Analysis Overview

score

6^/10

SHA256

cab29634c66673be55eab8b9eeb90ebab86d4f11a5fe8784c7756631ca3af5a8

Threat Level: Shows suspicious behavior

The file a612f17eeb0e75d79abedc70570ef446_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

persistence

Requests dangerous framework permissions

Registers a broadcast receiver at runtime (usually for listening for system events)

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 14:41

Signatures

Requests dangerous framework permissions

Description	Indicator	Process	Target
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE	N/A	N/A
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE	N/A	N/A
Allows an application to record audio.	android.permission.RECORD_AUDIO	N/A	N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps.	android.permission.SYSTEM_ALERT_WINDOW	N/A	N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 14:41

Reported

2024-06-13 14:44

Platform

android-x86-arm-20240611.1-en

Max time kernel

24s

Max time network

131s

Command Line

com.rcreations.WebCamViewerPaid

Signatures

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence

Description	Indicator	Process	Target
Framework service call	android.app.IActivityManager.registerReceiver	N/A	N/A

Processes

com.rcreations.WebCamViewerPaid

Network

Country	Destination	Domain	Proto
N/A	224.0.0.251:5353		udp
GB	142.250.187.206:443		tcp
US	1.1.1.1:53	android.apis.google.com	udp
GB	142.250.200.46:443	android.apis.google.com	tcp
US	1.1.1.1:53	rc-regkeytool.appspot.com	udp
GB	216.58.201.116:443	rc-regkeytool.appspot.com	tcp

Files

/data/data/com.rcreations.WebCamViewerPaid/databases/datadb-journal

MD5	0f981e3c21e570195fe49c42f8e03daf
SHA1	15e9b6a99eba1398f523d2c21b99a2cd93244dcf
SHA256	76c2789ade06df0ef1d419a153f4146f05bea338618c3fb5c1e8aa1f44240d43
SHA512	4f5f93c5d3343df286c2ab764bc28604dc046bf80da0bc36e3b7745d72fe9853fd0febb67fd0958cfa0469bc8f583a4ac7deecfb3cfe81402f822399643175d1

/data/data/com.rcreations.WebCamViewerPaid/databases/datadb

MD5	01f9fee863099b742b8d304c74ff3ab4
SHA1	01e7bbdad6aba2a19cd39b41c46888fe841dc0d4
SHA256	c52a1ad02084a60ad3e741707a55018b03fe20ee540006b6e5fbc092088b4887
SHA512	276820ed84527efcc78509ff90478138ec5df45c3456a96da7bcddd6ad551921972a6b32f674b42690f56809e1aa7b02830102f1fd78297ee80ea8ec18f17ebe

/data/data/com.rcreations.WebCamViewerPaid/databases/datadb-shm

MD5	bb7df04e1b0a2570657527a7e108ae23
SHA1	5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256	c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512	768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.rcreations.WebCamViewerPaid/databases/datadb-wal

MD5	71bbe000a83d882060ccc6ab297b9171
SHA1	7632472fbe2ca9ce5616309b059b44b794995cb4
SHA256	809b583358e493a8c8632fdfb6ca77b5e68fb3524cb7773f80a63875e0999863
SHA512	2689930cfe494d2a88afd8c1a8be51cd818f486d6e20a4971a5df493de944d843017da0b25cc0f84a6963b3b7fef787f24ea5bb38c5fda1b121de79bad5a7a32

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 14:41

Reported

2024-06-13 14:44

Platform

android-x64-20240611.1-en

Max time kernel

20s

Max time network

165s

Command Line

com.rcreations.WebCamViewerPaid

Signatures

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence

Description	Indicator	Process	Target
Framework service call	android.app.IActivityManager.registerReceiver	N/A	N/A

Processes

com.rcreations.WebCamViewerPaid

Network

Country	Destination	Domain	Proto
N/A	224.0.0.251:5353		udp
GB	142.250.178.14:443		tcp
GB	172.217.16.234:443		tcp
US	1.1.1.1:53	www.google.com	udp
GB	142.250.180.4:443	www.google.com	tcp
US	1.1.1.1:53	ssl.google-analytics.com	udp
GB	142.250.200.8:443	ssl.google-analytics.com	tcp
US	1.1.1.1:53	android.apis.google.com	udp
GB	142.250.179.238:443	android.apis.google.com	tcp
GB	142.250.179.238:443	android.apis.google.com	tcp
US	1.1.1.1:53	www.google.com	udp
GB	142.250.200.36:443	www.google.com	tcp
GB	216.58.204.78:443		tcp
GB	142.250.187.226:443		tcp
GB	142.250.180.3:443		tcp
US	1.1.1.1:53	g.tenor.com	udp
GB	142.250.200.10:443	g.tenor.com	tcp
GB	142.250.179.228:443		tcp
BE	74.125.133.188:5228		tcp
US	1.1.1.1:53	semanticlocation-pa.googleapis.com	udp
US	1.1.1.1:53	android.apis.google.com	udp
GB	142.250.200.46:443	android.apis.google.com	tcp
US	1.1.1.1:53	www.youtube.com	udp
GB	172.217.169.78:443	www.youtube.com	udp
GB	172.217.169.78:443	www.youtube.com	tcp
US	1.1.1.1:53	mdh-pa.googleapis.com	udp
GB	142.250.180.10:443	mdh-pa.googleapis.com	tcp
US	1.1.1.1:53	www.google.com	udp
GB	142.250.180.4:443	www.google.com	tcp
US	1.1.1.1:53	accounts.google.com	udp
US	1.1.1.1:53	accounts.google.com	udp
BE	108.177.15.84:443	accounts.google.com	tcp

Files

/data/data/com.rcreations.WebCamViewerPaid/databases/datadb-journal

MD5	6ceb401292e524d685d5d0de281fa256
SHA1	30177172991bae52481a8414d370cd7e8f5a805a
SHA256	e59eb9254fe57dcf54c57992e3536613a0b69081e5719e306730682253387716
SHA512	3cb48f9f9cd2eb5e15839c0ef7f359ac4c6d20128cdc1794f3bb95101949b33cd0f36decc1a1d055de2d9db42ef80d7793e64ca519c4034cb46eca529aa6fc87

/data/data/com.rcreations.WebCamViewerPaid/databases/datadb

MD5	c093ce755adf0aa2351d527060b22b31
SHA1	6e6769fb732882a8aedbeba7c793e3bf17a8bca9
SHA256	e5d913b7c3d106c5034cfdc2f2e5cfedff55c7e952233d00931f7023d886a343
SHA512	34cf9f8526c4071d4e542983b2164ee4035345dc297238a0d3a6b17d9e857dcbbc987c4ad4e7515b88fe5c2394f03ef570d9629b89f8592b6d006151c5ab95fb

/data/data/com.rcreations.WebCamViewerPaid/databases/datadb-journal

MD5	6bf1184f77153b2de95dab9cc14d3a60
SHA1	ff0a1f498d5b5976618ac06df18e51298e9e0c59
SHA256	c68de61defcc9db78e2d9e40188ebf39be998a7f600f6159401252c1cb7e625c
SHA512	52fdfbaaf55c633927a99041871fb77ac0417ac62053f614b1f7983899d1051c6307691c3ea211058995b7f0bed29ab7478bfc03f6b5de0904b78410ad6398ad

/data/data/com.rcreations.WebCamViewerPaid/databases/datadb-journal

MD5	4257b347fedff4a42f87f6c1bdb226a3
SHA1	b67e3de1c81e3b4f2591bf291af3300f529037e5
SHA256	87835ef6d9e57a545f14bcd9a6746692c444d83ca84da0a157e5cc926062eaef
SHA512	644dab834ea2d8d34ba9c88b0ca6e8ab2b9a7eb6c9bf332e7ee6b6a5a897f4b29cd5698f40cca6273efec945a493aec7862d2b3b4cb91d57176c42163d7993a7

Sample ID	240613-r2g8mstake
Target	a612f17eeb0e75d79abedc70570ef446_JaffaCakes118
SHA256	cab29634c66673be55eab8b9eeb90ebab86d4f11a5fe8784c7756631ca3af5a8
Tags	persistence

Malware Analysis Report

2024-07-28 14:32

Table of Contents

Analysis Overview

Threat Level: Shows suspicious behavior

Malicious Activity Summary

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files