Malware Analysis Report

2024-09-09 17:32

Sample ID 240613-regctswejm
Target a5efde5f447ebf10485860620d6385d7_JaffaCakes118
SHA256 5eea28043c642895c7bd8a91e63e3486784b4b185ada01c3ff9b6e2bc6b4fe9c
Tags
discovery persistence
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

5eea28043c642895c7bd8a91e63e3486784b4b185ada01c3ff9b6e2bc6b4fe9c

Threat Level: Shows suspicious behavior

The file a5efde5f447ebf10485860620d6385d7_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery persistence

Requests dangerous framework permissions

Queries information about active data network

Registers a broadcast receiver at runtime (usually for listening for system events)

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 14:06

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 14:06

Reported

2024-06-13 14:09

Platform

android-x86-arm-20240611.1-en

Max time kernel

81s

Max time network

140s

Command Line

com.bohefm.android

Signatures

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

com.bohefm.android

Network

Country Destination Domain Proto
GB 142.250.180.14:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 www.bohefm.com udp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp

Files

/data/data/com.bohefm.android/databases/bohe_data-journal

MD5 519b0e26315edb25fa04c62a30ebe30a
SHA1 2a4c8eacdbb62b20674d64837ffb1934992aed92
SHA256 5400e76781cee37d5797bc4555340fe8bd0b0521ee7a18f369aaad6d8d20260a
SHA512 c61de331c5e33b51ab276b5c9d99da18c882901bcd1b73b4a7ab3e445e229c6da7f67771b5f2894a9ee15e6c42883d71c04ae7ccb011855ee9f99bb6035f0c4f

/data/data/com.bohefm.android/databases/bohe_data

MD5 52c8a5c194f3719014881adba697fa5a
SHA1 60b6bf002d5a9891f228f60ff363133355015214
SHA256 e45fa8de56424e973311172afcbbea4949972b64e0db7cc001edbe854ad5768e
SHA512 b38d23cf286fc35b96a8578b4ac21a2344f94b2f1bc1857a7f4f08e6bd189d10aafac757c01b9c00cf667050366ccf173a09e7def867bc3d5f4afd4cf45846af

/data/data/com.bohefm.android/databases/bohe_data-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.bohefm.android/databases/bohe_data-wal

MD5 35aeb245fb90d6c8ab3cfc8841e2ca40
SHA1 a4b491536e3f773bf543c30daa42e114b46347a7
SHA256 9f093b03827295d3b2a865576d28ac8f23d81b0c4e73f349d88f082cd284e7f4
SHA512 4566c285aea813f931859c2d63089414c812aea8eca38c528aabe0061bfdd376620a9e533afd3216767b7a07db79fe59d0f783489fe2317e1485a5fc92025e09

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 14:06

Reported

2024-06-13 14:06

Platform

android-33-x64-arm64-20240611.1-en

Max time network

6s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
BE 142.250.110.188:5228 tcp
GB 172.217.16.228:443 tcp
N/A 224.0.0.251:5353 udp
GB 172.217.169.68:443 udp
GB 172.217.169.68:443 tcp

Files

N/A