Malware Analysis Report

2024-07-28 14:33

Sample ID 240613-qps9ps1apd
Target a5c6fc5885e72d9033860db024a1b51e_JaffaCakes118
SHA256 715503e56c645dc0281e4251b066c8cb6cb62af0971effb80499fcfbda1dffb4
Tags
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

715503e56c645dc0281e4251b066c8cb6cb62af0971effb80499fcfbda1dffb4

Threat Level: Shows suspicious behavior

The file a5c6fc5885e72d9033860db024a1b51e_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary


Requests dangerous framework permissions

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 13:26

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 13:26

Reported

2024-06-13 13:29

Platform

android-x86-arm-20240611.1-en

Max time kernel

7s

Max time network

139s

Command Line

cn.yeming1028.accounttest

Signatures

N/A

Processes

cn.yeming1028.accounttest

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.212.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp

Files

/storage/emulated/0/yeming1028cn/accounttest/data/base

MD5 7157da77771118db88460cebdda74705
SHA1 915396f3c6a4e1ea83b0e3c3f252758e91375ba6
SHA256 04609fe0498821c4db2c3eed2991b53c9ecd4d700ec55584976c191cb8010b18
SHA512 6dfb5bd231f4b6baefb9645b5916add57fd2fa91f686899fbfbeaa80e362c1c9a45b2a66805b827a9de7587b2a2aada06b915eb70f9345cd310d35c57a6f07e6

/storage/emulated/0/yeming1028cn/accounttest/data/basestat

MD5 c8c1437c687b9cae32887e76d08af017
SHA1 199995b4e6dfac5662a9696fb380f7692c7eeae9
SHA256 edb58146c12426e5023c26b291a21053edb5e8f99653215ec27ac1b018b14500
SHA512 4b503ae790dc9f62f3805948e38f7274c2423b85e0a678ed39049bccbb7ab485e600f1d3be9130c022be73e1dd97439c61ffafe3057a7540fecff81cd39b1d84

/storage/emulated/0/yeming1028cn/accounttest/data/exam

MD5 7042b5b30584111b19d33d13816445c7
SHA1 254a93ff92e7a6d7182d87f44fdb34e84938b6b0
SHA256 2a7fcecc729176bfe7bc9b2923b9da2beb036bb3750131471379c8bbee8ab415
SHA512 2a26396e11e36e0a13bb14118e2fb6795d9d84e9a418a976cced81fde91f59bba42b9b2165133d9bcc2e3d6443c9ec6b93b5cc907245f17c1f6989a9dac5e42d

/storage/emulated/0/yeming1028cn/accounttest/data/examstat

MD5 ca28965c19df5b510d5e56ee46e5a80c
SHA1 b61b5c64b5dfcbd714d17754c9109f8c5cbbaf98
SHA256 294d7f34ee3955a6184e82a795b9261c4a03daffba32dc86b8705f7221195962
SHA512 418f9a00ab3b45e9c6c0cae9d099d569f60397d33c2ba984f248b200ebacabbe8500a08799aecbef7f7d0dcdebefb07e1d9887b603637517a9a8cac30b4204c5