Analysis Overview
SHA256
5cede14353a95fe58b868f87d9e16ee64f5fcbabb3119ffdf75cd6001f9352b0
Threat Level: Shows suspicious behavior
The file a774c64d80ae504daafad64cb819bb03_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Obtains sensitive information copied to the device clipboard
Loads dropped Dex/Jar
Declares broadcast receivers with permission to handle system events
Queries information about active data network
Queries the mobile country code (MCC)
Requests dangerous framework permissions
Registers a broadcast receiver at runtime (usually for listening for system events)
Checks memory information
Checks CPU information
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-06-14 01:05
Signatures
Declares broadcast receivers with permission to handle system events
| Description | Indicator | Process | Target |
| Required by device admin receivers to bind with the system. Allows apps to manage device administration features. | android.permission.BIND_DEVICE_ADMIN | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-14 01:05
Reported
2024-06-14 01:08
Platform
android-x86-arm-20240611.1-en
Max time kernel
178s
Max time network
149s
Command Line
Signatures
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.ajt.abuddhifymindfulnesstogot.npqeyj.abuddhifymindfulnesstogo/app_app_apk/abuddhifymindfulnesstogo.dat.jar | N/A | N/A |
| N/A | /data/user/0/com.ajt.abuddhifymindfulnesstogot.npqeyj.abuddhifymindfulnesstogo/app_app_apk/abuddhifymindfulnesstogo.dat.jar | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.ajt.abuddhifymindfulnesstogot.npqeyj.abuddhifymindfulnesstogo
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.ajt.abuddhifymindfulnesstogot.npqeyj.abuddhifymindfulnesstogo/app_app_apk/abuddhifymindfulnesstogo.dat.jar --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.ajt.abuddhifymindfulnesstogot.npqeyj.abuddhifymindfulnesstogo/app_app_apk/oat/x86/abuddhifymindfulnesstogo.dat.odex --compiler-filter=quicken --class-loader-context=&
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | zzwx.ru | udp |
| DE | 185.53.178.7:80 | zzwx.ru | tcp |
| DE | 185.53.178.7:80 | zzwx.ru | tcp |
| US | 1.1.1.1:53 | api.tridrongo.info | udp |
| US | 172.67.161.129:443 | api.tridrongo.info | tcp |
| US | 1.1.1.1:53 | data.flurry.com | udp |
| US | 74.6.138.67:443 | data.flurry.com | tcp |
| US | 1.1.1.1:53 | c.parkingcrew.net | udp |
| US | 1.1.1.1:53 | d38psrni17bvxu.cloudfront.net | udp |
| DE | 185.53.178.30:80 | c.parkingcrew.net | tcp |
| GB | 99.86.249.202:80 | d38psrni17bvxu.cloudfront.net | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 216.58.213.4:80 | www.google.com | tcp |
| US | 1.1.1.1:53 | partner.googleadservices.com | udp |
| GB | 142.250.180.2:443 | partner.googleadservices.com | tcp |
| US | 1.1.1.1:53 | www.adsensecustomsearchads.com | udp |
| GB | 216.58.213.14:443 | www.adsensecustomsearchads.com | tcp |
| US | 1.1.1.1:53 | afs.googleusercontent.com | udp |
| GB | 216.58.201.97:443 | afs.googleusercontent.com | tcp |
| GB | 216.58.201.97:443 | afs.googleusercontent.com | tcp |
| US | 172.67.161.129:443 | api.tridrongo.info | tcp |
| US | 172.67.161.129:443 | api.tridrongo.info | tcp |
| GB | 142.250.187.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.46:443 | android.apis.google.com | tcp |
Files
/data/data/com.ajt.abuddhifymindfulnesstogot.npqeyj.abuddhifymindfulnesstogo/app_app_apk/abuddhifymindfulnesstogo.dat.jar
| MD5 | 9c31c3705f39733829d8a0df10a28b9b |
| SHA1 | 35c36165ddeb2729c264da42c8608fa6af0deb41 |
| SHA256 | 32f9a25a95a9c3fac4990a63065ff906e533e5dc2a329260c23c6d066f6fc617 |
| SHA512 | 6f278eee76fe9b8dbb7b068079490b152dd22b665be31e55fe7f719bab60979cc3aaf1cfb747bcaa4e56fdd777335b069837db6e570799c44e14f3e8cecce218 |
/data/user/0/com.ajt.abuddhifymindfulnesstogot.npqeyj.abuddhifymindfulnesstogo/app_app_apk/abuddhifymindfulnesstogo.dat.jar
| MD5 | 79a253363e7b318eeef0ce07bf11e2b6 |
| SHA1 | a1d6052d17bb9f4e147414418ca5c9e9a62f0726 |
| SHA256 | 5356fb52ce6d7a7a09d25a443dd894093444bc83b4be147a856ace1a122fefaa |
| SHA512 | 45ddfea8b919ece45612646a39b91338be7bdb63ef054039abcfe90f958915eb7c0bc6353ff5744144a2285ae6cdf5c8127d6b669e9577ef8da6299c8ee39442 |
/data/user/0/com.ajt.abuddhifymindfulnesstogot.npqeyj.abuddhifymindfulnesstogo/app_app_apk/abuddhifymindfulnesstogo.dat.jar
| MD5 | 4a1b548663d2bb20a34976c20f4c2a1f |
| SHA1 | 33603ae27703e743e00048167414d0391c49d4ac |
| SHA256 | 6e79bcdf778b78226bf2d27d4f9aa44ae8d77deddb3a432d4b730e6e90f17fd9 |
| SHA512 | baa7a6dd4c4440fffc9458555f8a9c0c836f19e97a74ffeef0d6cdb9d39f310557d0ea606002783d5a5eda0e75faead380d1eb916efd6c365fd1098693dd188e |
/data/data/com.ajt.abuddhifymindfulnesstogot.npqeyj.abuddhifymindfulnesstogo/files/.yflurrydatasenderblock.b43d692f-144f-4e81-8500-f642ae87859e
| MD5 | dc7900efbfdee5273bd90297189695c0 |
| SHA1 | 7114793509ae99b8ec31a12d2960d967797005d5 |
| SHA256 | ad0297017a73ed14c0185226b0200ddd9a2cb9a8672d8ed7e595c741a6e95cc1 |
| SHA512 | 32aa607c1aff337ddc105be804d1ec9abb80b1acd284251d1906aac56bb7ed2121febcd9cc7d33b20683481fdc634467be9543a7505605ea6b8e3bd1632135fe |
/data/data/com.ajt.abuddhifymindfulnesstogot.npqeyj.abuddhifymindfulnesstogo/files/.YFlurrySenderIndex.info.AnalyticsData_K69G95JC7T5MMWGF62XJ_228
| MD5 | d299e8814be589d157aad2e857b6da32 |
| SHA1 | 35fc4b79de5763fbd09da8740966cf858930f65c |
| SHA256 | ba3192baac481abf7cd23f4889bea7198c0fe58b77ecf2dbefc33f0c183b735f |
| SHA512 | 0b8019178ef04723d15228e0bbca396dbb6e1917cf051b7e60e8b66f34d9c95993e59240ff8f44b10612aa87581f36995e5269ee691472df46710547f0cbfde1 |
/data/data/com.ajt.abuddhifymindfulnesstogot.npqeyj.abuddhifymindfulnesstogo/files/.YFlurrySenderIndex.info.AnalyticsMain
| MD5 | c83cb890fa8acf1042b3ebfd4c1431d7 |
| SHA1 | cd7bf7c86064e2194e70bf4432d3153fc2e3bf08 |
| SHA256 | 2ecf1acfd0cfe851ddb3cfdb529d7b2bceebe3296401bfa76c5e124e84134f10 |
| SHA512 | 65317c818c7a4b0546a2be2368b8aa2d6703cc183cab62e40537991606aa548636c88fe5598fd72ac7aa670c92792a303f47daa9723fe5a18fb651c547a7da68 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-14 01:05
Reported
2024-06-14 01:08
Platform
android-33-x64-arm64-20240611.1-en
Max time kernel
179s
Max time network
170s
Command Line
Signatures
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.ajt.abuddhifymindfulnesstogot.npqeyj.abuddhifymindfulnesstogo/app_app_apk/abuddhifymindfulnesstogo.dat.jar | N/A | N/A |
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.ajt.abuddhifymindfulnesstogot.npqeyj.abuddhifymindfulnesstogo
Network
| Country | Destination | Domain | Proto |
| GB | 172.217.169.36:443 | udp | |
| GB | 172.217.169.36:443 | udp | |
| BE | 173.194.76.188:5228 | tcp | |
| GB | 172.217.16.228:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | zzwx.ru | udp |
| DE | 185.53.178.7:80 | zzwx.ru | tcp |
| DE | 185.53.178.7:80 | zzwx.ru | tcp |
| US | 1.1.1.1:53 | c.parkingcrew.net | udp |
| US | 1.1.1.1:53 | d38psrni17bvxu.cloudfront.net | udp |
| GB | 99.86.249.202:80 | d38psrni17bvxu.cloudfront.net | tcp |
| US | 1.1.1.1:53 | api.tridrongo.info | udp |
| US | 1.1.1.1:53 | data.flurry.com | udp |
| US | 104.21.66.157:443 | api.tridrongo.info | tcp |
| US | 74.6.138.67:443 | data.flurry.com | tcp |
| US | 104.21.66.157:443 | api.tridrongo.info | tcp |
| DE | 185.53.178.30:80 | c.parkingcrew.net | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| US | 104.21.66.157:443 | api.tridrongo.info | tcp |
| GB | 216.58.204.68:80 | www.google.com | tcp |
| US | 1.1.1.1:53 | partner.googleadservices.com | udp |
| GB | 142.250.200.2:443 | partner.googleadservices.com | tcp |
| US | 1.1.1.1:53 | www.adsensecustomsearchads.com | udp |
| GB | 142.250.180.14:443 | www.adsensecustomsearchads.com | tcp |
| GB | 142.250.200.2:443 | partner.googleadservices.com | tcp |
| GB | 142.250.180.14:443 | www.adsensecustomsearchads.com | udp |
| US | 1.1.1.1:53 | afs.googleusercontent.com | udp |
| GB | 142.250.200.33:443 | afs.googleusercontent.com | tcp |
| GB | 142.250.200.33:443 | afs.googleusercontent.com | tcp |
| US | 162.159.61.3:443 | tcp | |
| US | 162.159.61.3:443 | tcp | |
| GB | 142.250.187.227:443 | tcp | |
| US | 162.159.61.3:443 | udp | |
| GB | 142.250.187.227:443 | udp | |
| GB | 172.217.169.36:443 | udp | |
| GB | 216.58.212.195:443 | tcp | |
| GB | 142.250.179.228:443 | tcp |
Files
/data/user/0/com.ajt.abuddhifymindfulnesstogot.npqeyj.abuddhifymindfulnesstogo/app_app_apk/abuddhifymindfulnesstogo.dat.jar
| MD5 | 9c31c3705f39733829d8a0df10a28b9b |
| SHA1 | 35c36165ddeb2729c264da42c8608fa6af0deb41 |
| SHA256 | 32f9a25a95a9c3fac4990a63065ff906e533e5dc2a329260c23c6d066f6fc617 |
| SHA512 | 6f278eee76fe9b8dbb7b068079490b152dd22b665be31e55fe7f719bab60979cc3aaf1cfb747bcaa4e56fdd777335b069837db6e570799c44e14f3e8cecce218 |
/data/user/0/com.ajt.abuddhifymindfulnesstogot.npqeyj.abuddhifymindfulnesstogo/app_app_apk/abuddhifymindfulnesstogo.dat.jar
| MD5 | 79a253363e7b318eeef0ce07bf11e2b6 |
| SHA1 | a1d6052d17bb9f4e147414418ca5c9e9a62f0726 |
| SHA256 | 5356fb52ce6d7a7a09d25a443dd894093444bc83b4be147a856ace1a122fefaa |
| SHA512 | 45ddfea8b919ece45612646a39b91338be7bdb63ef054039abcfe90f958915eb7c0bc6353ff5744144a2285ae6cdf5c8127d6b669e9577ef8da6299c8ee39442 |
/data/user/0/com.ajt.abuddhifymindfulnesstogot.npqeyj.abuddhifymindfulnesstogo/files/.yflurrydatasenderblock.71803165-5193-4eba-9113-e9d4f0466bd0
| MD5 | 27f7155640829a8940ba0c1281345a6a |
| SHA1 | 7076095cbcc1181e9342a1222c0208e02ae0592d |
| SHA256 | f2c95f5c8bfb3a8fefe51b245f6a0ca77b61dd6b13638a169a06e02c25f0b62a |
| SHA512 | e5b8dfc8ea83ed1552913a364f1ef5e762adab9fa18962fd2c812bb3c42817b3b04cae38b03139990e0231f1b8383713b4518473d3d7376292179b81af677d4f |
/data/user/0/com.ajt.abuddhifymindfulnesstogot.npqeyj.abuddhifymindfulnesstogo/files/.YFlurrySenderIndex.info.AnalyticsData_K69G95JC7T5MMWGF62XJ_228
| MD5 | 25152747a6925d82b0992046982decbf |
| SHA1 | c98944f66f7fd21cece9a0cb526fea50e116c657 |
| SHA256 | 076b6a450404f53a1ea7649332f539b68dc379450cc9abd483516fb38cf051bb |
| SHA512 | 2a50f2d753f3ae94a86751d9cb8e9c60dc6b68fe02a925da1e44d6e693b686651d0df2e0d148b34d5a3ef639fe5dce99f8b166e99ead944396fd90d5a2f66454 |
/data/user/0/com.ajt.abuddhifymindfulnesstogot.npqeyj.abuddhifymindfulnesstogo/files/.YFlurrySenderIndex.info.AnalyticsMain
| MD5 | c83cb890fa8acf1042b3ebfd4c1431d7 |
| SHA1 | cd7bf7c86064e2194e70bf4432d3153fc2e3bf08 |
| SHA256 | 2ecf1acfd0cfe851ddb3cfdb529d7b2bceebe3296401bfa76c5e124e84134f10 |
| SHA512 | 65317c818c7a4b0546a2be2368b8aa2d6703cc183cab62e40537991606aa548636c88fe5598fd72ac7aa670c92792a303f47daa9723fe5a18fb651c547a7da68 |