Malware Analysis Report

2025-01-19 07:44

Sample ID 240615-a2y3qawhjp
Target ac474ea14a2932ebd07dbc54395ad177_JaffaCakes118
SHA256 bdfa055b649cf464c1978fc3a009cb858f14e6c40ef4eade6447afcb223c665c
Tags
persistence discovery
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

bdfa055b649cf464c1978fc3a009cb858f14e6c40ef4eade6447afcb223c665c

Threat Level: Shows suspicious behavior

The file ac474ea14a2932ebd07dbc54395ad177_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

persistence discovery

Requests dangerous framework permissions

Queries the unique device ID (IMEI, MEID, IMSI)

Registers a broadcast receiver at runtime (usually for listening for system events)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-15 00:43

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-15 00:43

Reported

2024-06-15 00:46

Platform

android-x86-arm-20240611.1-en

Max time kernel

3s

Max time network

149s

Command Line

com.ssgshop

Signatures

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

com.ssgshop

Network

Country Destination Domain Proto
GB 142.250.178.3:443 tcp
GB 142.250.187.234:443 tcp
N/A 224.0.0.251:5353 udp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp

Files

/data/data/com.ssgshop/databases/bugly_db_legu-journal

MD5 47eca66420b370fd0e1ace4be0d5408e
SHA1 8ebc0d9b7b2d27b000a489f00c64b810a867646e
SHA256 0dbaea61af59cad5605f6c06d9148296ba4b8e9e50884d81b97da0c53ecea859
SHA512 6ff9ac46f8915e2ae454f2a00052a1c28fb6b470e0ee02cff315e5184fb0b073e23020ca566ca1fac0e344862ae4092078ce2f0e07b701b93da9d2e01bba2d54

/data/data/com.ssgshop/databases/bugly_db_legu

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.ssgshop/databases/bugly_db_legu-shm

MD5 cf845a781c107ec1346e849c9dd1b7e8
SHA1 b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA256 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA512 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

/data/data/com.ssgshop/databases/bugly_db_legu-wal

MD5 e8ca041b4df08b7fda6634c35aed04a7
SHA1 7df7711483d5e4245c2566e2ca230be5be2738e1
SHA256 929fc452cbae0fe763fcee3ea21281aab3f99bc936a515a6892b71a8275739e6
SHA512 686468adc6b6a558a1d7e90f6a2b4d4397971e29e51bd3a433490d6292ec60a27c1f8e50f352173c9930748638055cae3f80801a201f4b994df941465699ed9d

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-15 00:43

Reported

2024-06-15 00:46

Platform

android-x64-20240611.1-en

Max time kernel

4s

Max time network

185s

Command Line

com.ssgshop

Signatures

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

com.ssgshop

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.227:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.169.40:443 ssl.google-analytics.com tcp
GB 172.217.169.10:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
GB 172.217.169.78:443 tcp
GB 142.250.179.226:443 tcp
GB 172.217.169.42:443 tcp
GB 142.250.187.196:443 tcp
GB 142.250.187.196:443 tcp
GB 172.217.169.14:443 tcp
GB 142.250.187.196:443 tcp
GB 142.250.187.196:443 tcp

Files

/data/data/com.ssgshop/databases/bugly_db_legu-journal

MD5 2755e303442d2da6c6beb4999eb13fbe
SHA1 3d7544354e023b9e66123ad907967210d0648ee0
SHA256 9e671bb595073caf837556973aa2c6431214113edd6161ec4b88475a73b0e57a
SHA512 0d90067fdcc0f12ef0a43c94985f69e4e2aea26f23d8294f60d19d7b0fccfe369fe95f9bd4f37fc087441a205a210ad9b7e0785067ee1f91c54cbec19dde24ee

/data/data/com.ssgshop/databases/bugly_db_legu

MD5 b62ab1646998726cf9f24ba864dcdf3c
SHA1 97ba25e7feb1f26c1bdc014bf9c33597bb791c97
SHA256 a2366fa299faaac1abc990d295736bf01824c41f488dd3313684ed5a4df0d188
SHA512 e14bb9d500439884c9a057e664ab92139c33a8bf48eef95edebd9ca34bd186746c9c7d696cf3f8e3566d4b5e06a920ea10e80b926bdfe51601c347f73487ec61

/data/data/com.ssgshop/databases/bugly_db_legu-journal

MD5 e501c640ed0af3da05832f8190e1bfbb
SHA1 63ac81d984a4f54ae98057a965c6081dca0b3843
SHA256 522ba2905839645685d9bfc3bc729b73b40ac437262b3937af14fe052a0fb082
SHA512 9cfc634159b3837f06444e9f34fcb4bab6f0030ecb96fe3ff098754fc0dfd81fc0e602c22e3ffbc50cf363286e1e9be4cd6f64091b3b99fd3e29b13e79d6358b

/data/data/com.ssgshop/databases/bugly_db_legu-journal

MD5 0a411241117a8974b7d12df38044eecb
SHA1 8621cf847c073d5a8f1bd35780840bf59372d692
SHA256 000eede81b6b5fd55032d792620a5c01c685a3ca573def3f4a2f3a3342696f3d
SHA512 b77a8c2ab53f681c2aa9d00bf9486f13968e70fbdecc015bcfe404c031eabc63c3dd3a826d73b53148b402eef4f08f5b3ecd636ea433fc4d7b46ac4ffef2e4eb

/data/data/com.ssgshop/databases/bugly_db_legu-journal

MD5 d063ef3d809d02c06ae4fad284f80fea
SHA1 e66481f9829d87b3c117cbaa92cd8217f4b22513
SHA256 dead7606cc8535eed72d75ae3acc3cfbffaf93c966ac7fd35e0aaf1d80bb5146
SHA512 ef8839a7f8a4bbdad153dd34ee0cc50856e08de274b21730fb738e3c0d261508575d9f12cf5d0a3ee7a9727fc54e69376c17cb884621c587a5e16a0fec81e3b1

/data/data/com.ssgshop/databases/bugly_db_legu-journal

MD5 77098af5afd50a899eecfbe32d2716c7
SHA1 e2de1ff2e7835c313bed86879da6a481c26164b6
SHA256 864d8f0a7269f34a9c88a857e440af9777375872f43abb1b4868c6c561bee9f5
SHA512 4f2c18f93f3840051720b1df63de2171a6d69b5d79dfc7320a91efc2beb79e0df0f62d5e2bb5ff75b124d626e8f5a63c8bda93163939779371c98b9a8147bc38

/data/data/com.ssgshop/databases/bugly_db_legu-journal

MD5 df429cdd699a7fbf023c8c60bd376aa2
SHA1 33d1b16bd6f83a9c7817546fdc3905a31067222c
SHA256 23726ed9e665c20cc9e22c7879c06554cb5dae7f9ab08d82b3dc90b1915f9115
SHA512 9ff264af404f21c4d31c4652aae9dbd51b66671a970f270516e9fa5ea851a5946520db09fd0998ac45d71154877890c01cd33a0c89659ad8d7e33347f26fde90