Analysis Overview
SHA256
11af4d0910b1a46671357ae576aa0b47ec73b59b872f0e8fe7d7a99d10ac1066
Threat Level: Shows suspicious behavior
The file a60c7a35ed3d46a30e71bd3e1aaa95d2_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Requests dangerous framework permissions
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-06-13 14:34
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows access to the list of accounts in the Accounts Service. | android.permission.GET_ACCOUNTS | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 14:34
Reported
2024-06-13 14:38
Platform
android-x86-arm-20240611.1-en
Max time kernel
3s
Max time network
140s
Command Line
Signatures
Processes
com.wri.oveoracel
getprop ro.product.cpu.abi
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.180.14:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.179.238:443 | android.apis.google.com | tcp |
Files
/data/data/com.wri.oveoracel/.sec_version
| MD5 | 1cfd8078296e19648eddc4cfafa57bae |
| SHA1 | fe36c7b9ce78edcbdef742dc7f1a0068f5a225a8 |
| SHA256 | e446656af7e9f607ee9a042ff1c5de2bc9ec7eefdbb220d16578d1adb0f85a0f |
| SHA512 | 98142b1996ddba99d8c2797d7f3b4503a0255249d1469a22b113b99d029f96f4f21fc8b419641910cb4068ab28870a5b2b9c7a6cd488c32e327cf34978838862 |
/data/data/com.wri.oveoracel/.cache/com.wri.oveoracel
| MD5 | 882a0d9f169ca030493a4a6b5d101424 |
| SHA1 | 078ac5ab0a887acf662c431b3a5445e7411c8808 |
| SHA256 | e58021db05523d3fab90b907d1a6114f4ec9ab0293a1054ca22cff3f01ddcd7d |
| SHA512 | 4d9d6c94f47de49fdfec2ee1a50709bc5d1843f960657d56c69dea22d56572aafb1cd31db5427f07d624bf1a2dbed0bea616da30d0b0f861adf4d197dda4bfd6 |
/data/data/com.wri.oveoracel/.cache/libsecexe.x86.so
| MD5 | c001f271492100ea4cf86eccb1ad4624 |
| SHA1 | c69d8bfad5835a293d7e5a086849914815a4b284 |
| SHA256 | 06e18245e1801245f8606190af5d0b87ad971a88c9bbf23cae15e373a5258b04 |
| SHA512 | 33db6f96dbc3f0dd06a6417820f2556a7c845969c56b416e4fa4a6ac09cbc2b264395d0044034a7f2e831062eafec21bf1c486cc7305c6a3fc3b4dabdcb8f939 |
/data/data/com.wri.oveoracel/.cache/libsecmain.x86.so
| MD5 | 7dee3d1eff77bc705e237a008aeb78d2 |
| SHA1 | b57e1d7f610c8b2b2e17d232473b310f416dd82d |
| SHA256 | 493970745b76d1e09eaa731cde2a256583a07c254625b61f6b060306a3019c30 |
| SHA512 | 6713307fc0d722f8dcd18e85f1a499195bab2e4ba700a01deaf78ad0c2468b957ff3e75096eaaad495215b2a3df5d8fc4d79ec06216c5fd349e42348dca1bd95 |
/data/data/com.wri.oveoracel/.cache/libsecpreload.x86.so
| MD5 | 56c40fb2ff603b96ebbc854cd102579e |
| SHA1 | 6f0c52aacaf55c1eacc27b88132116112bda1446 |
| SHA256 | f331a9932fc1215fdf83ab19b99f1832f1adddea8a766a5b608f703a155811fb |
| SHA512 | 05967b436de7a979aae88d0a2c31a85ec440cb9245bee9e623f18b07c0109698e7bc31d92f01a6596528672715ffa092c5586db733110344d6509d6f9bd68592 |