Malware Analysis Report

2024-07-28 14:32

Sample ID 240613-sagcpstcnd
Target a620f216f7b66c151719bac3e48043df_JaffaCakes118
SHA256 39f49912fb538cf0583215466410e96005bbb199c28478d19be43acbbccda74f
Tags
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

39f49912fb538cf0583215466410e96005bbb199c28478d19be43acbbccda74f

Threat Level: Shows suspicious behavior

The file a620f216f7b66c151719bac3e48043df_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary


Requests dangerous framework permissions

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 14:55

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 14:55

Reported

2024-06-13 14:58

Platform

android-x86-arm-20240611.1-en

Max time kernel

2s

Max time network

131s

Command Line

me.rb6c2c.x2c96

Signatures

N/A

Processes

me.rb6c2c.x2c96

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp
GB 216.58.212.202:443 tcp

Files

/data/data/me.rb6c2c.x2c96/.jiagu/libjiagu.so

MD5 2bb2049dc55895549bac130b2263cbe2
SHA1 88b75690c61878f638056f8dc3adfbbc91b92400
SHA256 51dda3791e1fb270f2812564c3e5611d051423414e14f2c0f20d0b134f18673c
SHA512 85c65e5e918e656fe66a2b20ff5bf71cf5e36564648dcd711fa2886af3a0f5055ed4978e99e357104c4c1cd6d56e4691a651fe29380916b7995f76de125ada2a

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 14:55

Reported

2024-06-13 14:55

Platform

android-33-x64-arm64-20240611.1-en

Max time network

8s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 172.217.169.36:443 udp
GB 172.217.169.36:443 tcp
BE 173.194.76.188:5228 tcp
GB 172.217.16.228:443 tcp
GB 172.217.16.234:443 udp
GB 216.58.201.106:443 tcp
GB 172.217.16.234:443 tcp
N/A 224.0.0.251:5353 udp

Files

N/A