Analysis Overview
SHA256
49c8ef6d28ec25d9de155748d2e52fa35bcdfc4406c23967a411f122d741458c
Threat Level: Shows suspicious behavior
The file a587f216ea8072e41ec68ed53d9027af_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Requests dangerous framework permissions
Acquires the wake lock
Queries information about active data network
Queries the unique device ID (IMEI, MEID, IMSI)
Reads information about phone network operator.
Registers a broadcast receiver at runtime (usually for listening for system events)
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-06-13 12:27
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 12:27
Reported
2024-06-13 12:31
Platform
android-x64-20240611.1-en
Max time kernel
88s
Max time network
138s
Command Line
Signatures
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries the unique device ID (IMEI, MEID, IMSI)
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Processes
com.lxwx.tom.pkxyxmp
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | g.tom.com | udp |
| N/A | 10.0.0.172:80 | tcp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.187.200:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.200.10:443 | tcp | |
| N/A | 10.0.0.172:80 | tcp | |
| N/A | 10.0.0.172:80 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| N/A | 10.0.0.172:80 | tcp | |
| N/A | 10.0.0.172:80 | tcp | |
| GB | 142.250.200.46:443 | android.apis.google.com | tcp |
| GB | 172.217.169.68:443 | tcp | |
| GB | 172.217.169.68:443 | tcp | |
| GB | 142.250.200.46:443 | android.apis.google.com | tcp |
| GB | 216.58.212.238:443 | tcp | |
| GB | 142.250.200.2:443 | tcp |
Files
Analysis: behavioral8
Detonation Overview
Submitted
2024-06-13 12:27
Reported
2024-06-13 12:30
Platform
android-x64-20240611.1-en
Max time kernel
8s
Max time network
132s
Command Line
Signatures
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries the unique device ID (IMEI, MEID, IMSI)
Processes
cn.emagsoftware.gamehall
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 172.217.169.10:443 | tcp | |
| GB | 142.250.180.8:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.201.110:443 | android.apis.google.com | tcp |
| GB | 172.217.169.78:443 | tcp | |
| GB | 142.250.179.226:443 | tcp | |
| GB | 142.250.187.196:443 | tcp | |
| GB | 142.250.187.196:443 | tcp | |
| GB | 172.217.169.10:443 | tcp | |
| GB | 172.217.169.14:443 | tcp |
Files
/data/data/cn.emagsoftware.gamehall/databases/GameCache-journal
| MD5 | 180bd7b2a53d88b0e308632cdd2a6370 |
| SHA1 | ff24af3f98b75ff63b68fb56c97141f22ec9a034 |
| SHA256 | dd661f4cb4614e3f8b438611e4cb8871884f3c4f6e9e8b49187bf7939ccedb86 |
| SHA512 | 088b93efc2688d5b2e21f4725c4e446654b9d09cadd76a06a68299dd659a608748c5333fe9f671b2eadc158f4f8eabc100fa46559979d9375b8d324384117608 |
/data/data/cn.emagsoftware.gamehall/databases/GameCache
| MD5 | 18c57d7fa53a40b1b6fadef97d7c43ca |
| SHA1 | 8e6167b7b7eaf2d596ad3f18f9004c64bfd06891 |
| SHA256 | 64f46157b8b35229f3636c039a1e9c059e2107af0a107c52fe99ea4bbf4d7109 |
| SHA512 | 68a2dae3fb34c9578a6ad14e9f5dc6a1228c78536f82bde28fefea59b4a7234984c1e744cd9f2efc758b982e767720b7b37d28af95ae81505da353d8245e9d1b |
/data/data/cn.emagsoftware.gamehall/databases/GameCache-journal
| MD5 | b5e48170cc55d2fa52c09b1edd239eb1 |
| SHA1 | ba165f2871f7afa19090fdaeab416e814674d14f |
| SHA256 | 10959d08fac0edc257b4c692c119ac2a9ad200cc9578f64273d9fbdcea07caa8 |
| SHA512 | 19a4c953be38e8e1381998bbb68c1046979fe2d31136d6a034ffb8f9b6883a616b9823a24ad88cb767bc6869f6a112e6715f723c3880ea68531861fc60c7f104 |
/data/data/cn.emagsoftware.gamehall/databases/GameCache-journal
| MD5 | 9bcd741855fdc1f19c2ceb347bcf1a22 |
| SHA1 | 258fee9e5bcfde541214d104b41725bc3402afbe |
| SHA256 | fa9af9e7e8fedbfeb6ddea78b412195f8a6857bd86411ce9b08848ad1b0cb1df |
| SHA512 | 9ff26efa79ac5918ebb0b1be9f76da0381fce7f5fbe095d3e8dc8b1c0d83044e17ebe2139a33477ce6ca6a22ef4ae2a550193b0414fc142191b1d447d247cfa7 |
Analysis: behavioral9
Detonation Overview
Submitted
2024-06-13 12:27
Reported
2024-06-13 12:30
Platform
android-x64-arm64-20240611.1-en
Max time kernel
8s
Max time network
133s
Command Line
Signatures
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Processes
cn.emagsoftware.gamehall
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.200.40:443 | ssl.google-analytics.com | tcp |
| GB | 172.217.16.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.46:443 | android.apis.google.com | tcp |
| GB | 216.58.201.100:443 | tcp | |
| GB | 216.58.201.100:443 | tcp |
Files
/data/user/0/cn.emagsoftware.gamehall/databases/GameCache-journal
| MD5 | bf4a03b3bece94c012131d456fbfb7a4 |
| SHA1 | 55ebed55cbc0484b4845ca559bf736c3596ff6f6 |
| SHA256 | 7c2b6163f769e029c86530c25187cfd2400cdbc63e8cd959a4e70a525b923f1c |
| SHA512 | 864d2c35c075b9cde6482ffb448f13f96b01367bea84d959bb4bb058a95c5b662dcba6a803e3b5ced4a41cb7da3a2a9e346154eca17f7dc0fd7a82ec303ad1c4 |
/data/user/0/cn.emagsoftware.gamehall/databases/GameCache
| MD5 | f1654b6985eeca3980460f8c663a86ac |
| SHA1 | 2685ba462be1ac7a63f6937d28fa7099434ce18b |
| SHA256 | 3ad7220c6e66f0a87c2e907fa2adb0ae0d8478bf18c510910e8a0d53a8c07225 |
| SHA512 | c10122123608c916d47f57002c70280030714429e8b46b56b9aeb667728efa3bd1e1dd487931353baab0ea804c6c426708678e2b1064d7992380fa6a29c2f78b |
/data/user/0/cn.emagsoftware.gamehall/databases/GameCache-journal
| MD5 | efb73b8ed9c52e6bd008e570e4451763 |
| SHA1 | 2be6bc63bdd739982480639d9a91506cdd2bcb6f |
| SHA256 | d35ea19b2660d7469f4f649849fafbf3ab0622c209a8177c19c9010216329d05 |
| SHA512 | 3316fb6b328be799a037246b21a6ec3593574754079d5b591c86ed92a6eb15d92f9431c0d9af6da08b8c601b2168556bbeead314e54c709cf4cae1e57ce585e9 |
/data/user/0/cn.emagsoftware.gamehall/databases/GameCache-journal
| MD5 | 7769646818a2d859f8e257da82d86eb7 |
| SHA1 | 73d28ee923b69e281fc57063d9832cff7d22667e |
| SHA256 | 90e1caee0e60e068e0ee8d81563a4c890704efdb810c70bcfd8bb0fb1ded1a34 |
| SHA512 | 601cff4feb18f7f110fa2ce9465e1a63e429ce26c0a217de4990ad8b89b675b62f25c65112d8df58f04c80f94a3061acf2f4577d692674c487dab7c1a1fbd2e4 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 12:27
Reported
2024-06-13 12:30
Platform
android-x86-arm-20240611.1-en
Max time kernel
168s
Max time network
170s
Command Line
Signatures
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Reads information about phone network operator.
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Processes
com.lxwx.tom.pkxyxmp
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | g.tom.com | udp |
| N/A | 10.0.0.172:80 | tcp | |
| N/A | 10.0.0.172:80 | tcp | |
| N/A | 10.0.0.172:80 | tcp | |
| GB | 216.58.212.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.212.238:443 | android.apis.google.com | tcp |
| N/A | 10.0.0.172:80 | tcp | |
| N/A | 10.0.0.172:80 | tcp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-13 12:27
Reported
2024-06-13 12:30
Platform
android-x64-arm64-20240611.1-en
Max time kernel
16s
Max time network
134s
Command Line
Signatures
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Processes
com.lxwx.tom.pkxyxmp
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | g.tom.com | udp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| N/A | 10.0.0.172:80 | tcp | |
| N/A | 10.0.0.172:80 | tcp | |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |
| N/A | 10.0.0.172:80 | tcp | |
| GB | 216.58.201.104:443 | ssl.google-analytics.com | tcp |
| N/A | 10.0.0.172:80 | tcp | |
| N/A | 10.0.0.172:80 | tcp | |
| GB | 216.58.201.100:443 | tcp | |
| GB | 216.58.201.100:443 | tcp |
Files
Analysis: behavioral4
Detonation Overview
Submitted
2024-06-13 12:27
Reported
2024-06-13 12:30
Platform
android-x86-arm-20240611.1-en
Max time kernel
3s
Max time network
151s
Command Line
Signatures
Processes
com.alipay.android.app
Network
| Country | Destination | Domain | Proto |
| GB | 172.217.169.74:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-06-13 12:27
Reported
2024-06-13 12:30
Platform
android-x64-20240611.1-en
Max time kernel
3s
Max time network
146s
Command Line
Signatures
Processes
com.alipay.android.app
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.187.200:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.201.110:443 | android.apis.google.com | tcp |
| GB | 142.250.200.46:443 | tcp | |
| GB | 142.250.179.226:443 | tcp | |
| GB | 142.250.179.228:443 | tcp | |
| GB | 142.250.179.228:443 | tcp | |
| GB | 142.250.200.46:443 | tcp |
Files
Analysis: behavioral6
Detonation Overview
Submitted
2024-06-13 12:27
Reported
2024-06-13 12:30
Platform
android-x64-arm64-20240611.1-en
Max time kernel
3s
Max time network
143s
Command Line
Signatures
Processes
com.alipay.android.app
Network
| Country | Destination | Domain | Proto |
| GB | 172.217.16.238:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 172.217.16.238:443 | tcp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 216.58.212.200:443 | ssl.google-analytics.com | tcp |
| GB | 172.217.169.68:443 | tcp | |
| GB | 172.217.169.68:443 | tcp |
Files
Analysis: behavioral7
Detonation Overview
Submitted
2024-06-13 12:27
Reported
2024-06-13 12:30
Platform
android-x86-arm-20240611.1-en
Max time kernel
8s
Max time network
152s
Command Line
Signatures
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Processes
cn.emagsoftware.gamehall
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.180.14:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
Files
/data/data/cn.emagsoftware.gamehall/databases/GameCache-journal
| MD5 | 7918fd729af1d27c73f5d5f60528ddc2 |
| SHA1 | 8a79e0ee4034bab3fe17e13299d1a8e19beda922 |
| SHA256 | fe0832e5384ca4c4ad15aa2d7b16c49ca061eafd2330a3f3ca5b56906919fcfb |
| SHA512 | f7cab570b98c339e58c45659a96bf78d3c13dae4c976cec790b638f29200b0239ad5c01d89895dc817ccd88a64941731e09fd9082e5b823e371c6890ea88efc1 |
/data/data/cn.emagsoftware.gamehall/databases/GameCache
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/cn.emagsoftware.gamehall/databases/GameCache-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/cn.emagsoftware.gamehall/databases/GameCache-wal
| MD5 | b447b6eaf19e77b6bbae273f58086d9e |
| SHA1 | b5ee2c897cd5ac81f25c7ae7f02c1794c90b9486 |
| SHA256 | 615c1b9b94b7fb92d14f2fb7743fb999622520f16b53f6e327fb593ae6d52bf2 |
| SHA512 | c4cf95361c139f0640a9f1e99e81f35322cc9cc28b0776db05ecda337cf0f2fad9178995a813ae7faa399af4f0653e1a94dbf04874b5d3bd8a59e3b3109d8d2f |