Analysis Overview
SHA256
cf4b8aaa000033711b14c1090b86906c94eab86f7baccb1036489900754bae15
Threat Level: Likely malicious
The file a862e0180186c5251be015b1975c30ce_JaffaCakes118 was found to be: Likely malicious.
Malicious Activity Summary
Checks if the Android device is rooted.
Queries information about running processes on the device
Queries information about the current Wi-Fi connection
Reads information about phone network operator.
Requests dangerous framework permissions
Acquires the wake lock
Queries information about active data network
Registers a broadcast receiver at runtime (usually for listening for system events)
Uses Crypto APIs (Might try to encrypt user data)
Checks memory information
Checks CPU information
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-06-14 06:46
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to record audio. | android.permission.RECORD_AUDIO | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-14 06:46
Reported
2024-06-14 06:49
Platform
android-x86-arm-20240611.1-en
Max time kernel
179s
Max time network
174s
Command Line
Signatures
Checks if the Android device is rooted.
| Description | Indicator | Process | Target |
| N/A | /system/app/Superuser.apk | N/A | N/A |
| N/A | /sbin/su | N/A | N/A |
Queries information about running processes on the device
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Reads information about phone network operator.
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.ezfun.xyen
/system/bin/sh -c getprop ro.board.platform
getprop ro.board.platform
/system/bin/sh -c type su
/system/bin/sh -c getprop ro.miui.ui.version.name
getprop ro.miui.ui.version.name
/system/bin/sh -c getprop ro.build.version.emui
getprop ro.build.version.emui
/system/bin/sh -c getprop ro.lenovo.series
getprop ro.lenovo.series
/system/bin/sh -c getprop ro.build.nubia.rom.name
getprop ro.build.nubia.rom.name
/system/bin/sh -c getprop ro.meizu.product.model
getprop ro.meizu.product.model
/system/bin/sh -c getprop ro.build.version.opporom
getprop ro.build.version.opporom
/system/bin/sh -c getprop ro.vivo.os.build.display.id
getprop ro.vivo.os.build.display.id
/system/bin/sh -c getprop ro.aa.romver
getprop ro.aa.romver
/system/bin/sh -c getprop ro.lewa.version
getprop ro.lewa.version
/system/bin/sh -c getprop ro.gn.gnromvernumber
getprop ro.gn.gnromvernumber
/system/bin/sh -c getprop ro.build.tyd.kbstyle_version
getprop ro.build.tyd.kbstyle_version
/system/bin/sh -c getprop ro.build.fingerprint
getprop ro.build.fingerprint
/system/bin/sh -c getprop ro.build.rom.id
getprop ro.build.rom.id
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | graph.facebook.com | udp |
| GB | 163.70.151.23:443 | graph.facebook.com | tcp |
| GB | 163.70.151.23:443 | graph.facebook.com | tcp |
| GB | 163.70.151.23:443 | graph.facebook.com | tcp |
| US | 1.1.1.1:53 | stats.unity3d.com | udp |
| US | 1.1.1.1:53 | xyopenapi.sh.1251001106.clb.myqcloud.com | udp |
| GB | 216.58.212.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| US | 1.1.1.1:53 | t.appsflyer.com | udp |
| GB | 216.137.44.95:443 | t.appsflyer.com | tcp |
| US | 1.1.1.1:53 | api.appsflyer.com | udp |
| GB | 18.165.227.126:443 | api.appsflyer.com | tcp |
| US | 1.1.1.1:53 | xgamenetus.oss-us-east-1.aliyuncs.com | udp |
| US | 47.253.30.93:80 | xgamenetus.oss-us-east-1.aliyuncs.com | tcp |
| US | 47.253.30.93:80 | xgamenetus.oss-us-east-1.aliyuncs.com | tcp |
| US | 47.253.30.93:80 | xgamenetus.oss-us-east-1.aliyuncs.com | tcp |
| US | 1.1.1.1:53 | android.bugly.qq.com | udp |
| CN | 14.22.7.140:80 | android.bugly.qq.com | tcp |
| CN | 14.22.7.199:80 | android.bugly.qq.com | tcp |
| CN | 119.147.179.152:80 | android.bugly.qq.com | tcp |
| US | 1.1.1.1:53 | android.bugly.qq.com | udp |
| CN | 119.147.179.152:80 | android.bugly.qq.com | tcp |
| CN | 14.22.7.199:80 | android.bugly.qq.com | tcp |
Files
/data/data/com.ezfun.xyen/databases/google_app_measurement.db-journal
| MD5 | 7964e5f5cfe2f05cefd7d8a2bdda3e2b |
| SHA1 | 59f2134366472c2db850877b48978917f331e9b0 |
| SHA256 | c0e6af8f7477f0ac99454d6bfa8e4a779f145e13cc283743aa4a14294b58d506 |
| SHA512 | 48fec409b38b5d989bffb31f85763b06e6acdc53fbb7ce04779ac509ee06c2a425ad33708db1f3e7e688dee3a64347388a7cf69e8a0247c99dc6a4384fdcf7c0 |
/data/data/com.ezfun.xyen/databases/google_app_measurement.db
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/com.ezfun.xyen/databases/google_app_measurement.db-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/com.ezfun.xyen/databases/google_app_measurement.db-wal
| MD5 | 296181ad02f909dc1cc13444a77cdf93 |
| SHA1 | 3ca0ec13e71c103eb854ade85c36e2057049c97c |
| SHA256 | 486231d31312f175ca87a3b895279b6712ef1590f1786c8a692c02cc3e0e7b9d |
| SHA512 | dbacd7da7023c0d2ed2cfa86aaeb0dab57840d30a4d58a852ff89d44ba47ec73967717ab41f427aa19b6e66a6091c1a58a8166e580deb4ca3337f0eee4fbf3c1 |
/storage/emulated/0/Android/data/com.ezfun.xyen/files/ver
| MD5 | a74458488179ecb21be59b4f215bd69b |
| SHA1 | 89cf82e60ebf1c835aaf911284f06dc8c10f7a44 |
| SHA256 | acf0fcf21ec7d8de40a463ce5e64e704690470de2ac13e4aba69060635bf1fd7 |
| SHA512 | 2c909383910b196e27f1577b267bb0869559dffc602709104c87db1a35658491e9fdec494b1bcbd6a20de7211ff31687cb21a76149063c355a0f78da815c9590 |
/storage/emulated/0/Android/data/com.ezfun.xyen/files/localAppVer.cfg
| MD5 | 6a154fe077b0d71fab747079562e97ff |
| SHA1 | 9b80ca131fbc6cb5a944359bf46b2f5f301b25fc |
| SHA256 | 2c1940937d13777dc0f2c5a890921ff13e98b91a9e9d443a42651d8d0d8b448d |
| SHA512 | 249e676e0deb22642d1ef367787c42cb6723ff276759b6dc50f664cf765e4697a4623fa9d03da59afacee8d6d999752051620922ab8c033ab387da6d664e729c |
/storage/emulated/0/Android/data/com.ezfun.xyen/files/cd
| MD5 | 40c15095fba74d423df9b33c0143cf0c |
| SHA1 | 6c9abcdb8a2f2808bb2c13c5b5173684716a2d43 |
| SHA256 | 8a46a510b30b69481e6a69e527fb158fdef526f61f2cabded7082c8c8dfcc603 |
| SHA512 | 5bebe9cc774c9c4c5481eceb82aabd917264c5c99a8b24936085402498c496bd03958aeb3b0c51f898875cf5034c8f87f80a7b17d28eef2a57b0f1c8783bb63e |
/storage/emulated/0/Android/data/com.ezfun.xyen/files/ver
| MD5 | fd576c121b9abf9c28e75498fc52de53 |
| SHA1 | ce8f31dbd0ace8d32561ceb45cdf5bb0f9d3d5ce |
| SHA256 | 679f95167b6b961f56f1bade99a82a953c64ffe6ab889c9d5f94454cadcb80ba |
| SHA512 | a775e49f2e8289608a74db39fcd411e14661acb4a6c3143ec346c895290f3a081a264206ef5b995d26e543b0971e9eca1578b8581096eb03e0f6ac30b6eb092d |
/storage/emulated/0/Android/data/com.ezfun.xyen/files/AssetsBundle/abDataStruct.abMap
| MD5 | a87d62ef47d476e1511a07daa4d08934 |
| SHA1 | 8a2336e3711874a59d028addf3c651c9952f8e91 |
| SHA256 | 3126d0920ff4cef316d8eac2c0738e33102b46ee735083a8b57bd5d4c7d0d44a |
| SHA512 | 7bb5b20ab0d1809804bd696179cc14290f7b0321f07f4929a940677715f314af14428340433affae0ed4f54a64ee61f59f7423f70ac03344bf0936d62713138e |
/storage/emulated/0/Android/data/com.ezfun.xyen/files/AssetsBundle/asset_length.txt
| MD5 | abe7cba9a0b5b038e1087dee8321e9bf |
| SHA1 | 266f50712dc9b3258e0b6b25c506dcbde0afaaa2 |
| SHA256 | 20cf7fa19bbaada66fbbaee5506a7e6013a4647554c9d141348ea6d2ad9675ee |
| SHA512 | cc48ffc72f61209a8c38fba9206f073b012415d21f171d1c2a75851c222c1697f60031e6d01fab23a1220a322c777b69281d2282afb48e76b1839cad81fc5e76 |
/storage/emulated/0/Android/data/com.ezfun.xyen/files/AssetsBundle/localAB.assetbundle.zip
| MD5 | 94fd8bd65529e37d51d8394a071e79ec |
| SHA1 | 6fd784e9f4eb445ad608f3e360f2bfb8b0d72941 |
| SHA256 | 9040003a634293d6d4162d15eb6454a90020ce437727d3114afccbada9dcb769 |
| SHA512 | 0c778a7b739b54c12d64855c3728fdbc969f373ae6b01b7749ec62f867474afc174ad25855e910a3571a70cfa83cbd2f844b40fb0afe7966498ca7581d7bacfc |
/storage/emulated/0/Android/data/com.ezfun.xyen/files/AssetsBundle/localAB.assetbundle
| MD5 | efe0641f06c1408d2a33d1dfca956555 |
| SHA1 | be384bbc06c7e20c94af621bccd6bbf909183f1c |
| SHA256 | c81051f6edf079152ac1cec4fb1d0d9e818fd404bcbbce9a3bfb2ed4aaa53961 |
| SHA512 | 10e3f51237420b148d196b8b8171451f423fd5bc72e1f467d93737154b9a3c9de2fac550ec4cf9c31d660c1102f41c2e39ef71a159e15b35f997e80360821f69 |
/storage/emulated/0/Android/data/com.ezfun.xyen/files/cd
| MD5 | 88f27a4cc881802e69d07dbef3a3a572 |
| SHA1 | 49139c6013f7f23a5510527ab29c6d7c3a141561 |
| SHA256 | ad9ba0afef7d77482c21f92da06909fd911cd7595a816cd5698918634aea8c50 |
| SHA512 | 65e10430fb5b6ccea13ecbb931d9921aea5bbd4162f31897550899381501763616f791d228776cdbf5187f0ceeb275c01617f63c5bbaef6e7173918f95275401 |
/storage/emulated/0/Android/data/com.ezfun.xyen/files/ver
| MD5 | 93557ef28b4884ba998dcac7eb874bdc |
| SHA1 | 0e31a00c00ddb946ece03c9cfa82e1824db8f708 |
| SHA256 | dccab60e97343b6a986646eaaa22b03fe7287dc16c3d136b76efddfa1dcbce9c |
| SHA512 | fd672bac9673317e9b951af3ea423774d861ebdc5e34381c60ffda97f53a8c4375d5f21e99b50eb03b037ddaa5f8dd4789899d529e6792b925ccbfb03842c302 |
/data/data/com.ezfun.xyen/databases/bugly_db_-journal
| MD5 | f389e21b95b92fdff6b7599db62eb0f3 |
| SHA1 | 120bd0ac12b2e829ee73f393d97378c7d1313b45 |
| SHA256 | 6683c70c308bd65d436466d80302e130c25b228faf54635e3e9ec1c997bf0c86 |
| SHA512 | 7e268ed9de4ad2807c8b571baf9ef066be4e7db2ae74d46233bda929ee1e204dc516a2d96b1de4070643c157e5108a683ed2549d490815bccc5f6f337827be19 |
/data/data/com.ezfun.xyen/databases/bugly_db_
| MD5 | ad5d109521c0a336537ffc6b37239424 |
| SHA1 | 45ea80dc56c067e323974ed23f5fa693d35cab35 |
| SHA256 | 8a3ad171cedcd403c5858c5bd83b9405fd129bd33aba899be878b9e1fc367d9b |
| SHA512 | abc3a2e9ff208187867c819e83b8603ef274d2a77a2994303d93bd3ec4551e8b40bd8d50f2f6c317b59a098e9e4c963ae625b4418ebe5e3ecd7fcc4d488d8094 |
/data/data/com.ezfun.xyen/databases/bugly_db_-wal
| MD5 | 2d24a790d56f2d875d83daba6e0eb73d |
| SHA1 | 085a68f1029d40a514658756ee32fac4d8bd6be5 |
| SHA256 | f73dea1cce9d3ce1710ed3260cf34810da8fb65e66b3197597ca1e2625eb5bcf |
| SHA512 | 194ea8d43edd08f98b205f79b9d02561e9448772c9f92fde78ac470993e3b88d62733bff496e90589909b8fd6f40e28349e56e423c05903021fa065aefdb1d85 |
/data/data/com.ezfun.xyen/files/buglylog_com.ezfun.xyen_.txt
| MD5 | d1665bc9fb881f83fea829636bc71f16 |
| SHA1 | 5a1beb8e69a0e065998f631237390dd97a988e64 |
| SHA256 | 400e297efbd39b148f6b14e98187ae4d74cf9191555e525c8e4192f83fc0a432 |
| SHA512 | a37a27443066d39d3642f46ed1cea8bf280fcd965c780da1dae707a06681e28afb10b1decabc3d4d88c9f3dcb8aa0601355b9970a70ae7070daa518a19dc7bda |
/data/data/com.ezfun.xyen/files/AppEventsLogger.persistedsessioninfo
| MD5 | 7d722a81be03123dc3bcd63c3fa6e4d1 |
| SHA1 | e3f76444b650ae6f30ca80cb77e68a996c2d96cb |
| SHA256 | b2ddf2d14f3d9ad1cc4ad4d62fe48275d8637197fda160df827187953a8b7c8e |
| SHA512 | c05ee055d7abba16fc08ea43b33fbea3b39272d7ff0fc3b58bef3f8570155d909ace3cae11ebdb6f25dbfa72462ebee15bbcc554054fa602e6742d38f3e70f62 |