Analysis Overview
SHA256
46626bca00d0c9fcb59531ba8090ed781de0c9fbdc3301255d79199568ca27e2
Threat Level: Shows suspicious behavior
The file a7b3c375ad11f966d0281e09e2df6ef1_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Loads dropped Dex/Jar
Queries information about running processes on the device
Requests dangerous framework permissions
Uses Crypto APIs (Might try to encrypt user data)
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-06-14 02:21
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to collect component usage statistics. | android.permission.PACKAGE_USAGE_STATS | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows an application to access data from sensors that the user uses to measure what is happening inside their body, such as heart rate. | android.permission.BODY_SENSORS | N/A | N/A |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
| Required to be able to access the camera device. | android.permission.CAMERA | N/A | N/A |
| Allows access to the list of accounts in the Accounts Service. | android.permission.GET_ACCOUNTS | N/A | N/A |
| Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. | android.permission.PROCESS_OUTGOING_CALLS | N/A | N/A |
| Allows an application to read the user's calendar data. | android.permission.READ_CALENDAR | N/A | N/A |
| Allows an application to read the user's call log. | android.permission.READ_CALL_LOG | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an application to monitor incoming MMS messages. | android.permission.RECEIVE_MMS | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows an application to receive WAP push messages. | android.permission.RECEIVE_WAP_PUSH | N/A | N/A |
| Allows an application to record audio. | android.permission.RECORD_AUDIO | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. | android.permission.SYSTEM_ALERT_WINDOW | N/A | N/A |
| Allows an application to use SIP service. | android.permission.USE_SIP | N/A | N/A |
| Allows an application to write the user's calendar data. | android.permission.WRITE_CALENDAR | N/A | N/A |
| Allows an application to write and read the user's call log data. | android.permission.WRITE_CALL_LOG | N/A | N/A |
| Allows an application to write the user's contacts data. | android.permission.WRITE_CONTACTS | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read or write the system settings. | android.permission.WRITE_SETTINGS | N/A | N/A |
| Allows an application to add voicemails into the system. | com.android.voicemail.permission.ADD_VOICEMAIL | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-14 02:21
Reported
2024-06-14 02:24
Platform
android-x86-arm-20240611.1-en
Max time kernel
8s
Max time network
138s
Command Line
Signatures
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/AbV.SkOn.CP.hhyS/app_zip/classes.jar | N/A | N/A |
Queries information about running processes on the device
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
AbV.SkOn.CP.hhyS
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| GB | 142.250.187.234:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 216.58.212.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
Files
/data/data/AbV.SkOn.CP.hhyS/app_libs/dxk
| MD5 | cb10a704ed9202f8c4901ebf1978689b |
| SHA1 | f1bb8dec89f438cd88802d647c84699c9e54145c |
| SHA256 | 68d911ddff0e2e63a848d7e57ceca5d215e24eb15d1ec2163458e839c2ee3972 |
| SHA512 | 73c0b273fa6ee8f20512ad6c4e2a7e92d8e069ef1f762dff6e23ae9bbf25efdbeb5011d680f31b633fe3872520d0dea5991696bd16c6b91c9582826b630b3c29 |
/data/data/AbV.SkOn.CP.hhyS/app_libs/0dxk
| MD5 | 9d8e858d22b096977d0ed46fb341db5d |
| SHA1 | 5e16cd6a28f2ace030d6236fa3df6ba61e232033 |
| SHA256 | 98f103eee4d18ec0aab9d4371705bdb7c4d5da9c70fabd22954d4cc998d64861 |
| SHA512 | 6afb43d27ed9219fdd89ddd5cfc5e0966827d732c4de7a90a057418a281da14b137cd1ef864d3cb9f68d1dd09fee5d0aeb668148218f309a5a926d2c3ee85276 |
/data/data/AbV.SkOn.CP.hhyS/app_libs/1dxk
| MD5 | 78a360c89c18e6b1de0f927e3afa8ee8 |
| SHA1 | b266a4b8c2cbb3ce9ae5ecdca3cff96ae5b91303 |
| SHA256 | 1cd988d170e566d2a8f9031b0b2a74fd2804adc655cb55b4d1578016779caab4 |
| SHA512 | af7f96e36c3a0c70f74ac106c71242bc852272d5d2a218e47ec3ebc89b3f33f2e026b28a12116f06c8ba38afb39d9da4e6810c4868c4c031f0d303bc010c00b7 |
/data/data/AbV.SkOn.CP.hhyS/app_zip/classes.jar
| MD5 | a46e0b2fb0dec0988af9ded872aa8dca |
| SHA1 | 251c18e3db0c0cbe6baf0a1959cc6b3fb3449f7b |
| SHA256 | 7bc3078097c5412201fc71a3009e5b055c1125da545c3785e5ccde73dce95287 |
| SHA512 | a98517fbcec57b28bc0881c1065e0c58f58bd4f6cf4c5626cca72ca081aae19da521a14c5d4366fa52c0474248688534f7068b582d1c6c0010995b4c411ea463 |
/data/data/AbV.SkOn.CP.hhyS/app_zip/libus.so
| MD5 | fff687bdc31f27ade317dff0acfa761f |
| SHA1 | 7f872819933f82e68321368b937f3a1b16ddabd6 |
| SHA256 | 34e8f6a966e97b187f4e778e09213138f13aa25a4956f447daace8a9574c4505 |
| SHA512 | 3a01733a370737c9a7561a1d8d5d33060b71fa9b8fc7ad08064408b69d1169d9c2885c47e4aef12939446df6c2541fd3ba570b22db9d0d12cfe7c4ddcf5bd94e |
/data/user/0/AbV.SkOn.CP.hhyS/app_zip/classes.jar
| MD5 | 6e8da636fbbef5dcd1c042082dceb927 |
| SHA1 | f30151005964df29931e661ab4223dc79e8650a8 |
| SHA256 | 7c48eeef47f44a4dcb119c12aa17734c53bf085b3b04861afd51639e767375e1 |
| SHA512 | 593c4d2eaebf9bcb5ebaee72e0ac65ff3b1e2f8ebc25c3788d5ba666678ffa1c27ca28337e36c5acaf478105c19f995fd06ce60dc1b4eab758ca2234a40b91b8 |
/data/data/AbV.SkOn.CP.hhyS/files/K
| MD5 | d4d4175b1303f8a41112c727517b8f8a |
| SHA1 | e9ca472b2895e4648e29dd767465e76e0426f6f9 |
| SHA256 | 58a4ef238c26ce5b723445bf05081a501f5fcdfbe0ec20a345f09a21315b9342 |
| SHA512 | 5b1b0a9550a5a6b0f975a7ed7e2c494c8930623dde516ba10789fcf743886d0f079cfbd1ccc8c0caf2c0137607a0c66edc31e96627401a05f67d03cd2ac6a208 |
/data/data/AbV.SkOn.CP.hhyS/files/0K
| MD5 | 2463c3ebdf0953755494edcdb499db57 |
| SHA1 | e25500dc163917e009e533bbf1868577b89925f9 |
| SHA256 | 7e2cb81b6ad52d3adcfe906fd2862681bd818c315b3360d0776c6fe27b927c0e |
| SHA512 | eebe00c6b76556ba415be9f6e256c6b1115f107d1d5a15d449f4ba3e5de929d50efdffa8f4d9aa424fc55898c506dfa4808d35292aa81fba4eaa98a204d704bb |
/data/data/AbV.SkOn.CP.hhyS/files/1K
| MD5 | c050471b3a609142896cad857574e6b4 |
| SHA1 | 67c44a478fb72925f7773e80fa81ad3ff632c77f |
| SHA256 | 6b245493775fa702ec22fc8e3877b21910e029f6b09f4d6bc679d99fb213d2bf |
| SHA512 | 197ed827531d1a0b51836c7b277fd5ff6916ae98b4b82e6d5b0260f653420f25d34c4174795ed99876ae891817049680a50e69aba12f105b29b6531136b74d0a |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-14 02:21
Reported
2024-06-14 02:21
Platform
android-33-x64-arm64-20240611.1-en
Max time network
7s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| GB | 172.217.16.228:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 172.217.169.68:443 | udp | |
| GB | 172.217.169.68:443 | tcp | |
| GB | 172.217.169.68:443 | tcp |