Malware Analysis Report

2024-09-09 17:25

Sample ID 240613-rmxd1ssdpf
Target a5fc2d024764224e540a38f4799c94af_JaffaCakes118
SHA256 4636f25112251cc54dbff20feabc83ccc7496ae1105a2debb0d4eba9c1cbefc5
Tags
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

4636f25112251cc54dbff20feabc83ccc7496ae1105a2debb0d4eba9c1cbefc5

Threat Level: Shows suspicious behavior

The file a5fc2d024764224e540a38f4799c94af_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary


Requests dangerous framework permissions

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 14:19

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 14:19

Reported

2024-06-13 14:22

Platform

android-x86-arm-20240611.1-en

Max time kernel

2s

Max time network

158s

Command Line

com.chwn.curiousdiary

Signatures

N/A

Processes

com.chwn.curiousdiary

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 216.58.201.110:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.238:443 android.apis.google.com tcp
GB 216.58.212.202:443 semanticlocation-pa.googleapis.com tcp
GB 216.58.212.202:443 semanticlocation-pa.googleapis.com tcp

Files

/data/data/com.chwn.curiousdiary/.jiagu/libjiagu.so

MD5 374db0863d780b5f54aa59101e184de0
SHA1 4b813e3107d2aed09a4ffb209d9a3883f17d7198
SHA256 270728638feb92037267a2edfb0bcf20d203ca2afe4f98c0802d82556eaf32af
SHA512 2a716280459d6a94fa91841772c01c664fc2cf0c7f96baeaf45667a35a036d8096e64dd143a2af5d5573acddb5adda1f51dcc0ecbc6f1b3790cfc6f1a0d83076