Malware Analysis Report

2024-09-09 17:36

Sample ID 240613-rxxgrsxbpr
Target a60c7a35ed3d46a30e71bd3e1aaa95d2_JaffaCakes118
SHA256 11af4d0910b1a46671357ae576aa0b47ec73b59b872f0e8fe7d7a99d10ac1066
Tags
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

11af4d0910b1a46671357ae576aa0b47ec73b59b872f0e8fe7d7a99d10ac1066

Threat Level: Shows suspicious behavior

The file a60c7a35ed3d46a30e71bd3e1aaa95d2_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary


Requests dangerous framework permissions

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 14:34

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 14:34

Reported

2024-06-13 14:38

Platform

android-x86-arm-20240611.1-en

Max time kernel

3s

Max time network

140s

Command Line

com.wri.oveoracel

Signatures

N/A

Processes

com.wri.oveoracel

getprop ro.product.cpu.abi

Network

Country Destination Domain Proto
GB 142.250.180.14:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 android.apis.google.com tcp

Files

/data/data/com.wri.oveoracel/.sec_version

MD5 1cfd8078296e19648eddc4cfafa57bae
SHA1 fe36c7b9ce78edcbdef742dc7f1a0068f5a225a8
SHA256 e446656af7e9f607ee9a042ff1c5de2bc9ec7eefdbb220d16578d1adb0f85a0f
SHA512 98142b1996ddba99d8c2797d7f3b4503a0255249d1469a22b113b99d029f96f4f21fc8b419641910cb4068ab28870a5b2b9c7a6cd488c32e327cf34978838862

/data/data/com.wri.oveoracel/.cache/com.wri.oveoracel

MD5 882a0d9f169ca030493a4a6b5d101424
SHA1 078ac5ab0a887acf662c431b3a5445e7411c8808
SHA256 e58021db05523d3fab90b907d1a6114f4ec9ab0293a1054ca22cff3f01ddcd7d
SHA512 4d9d6c94f47de49fdfec2ee1a50709bc5d1843f960657d56c69dea22d56572aafb1cd31db5427f07d624bf1a2dbed0bea616da30d0b0f861adf4d197dda4bfd6

/data/data/com.wri.oveoracel/.cache/libsecexe.x86.so

MD5 c001f271492100ea4cf86eccb1ad4624
SHA1 c69d8bfad5835a293d7e5a086849914815a4b284
SHA256 06e18245e1801245f8606190af5d0b87ad971a88c9bbf23cae15e373a5258b04
SHA512 33db6f96dbc3f0dd06a6417820f2556a7c845969c56b416e4fa4a6ac09cbc2b264395d0044034a7f2e831062eafec21bf1c486cc7305c6a3fc3b4dabdcb8f939

/data/data/com.wri.oveoracel/.cache/libsecmain.x86.so

MD5 7dee3d1eff77bc705e237a008aeb78d2
SHA1 b57e1d7f610c8b2b2e17d232473b310f416dd82d
SHA256 493970745b76d1e09eaa731cde2a256583a07c254625b61f6b060306a3019c30
SHA512 6713307fc0d722f8dcd18e85f1a499195bab2e4ba700a01deaf78ad0c2468b957ff3e75096eaaad495215b2a3df5d8fc4d79ec06216c5fd349e42348dca1bd95

/data/data/com.wri.oveoracel/.cache/libsecpreload.x86.so

MD5 56c40fb2ff603b96ebbc854cd102579e
SHA1 6f0c52aacaf55c1eacc27b88132116112bda1446
SHA256 f331a9932fc1215fdf83ab19b99f1832f1adddea8a766a5b608f703a155811fb
SHA512 05967b436de7a979aae88d0a2c31a85ec440cb9245bee9e623f18b07c0109698e7bc31d92f01a6596528672715ffa092c5586db733110344d6509d6f9bd68592