Analysis Overview
SHA256
7b65c037935deac1dcadac10eaf790271ed922b95f8cb9bf8c011761b15f8290
Threat Level: Shows suspicious behavior
The file a5d96f217129250b754e88dfd2b347aa_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Requests dangerous framework permissions
Queries information about active data network
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-06-13 13:43
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Required to be able to access the camera device. | android.permission.CAMERA | N/A | N/A |
| Allows an application to read or write the system settings. | android.permission.WRITE_SETTINGS | N/A | N/A |
| Allows an application to request installing packages. | android.permission.REQUEST_INSTALL_PACKAGES | N/A | N/A |
| Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. | android.permission.SYSTEM_ALERT_WINDOW | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 13:43
Reported
2024-06-13 13:47
Platform
android-x86-arm-20240611.1-en
Max time kernel
33s
Max time network
130s
Command Line
Signatures
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Processes
com.notebookjv.byzmy.ai
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | us-api.leancloud.cn | udp |
| SG | 119.29.29.29:80 | 119.29.29.29 | tcp |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.238:443 | android.apis.google.com | tcp |
| GB | 216.58.212.202:443 | tcp |
Files
/data/data/com.notebookjv.byzmy.ai/databases/Note.db-journal
| MD5 | 934962eb33b065bea09073d5f6692f46 |
| SHA1 | bef67a667ecb96eca9c249bbb47d4b8ca759f2ac |
| SHA256 | c4a294a8f08425c25dff8c55004f8badb1e65b5c14a459e98b9713fce490760d |
| SHA512 | 45ce985be0d8121e161fa91d149839ee433e63358db5f2b5788c9606a9a64cb0baf32fd1dc1e26d10366757dfbd9d6aa6df25b9adfb3ddd16d707f03e7d709ed |
/data/data/com.notebookjv.byzmy.ai/databases/Note.db
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/com.notebookjv.byzmy.ai/databases/Note.db-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/com.notebookjv.byzmy.ai/databases/Note.db-wal
| MD5 | 514eb3acf3f620ac26b75fece4d4dccf |
| SHA1 | e2ce844a34291ea28bc6817868e01bd256d805dd |
| SHA256 | 12af6ac4c60786f1d776a3a7c2370e6f348df4cfd310fb490d321053d02fa891 |
| SHA512 | 2166a4d1672c94d73c7f2ced41e73a20808ff4219ee90fd191c321896469ed2b2d91da315106d3601fa657df4840e44f2720986ad3bce83532899e08af7ccce3 |