 488618d278264f01e24fd10dbff64ab227f30f75561927d204aea8309b9c0fd6
SHA512 2ce0530bc0141c577f99287206b94b80b1a0f3d619b5082deb6ef5b6255058c4a0461c5e4fca2652e0f3e99d28582a60f6708c28a99db253e13184421ae47044

/data/data/cn.com.jyscPhone/.cache/classes2.dex

MD5 3e3e434ea6768bbaff484b1d0ea20883
SHA1 399091907374c07d234e589ed4b2b1dba7f26951
SHA256 92e9b161b7b89e58c284db242aa1ab3d50862265ff4d18ec4739d7afc7fa7284
SHA512 80aeb6009b01f989e58ded3fb33008a363a2ab082a7f0be79e6cba2aec885000314975994127dad9c7b333c386101a97f6c74fe3b9e29f983614387d964d7a0e