Analysis Overview
SHA256
98ff9c755f0946962c61c1ae902f4b3953dc424efbc49ec3380511fee8bd2ebd
Threat Level: Shows suspicious behavior
The file a8555e639508c0f2efef0243247764c4_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Requests dangerous framework permissions
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-06-14 06:28
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
| Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. | android.permission.SYSTEM_ALERT_WINDOW | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-14 06:28
Reported
2024-06-14 06:32
Platform
android-x86-arm-20240611.1-en
Max time kernel
3s
Max time network
131s
Command Line
Signatures
Processes
com.sg.hlw
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.204.78:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.213.14:443 | android.apis.google.com | tcp |
Files
/data/data/com.sg.hlw/files/libmegbpp_03.01.00_01.so
| MD5 | 411447aa1af1471d6ca90cb73d16dadd |
| SHA1 | ed03f8caee6db81fe7e642f63c7e8908cba6d598 |
| SHA256 | d95fb41019e46e8456cf03c5a9a0eb83e771f5bc4eaa6de9c174bfc494e90a33 |
| SHA512 | 1ba70900809e0cdfb2bf3d4e6dfc0ffaa23cfa12e4a28f8e354108d642934e775d1f32238e99e138721cbb21a11fc9cf5dbf2a38372780ac40f8b6af77083802 |
/data/data/com.sg.hlw/files/d_data_store.dat
| MD5 | 6ead91e9c42e62446ef89564ffe46982 |
| SHA1 | c84d85434d1f482bd0d0eaa80ec739c13a344760 |
| SHA256 | f08b60a6467f158fa14b9e86678d41ffba89c58089259b444dd173a5c4eceac5 |
| SHA512 | bc4a548b5a8ff336b7687a0fba70f1fc697c89d0972fe91e11566f216f00de6538998d4e6792cd30ad0643c9af071c8324e25220312a16db9e72c4b8a46cf724 |
/data/data/com.sg.hlw/files/iridver.dat
| MD5 | fcc2456b50e07751060b7b9353f0071c |
| SHA1 | bf098c4bd293fc7332dd1e19f3b034b7dd2eea82 |
| SHA256 | eeef17fa7edb02decbeec35d1844ab3d3d8d0dd6e633adbb5af3fa9d758fd14d |
| SHA512 | 85e014955fef7abad1dd80dcd07f03ce31e578159143c4f2171a9b0a427ec8842d3afd229eac0a3f55eb22af69143d9a40772ea9d5ccc9b836c56b056ec5f119 |
/data/data/com.sg.hlw/files/tmp/c_data_store.dat
| MD5 | 483feb0b7bf6daafa830b19c55b6fb8c |
| SHA1 | 80515d36797692057165989307c6ff8fe3216a0d |
| SHA256 | a6e049d12590ace37ba86dac8067c8b989009b9a1b3f752b3ebdf529a502f3a3 |
| SHA512 | 2fa7c56396b313d013d0d4902a24aa4082efdb36f32e743234471e92c298885e8b775fcabe8d7ed7eb482c322c2926abea577c8d35b2fc29f2bf8f2608e355d0 |
/data/data/com.sg.hlw/files/tmp/AndGame.Sdk.Lib_20150_86098B59D437DE14494674358197AAEA.dat
| MD5 | 86098b59d437de14494674358197aaea |
| SHA1 | 815f17554d45f834c613640bcbf99ba4e245f110 |
| SHA256 | d7972f0b375427ebb84d3143143959c5d2d5dfcc4a4821fdd2b0a604cd744e7f |
| SHA512 | 0c8823b60fc81a4d403e9042ccbb52efe6304b0f1a42afa4674249ee1ec5305ca4f27b20cbaf6f3705cb127fd5cbbf57fa8d7f6c0de852a5ef9032095f8d9319 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-14 06:28
Reported
2024-06-14 06:29
Platform
android-33-x64-arm64-20240611.1-en
Max time network
7s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| GB | 172.217.16.228:443 | udp | |
| GB | 172.217.16.228:443 | udp | |
| BE | 173.194.76.188:5228 | tcp | |
| GB | 216.58.212.196:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.202:443 | udp | |
| GB | 142.250.187.202:443 | tcp |