Analysis Overview
SHA256
a8e987a5d4dbf117201b8f0aa2e185968e08cd14d4b69ddd51edaec6e6d8ae1e
Threat Level: Shows suspicious behavior
The file a8c8f67e00c198984043a0449c58a2dd_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Queries information about running processes on the device
Requests dangerous framework permissions
Queries information about active data network
Registers a broadcast receiver at runtime (usually for listening for system events)
Uses Crypto APIs (Might try to encrypt user data)
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-06-14 08:42
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Required to be able to access the camera device. | android.permission.CAMERA | N/A | N/A |
| Allows an application to read or write the system settings. | android.permission.WRITE_SETTINGS | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
Analysis: behavioral11
Detonation Overview
Submitted
2024-06-14 08:42
Reported
2024-06-14 08:42
Platform
android-x86-arm-20240611.1-en
Max time network
4s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| GB | 172.217.169.74:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral13
Detonation Overview
Submitted
2024-06-14 08:42
Reported
2024-06-14 08:42
Platform
android-x64-arm64-20240611.1-en
Max time network
8s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| GB | 172.217.16.238:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 172.217.16.238:443 | tcp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-14 08:42
Reported
2024-06-14 08:42
Platform
android-x64-20240611.1-en
Max time network
9s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral6
Detonation Overview
Submitted
2024-06-14 08:42
Reported
2024-06-14 08:42
Platform
android-x64-20240611.1-en
Max time network
7s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral10
Detonation Overview
Submitted
2024-06-14 08:42
Reported
2024-06-14 08:42
Platform
android-x64-arm64-20240611.1-en
Max time network
6s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.187.206:443 | tcp | |
| GB | 142.250.187.206:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral4
Detonation Overview
Submitted
2024-06-14 08:42
Reported
2024-06-14 08:42
Platform
android-x64-arm64-20240611.1-en
Max time network
9s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral8
Detonation Overview
Submitted
2024-06-14 08:42
Reported
2024-06-14 08:42
Platform
android-x86-arm-20240611.1-en
Max time network
6s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral9
Detonation Overview
Submitted
2024-06-14 08:42
Reported
2024-06-14 08:42
Platform
android-x64-20240611.1-en
Max time network
8s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-14 08:42
Reported
2024-06-14 08:45
Platform
android-x86-arm-20240611.1-en
Max time kernel
2s
Max time network
161s
Command Line
Signatures
Queries information about running processes on the device
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
com.shuame.rootgenius
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | m.xf-conn.qq.com | udp |
| US | 1.1.1.1:53 | oth.update.mdt.qq.com | udp |
| US | 1.1.1.1:53 | m.xf-stat.qq.com | udp |
| GB | 216.58.212.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.179.238:443 | android.apis.google.com | tcp |
Files
/data/data/com.shuame.rootgenius/files/beacon/comp/1.jar
| MD5 | 4f198eb855b4409968888cc350a4d65f |
| SHA1 | 5bccbd8f60564cbf7930576119b790cc311a13e0 |
| SHA256 | d4f5a27326ca3b146a84122d04f01365459fb0cd63c34576f9957dce0df130f3 |
| SHA512 | 5bf1db583b205fa84fa8c6637c80eed639f2a1acc3a0a73711c5f51444b064116bfbde23df15110d8cef78cb7792d744a6bbd6526adda65f842155c30785b371 |
/data/data/com.shuame.rootgenius/files/beacon/comp/9.jar
| MD5 | 78fda54d578e58f8eb258237c776f472 |
| SHA1 | b906eba1749b99a5119aaacabcb7fc0ffd16bf3f |
| SHA256 | 7f7e8e10a3d14416c033231ab70c649bff6b4ec4af9a8f34cb177b64182998d8 |
| SHA512 | d36331fb108e464fd18d4f35f79d0fc30ee0ab8575e4acc2bcbe332686cf1b1641499c09b2c0f8f0d28d663e7ed2d1dd8f16f7ab23a53a38ebdb9c58ee6259c3 |
/data/data/com.shuame.rootgenius/files/beacon/comp/5.jar
| MD5 | 0f007704fec9b983054009f7d9dd593a |
| SHA1 | 3ab6b7d14f326d4aa6279eb41465a98b1603abfe |
| SHA256 | 696a941f6a45156144e4baacef4a8b8ae187a70c92137d9f6077995334ba45a4 |
| SHA512 | c5725dcf0c21112b20a0b89274bdf077d78b97986d57ac546e5c9b48ba4ea9b68e74bc4dddf873d368a32397bbccb3f9a83707c6f8fa7856315ed9ca27715437 |
/data/data/com.shuame.rootgenius/files/beacon/comp/libBeacon.so
| MD5 | a99856a4a0b5766f911370d5adf38fa2 |
| SHA1 | f8e2a1cc14f1156e833bf6931069acab3953a640 |
| SHA256 | 80471bf1bdb73969bb4b75ff0050fb5e400a1fcd6053c9d0ae859eb993bb38c6 |
| SHA512 | 6fa88c0a04ae114107060c8deb3b0944fa5d9b7d58420d9bdb66af34d2a1711617ee2246dee2b28fbdf35e219b8346ba22420f8c957ec4f2116b47cfa244f6b8 |
/data/data/com.shuame.rootgenius/files/Data/Bin/busybox
| MD5 | 6a2981220018d857a6372e93d63636b0 |
| SHA1 | fcf6434ebfdf2d28cff6577becea3af00dc1a104 |
| SHA256 | 416299b0a604a5370c349be30279e2294eec620af29a70c66e570d53994da903 |
| SHA512 | fd4a15a53395e33010ba30fe04b049d8b40f94629f6dd1fa53c647a28c4e7f43501f2294dc0578730de75731ab607a2b644772351711e83923b393dad74c474d |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-14 08:42
Reported
2024-06-14 08:42
Platform
android-x86-arm-20240611.1-en
Max time network
7s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| GB | 216.58.204.67:443 | tcp | |
| GB | 142.250.178.10:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-06-14 08:42
Reported
2024-06-14 08:42
Platform
android-x86-arm-20240611.1-en
Max time network
7s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.180.14:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral7
Detonation Overview
Submitted
2024-06-14 08:42
Reported
2024-06-14 08:42
Platform
android-x64-arm64-20240611.1-en
Max time network
8s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral12
Detonation Overview
Submitted
2024-06-14 08:42
Reported
2024-06-14 08:42
Platform
android-x64-20240611.1-en
Max time network
5s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |