Analysis Overview
SHA256
5eea28043c642895c7bd8a91e63e3486784b4b185ada01c3ff9b6e2bc6b4fe9c
Threat Level: Shows suspicious behavior
The file a5efde5f447ebf10485860620d6385d7_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Requests dangerous framework permissions
Queries information about active data network
Registers a broadcast receiver at runtime (usually for listening for system events)
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-06-13 14:06
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to record audio. | android.permission.RECORD_AUDIO | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Required to be able to access the camera device. | android.permission.CAMERA | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows access to the list of accounts in the Accounts Service. | android.permission.GET_ACCOUNTS | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 14:06
Reported
2024-06-13 14:09
Platform
android-x86-arm-20240611.1-en
Max time kernel
81s
Max time network
140s
Command Line
Signatures
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Processes
com.bohefm.android
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.180.14:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | www.bohefm.com | udp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.46:443 | android.apis.google.com | tcp |
Files
/data/data/com.bohefm.android/databases/bohe_data-journal
| MD5 | 519b0e26315edb25fa04c62a30ebe30a |
| SHA1 | 2a4c8eacdbb62b20674d64837ffb1934992aed92 |
| SHA256 | 5400e76781cee37d5797bc4555340fe8bd0b0521ee7a18f369aaad6d8d20260a |
| SHA512 | c61de331c5e33b51ab276b5c9d99da18c882901bcd1b73b4a7ab3e445e229c6da7f67771b5f2894a9ee15e6c42883d71c04ae7ccb011855ee9f99bb6035f0c4f |
/data/data/com.bohefm.android/databases/bohe_data
| MD5 | 52c8a5c194f3719014881adba697fa5a |
| SHA1 | 60b6bf002d5a9891f228f60ff363133355015214 |
| SHA256 | e45fa8de56424e973311172afcbbea4949972b64e0db7cc001edbe854ad5768e |
| SHA512 | b38d23cf286fc35b96a8578b4ac21a2344f94b2f1bc1857a7f4f08e6bd189d10aafac757c01b9c00cf667050366ccf173a09e7def867bc3d5f4afd4cf45846af |
/data/data/com.bohefm.android/databases/bohe_data-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/com.bohefm.android/databases/bohe_data-wal
| MD5 | 35aeb245fb90d6c8ab3cfc8841e2ca40 |
| SHA1 | a4b491536e3f773bf543c30daa42e114b46347a7 |
| SHA256 | 9f093b03827295d3b2a865576d28ac8f23d81b0c4e73f349d88f082cd284e7f4 |
| SHA512 | 4566c285aea813f931859c2d63089414c812aea8eca38c528aabe0061bfdd376620a9e533afd3216767b7a07db79fe59d0f783489fe2317e1485a5fc92025e09 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 14:06
Reported
2024-06-13 14:06
Platform
android-33-x64-arm64-20240611.1-en
Max time network
6s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| BE | 142.250.110.188:5228 | tcp | |
| GB | 172.217.16.228:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 172.217.169.68:443 | udp | |
| GB | 172.217.169.68:443 | tcp |