Malware Analysis Report

2024-10-19 13:26

Sample ID 240614-hw5mbazbkg
Target a873d4862f7f3fb4788b7b3db98a24ff_JaffaCakes118
SHA256 43e937f796d9b77dc11fa6d363c567a2e8c62f9b416dd0ec15b96b0fc9841f4e
Tags
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

43e937f796d9b77dc11fa6d363c567a2e8c62f9b416dd0ec15b96b0fc9841f4e

Threat Level: Shows suspicious behavior

The file a873d4862f7f3fb4788b7b3db98a24ff_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary


Requests dangerous framework permissions

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 07:06

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 07:06

Reported

2024-06-14 07:09

Platform

android-x86-arm-20240611.1-en

Max time kernel

2s

Max time network

131s

Command Line

com.yuangui.MicroTech1

Signatures

N/A

Processes

com.yuangui.MicroTech1

Network

Country Destination Domain Proto
GB 172.217.169.74:443 tcp
N/A 224.0.0.251:5353 udp
GB 142.250.187.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp

Files

/data/data/com.yuangui.MicroTech1/files/libjiagu_art.so

MD5 753673ab617b70fd40c9e3ea6442120d
SHA1 1940fd5c7efb72c7f36d2e9e34081b0c6fb66742
SHA256 1b12322c0b26824729616bd488a07e98e608720418bffc51f9a75c990066f3fa
SHA512 cb1343af02a1f66d0dd9ce2c7cdc3817c6a66480958b80f6439aa90a5af59a2702e2904c5e62c85076a32e7548ab09cf1814e7a53e779fc3ef89abd86e4f1070

/data/data/com.yuangui.MicroTech1/files/libjiagu.so

MD5 c777cc1017287f00d9cdd022b867d8ae
SHA1 f4fabc94dae26762cea18fb6f3413f38dc03fb46
SHA256 18f09197be669389c426322978e86faefd6c822bf27df4ead392d93eee349014
SHA512 8f5dd8c59a6f541d275bec3be725bfe69e7f674b6e760218c0b021dd51a21a08bb618ab21d000efc71f26bb6a9753ac86866a3c08cb6b6e93573bbdb438040be