Analysis Overview
SHA256
228b9e1879420687660cc13a16f131749ed122c6b767af6469dca96fabdd4fb4
Threat Level: Shows suspicious behavior
The file a774b8fff8d5b16c120efa57ab4c3761_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Loads dropped Dex/Jar
Requests dangerous framework permissions
Queries information about active data network
Registers a broadcast receiver at runtime (usually for listening for system events)
Uses Crypto APIs (Might try to encrypt user data)
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-06-14 01:05
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. | android.permission.SYSTEM_ALERT_WINDOW | N/A | N/A |
| Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. | android.permission.SYSTEM_ALERT_WINDOW | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-14 01:05
Reported
2024-06-14 01:08
Platform
android-x86-arm-20240611.1-en
Max time kernel
3s
Max time network
140s
Command Line
Signatures
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /storage/emulated/0/Android/data/as/cs.zip | N/A | N/A |
| N/A | /storage/emulated/0/Android/data/as/n.zip | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
com.fly.onscreen.as
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.238:443 | android.apis.google.com | tcp |
Files
/storage/emulated/0/Android/data/as/cs.zip
| MD5 | 43574e7f3b6762ca22d4d12e7b2b9bce |
| SHA1 | 6d79ed04b419c2fdcf4d194b52da46f8b5ec9703 |
| SHA256 | e88726fbfaac997b2b87405aa0ffee05d51dce72534d3301a1f8836b355cac7f |
| SHA512 | caf4933468003e8f89073a3dac1607474aae973c3eb8b4e043c1c33efd490bcccda009edcfb0c6816688db72d840421f113469dda0ff51c5e696144276edc3d8 |
/storage/emulated/0/Android/data/as/cs.zip
| MD5 | c0971bb934ab0954928d937820611585 |
| SHA1 | 7b2c660c2c50d6389ff1072025f533e22e533b61 |
| SHA256 | b3ee5d9ac13622f53e441f2b112b00ba5dbc9b931d6d2e7641c0f4073c1a87b0 |
| SHA512 | 606e55e8961d25a7dd5b9d1a8c7d64b58ebf607114c45bcb08df20b49c67742ebba30dd74cc5635c8042ea333f53c1068eeee55f18dd8097547a51a32b6e5a6d |
/data/data/com.fly.onscreen.as/files/e.zip
| MD5 | 307999dee49da263227fbd45b6fd5aef |
| SHA1 | 05334f381bf966f7c58874e6601d17db367886e7 |
| SHA256 | e0f81c86deb313991f302e508cddc7608bd81fd3a923e72bd4a3432f1de9cd91 |
| SHA512 | 5cc49b3a01c8f7b45043bc79404ad96e0f3e38ad46329801f756824dff7f73ac0e9f19a20706fc09d7aa2c60821d8232d8550448743bc37099b1a85c7e8f6a0e |
/storage/emulated/0/Android/data/as/d.txt
| MD5 | fe66a38e012da03515ff1853ad49d383 |
| SHA1 | 5e2b761fd4eea89b9e14670f537822af139ceccd |
| SHA256 | 93468f2b91a2dc84feddcb360fe84559b5f4cc0f92d353cc7bf204b1b3c7ddb7 |
| SHA512 | 4882f06552e5a935a6937b46562c9b0170a47d9af7eb41d7eceb7415f1e4e88b82f160817406305615d39cb2db57c1278c791ceb6271f379c3e3f6bf45d0f74b |
/storage/emulated/0/Android/data/as/n.zip
| MD5 | 7c901bc4a8b2c68b51d0860f7202ca29 |
| SHA1 | 81c0bc5c527163cca3926247a29504ff15c85335 |
| SHA256 | d389df960a4e9f13566e99889b5426c7c12f5d56eef01b4feaa728946f4c8b79 |
| SHA512 | 8c327a3eae55ff3ec2236d3b7f906e1a2a2e78e6500926d88676e218449afd2a9a58aff9bf7fec2eab4a8d0df217cef35ebf32052492bd5ca9625a531079ddad |
/storage/emulated/0/Android/data/as/n.zip
| MD5 | cfa478b0c6a6866addc98a912d1e116b |
| SHA1 | b7fedc7abbd570bcbdd734bc95001f8eaab1ea68 |
| SHA256 | 791310bc82441d77313f03acf08d9c03801c04a203cc1138e222fd0fdb698a16 |
| SHA512 | 636f3105248150c19c9b4ea535e3af8d35b5b7f566a6adba741e0b4caeb825cebea06a9b06b4771ad0e2c525b9c684954bbe882c92f2791b8fc4a681819eae28 |
/storage/emulated/0/Android/data/as/tn.zip
| MD5 | ac0378f7e84b280af6da9d79beafa82f |
| SHA1 | fe2fa79c29fc7e2ffb81404f7d6ef992c800bc8e |
| SHA256 | 37f4b9addf8995174e9184d1f99e7daba1e6fff7fa9b8c37308938b381dc845a |
| SHA512 | ac28deb7dc3aa0a037d67d4c4d16ed9af63a1f530013d3668b05b887e49f6c5aa891c1c614c1982914ee70dc03bcaea28786d14bfc846e0f92e1296a22a2f30c |