Malware Analysis Report

2024-10-19 13:26

Sample ID 240614-h683gszdpd
Target a880085c6ce4248eea62271ca992d159_JaffaCakes118
SHA256 5c1d7b64d2c26359741cc62bf4efa16afc4a570cb94e10ec899db20dcd00bd02
Tags
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

5c1d7b64d2c26359741cc62bf4efa16afc4a570cb94e10ec899db20dcd00bd02

Threat Level: Shows suspicious behavior

The file a880085c6ce4248eea62271ca992d159_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary


Requests dangerous framework permissions

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 07:22

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 07:22

Reported

2024-06-14 07:25

Platform

android-x86-arm-20240611.1-en

Max time kernel

2s

Max time network

138s

Command Line

com.rainstudio.shoppinggirl

Signatures

N/A

Processes

com.rainstudio.shoppinggirl

getprop ro.product.cpu.abi

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.212.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.206:443 android.apis.google.com tcp

Files

/data/data/com.rainstudio.shoppinggirl/.lib/libexec.so

MD5 d0c028c8b10466973910416c1988ebb0
SHA1 23b3c587b839869ab559d20f6d41f7f3775311d3
SHA256 794ee8866f2d4954eed59dbdab5cb7275fea98ea1ffe57919cc2fb42c114ae40
SHA512 98014abb0d5dc615c65e9027b58080623385bb3330d8423e21412eb606a7efb25447b72404460eac76c4607a1aeb7df6384ace8c17cdbf4afc4be3f89f6452d6

/data/data/com.rainstudio.shoppinggirl/.lib/libexecmain.so

MD5 5b66d236f06f88fd83811a5445bd97c5
SHA1 fd05685354bb87724db9c469d578d5a0766540ff
SHA256 62876ec0f5e24f220d291751b3ad99fa1090fe8066a1ffc4dd3c38669dde24b8
SHA512 2bb097f4040312d63700a3312d88c2d515867e4fa533b21b9b9ed20efb23f8beac6101b31fb842411ce34563567aeb8bfaeeb79b6afc9d965ea40b25b6bf063a

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 07:22

Reported

2024-06-14 07:22

Platform

android-x86-arm-20240611.1-en

Max time network

4s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-14 07:22

Reported

2024-06-14 07:22

Platform

android-x64-20240611.1-en

Max time network

5s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-14 07:22

Reported

2024-06-14 07:22

Platform

android-x64-arm64-20240611.1-en

Max time network

6s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A