Malware Analysis Report

2024-10-19 13:26

Sample ID 240614-g8p7qascnq
Target a8555e639508c0f2efef0243247764c4_JaffaCakes118
SHA256 98ff9c755f0946962c61c1ae902f4b3953dc424efbc49ec3380511fee8bd2ebd
Tags
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

98ff9c755f0946962c61c1ae902f4b3953dc424efbc49ec3380511fee8bd2ebd

Threat Level: Shows suspicious behavior

The file a8555e639508c0f2efef0243247764c4_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary


Requests dangerous framework permissions

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 06:28

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 06:28

Reported

2024-06-14 06:32

Platform

android-x86-arm-20240611.1-en

Max time kernel

3s

Max time network

131s

Command Line

com.sg.hlw

Signatures

N/A

Processes

com.sg.hlw

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.213.14:443 android.apis.google.com tcp

Files

/data/data/com.sg.hlw/files/libmegbpp_03.01.00_01.so

MD5 411447aa1af1471d6ca90cb73d16dadd
SHA1 ed03f8caee6db81fe7e642f63c7e8908cba6d598
SHA256 d95fb41019e46e8456cf03c5a9a0eb83e771f5bc4eaa6de9c174bfc494e90a33
SHA512 1ba70900809e0cdfb2bf3d4e6dfc0ffaa23cfa12e4a28f8e354108d642934e775d1f32238e99e138721cbb21a11fc9cf5dbf2a38372780ac40f8b6af77083802

/data/data/com.sg.hlw/files/d_data_store.dat

MD5 6ead91e9c42e62446ef89564ffe46982
SHA1 c84d85434d1f482bd0d0eaa80ec739c13a344760
SHA256 f08b60a6467f158fa14b9e86678d41ffba89c58089259b444dd173a5c4eceac5
SHA512 bc4a548b5a8ff336b7687a0fba70f1fc697c89d0972fe91e11566f216f00de6538998d4e6792cd30ad0643c9af071c8324e25220312a16db9e72c4b8a46cf724

/data/data/com.sg.hlw/files/iridver.dat

MD5 fcc2456b50e07751060b7b9353f0071c
SHA1 bf098c4bd293fc7332dd1e19f3b034b7dd2eea82
SHA256 eeef17fa7edb02decbeec35d1844ab3d3d8d0dd6e633adbb5af3fa9d758fd14d
SHA512 85e014955fef7abad1dd80dcd07f03ce31e578159143c4f2171a9b0a427ec8842d3afd229eac0a3f55eb22af69143d9a40772ea9d5ccc9b836c56b056ec5f119

/data/data/com.sg.hlw/files/tmp/c_data_store.dat

MD5 483feb0b7bf6daafa830b19c55b6fb8c
SHA1 80515d36797692057165989307c6ff8fe3216a0d
SHA256 a6e049d12590ace37ba86dac8067c8b989009b9a1b3f752b3ebdf529a502f3a3
SHA512 2fa7c56396b313d013d0d4902a24aa4082efdb36f32e743234471e92c298885e8b775fcabe8d7ed7eb482c322c2926abea577c8d35b2fc29f2bf8f2608e355d0

/data/data/com.sg.hlw/files/tmp/AndGame.Sdk.Lib_20150_86098B59D437DE14494674358197AAEA.dat

MD5 86098b59d437de14494674358197aaea
SHA1 815f17554d45f834c613640bcbf99ba4e245f110
SHA256 d7972f0b375427ebb84d3143143959c5d2d5dfcc4a4821fdd2b0a604cd744e7f
SHA512 0c8823b60fc81a4d403e9042ccbb52efe6304b0f1a42afa4674249ee1ec5305ca4f27b20cbaf6f3705cb127fd5cbbf57fa8d7f6c0de852a5ef9032095f8d9319

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 06:28

Reported

2024-06-14 06:29

Platform

android-33-x64-arm64-20240611.1-en

Max time network

7s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 172.217.16.228:443 udp
GB 172.217.16.228:443 udp
BE 173.194.76.188:5228 tcp
GB 216.58.212.196:443 tcp
N/A 224.0.0.251:5353 udp
GB 142.250.187.202:443 udp
GB 142.250.187.202:443 tcp

Files

N/A