Analysis Overview
SHA256
bdfa055b649cf464c1978fc3a009cb858f14e6c40ef4eade6447afcb223c665c
Threat Level: Shows suspicious behavior
The file ac474ea14a2932ebd07dbc54395ad177_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Requests dangerous framework permissions
Queries the unique device ID (IMEI, MEID, IMSI)
Registers a broadcast receiver at runtime (usually for listening for system events)
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-15 00:43
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. | android.permission.SYSTEM_ALERT_WINDOW | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-15 00:43
Reported
2024-06-15 00:46
Platform
android-x86-arm-20240611.1-en
Max time kernel
3s
Max time network
149s
Command Line
Signatures
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Processes
com.ssgshop
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.178.3:443 | tcp | |
| GB | 142.250.187.234:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.204.78:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.238:443 | android.apis.google.com | tcp |
Files
/data/data/com.ssgshop/databases/bugly_db_legu-journal
| MD5 | 47eca66420b370fd0e1ace4be0d5408e |
| SHA1 | 8ebc0d9b7b2d27b000a489f00c64b810a867646e |
| SHA256 | 0dbaea61af59cad5605f6c06d9148296ba4b8e9e50884d81b97da0c53ecea859 |
| SHA512 | 6ff9ac46f8915e2ae454f2a00052a1c28fb6b470e0ee02cff315e5184fb0b073e23020ca566ca1fac0e344862ae4092078ce2f0e07b701b93da9d2e01bba2d54 |
/data/data/com.ssgshop/databases/bugly_db_legu
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/com.ssgshop/databases/bugly_db_legu-shm
| MD5 | cf845a781c107ec1346e849c9dd1b7e8 |
| SHA1 | b44ccc7f7d519352422e59ee8b0bdbac881768a7 |
| SHA256 | 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7 |
| SHA512 | 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612 |
/data/data/com.ssgshop/databases/bugly_db_legu-wal
| MD5 | e8ca041b4df08b7fda6634c35aed04a7 |
| SHA1 | 7df7711483d5e4245c2566e2ca230be5be2738e1 |
| SHA256 | 929fc452cbae0fe763fcee3ea21281aab3f99bc936a515a6892b71a8275739e6 |
| SHA512 | 686468adc6b6a558a1d7e90f6a2b4d4397971e29e51bd3a433490d6292ec60a27c1f8e50f352173c9930748638055cae3f80801a201f4b994df941465699ed9d |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-15 00:43
Reported
2024-06-15 00:46
Platform
android-x64-20240611.1-en
Max time kernel
4s
Max time network
185s
Command Line
Signatures
Queries the unique device ID (IMEI, MEID, IMSI)
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Processes
com.ssgshop
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.227:443 | tcp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 172.217.169.40:443 | ssl.google-analytics.com | tcp |
| GB | 172.217.169.10:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.46:443 | android.apis.google.com | tcp |
| GB | 172.217.169.78:443 | tcp | |
| GB | 142.250.179.226:443 | tcp | |
| GB | 172.217.169.42:443 | tcp | |
| GB | 142.250.187.196:443 | tcp | |
| GB | 142.250.187.196:443 | tcp | |
| GB | 172.217.169.14:443 | tcp | |
| GB | 142.250.187.196:443 | tcp | |
| GB | 142.250.187.196:443 | tcp |
Files
/data/data/com.ssgshop/databases/bugly_db_legu-journal
| MD5 | 2755e303442d2da6c6beb4999eb13fbe |
| SHA1 | 3d7544354e023b9e66123ad907967210d0648ee0 |
| SHA256 | 9e671bb595073caf837556973aa2c6431214113edd6161ec4b88475a73b0e57a |
| SHA512 | 0d90067fdcc0f12ef0a43c94985f69e4e2aea26f23d8294f60d19d7b0fccfe369fe95f9bd4f37fc087441a205a210ad9b7e0785067ee1f91c54cbec19dde24ee |
/data/data/com.ssgshop/databases/bugly_db_legu
| MD5 | b62ab1646998726cf9f24ba864dcdf3c |
| SHA1 | 97ba25e7feb1f26c1bdc014bf9c33597bb791c97 |
| SHA256 | a2366fa299faaac1abc990d295736bf01824c41f488dd3313684ed5a4df0d188 |
| SHA512 | e14bb9d500439884c9a057e664ab92139c33a8bf48eef95edebd9ca34bd186746c9c7d696cf3f8e3566d4b5e06a920ea10e80b926bdfe51601c347f73487ec61 |
/data/data/com.ssgshop/databases/bugly_db_legu-journal
| MD5 | e501c640ed0af3da05832f8190e1bfbb |
| SHA1 | 63ac81d984a4f54ae98057a965c6081dca0b3843 |
| SHA256 | 522ba2905839645685d9bfc3bc729b73b40ac437262b3937af14fe052a0fb082 |
| SHA512 | 9cfc634159b3837f06444e9f34fcb4bab6f0030ecb96fe3ff098754fc0dfd81fc0e602c22e3ffbc50cf363286e1e9be4cd6f64091b3b99fd3e29b13e79d6358b |
/data/data/com.ssgshop/databases/bugly_db_legu-journal
| MD5 | 0a411241117a8974b7d12df38044eecb |
| SHA1 | 8621cf847c073d5a8f1bd35780840bf59372d692 |
| SHA256 | 000eede81b6b5fd55032d792620a5c01c685a3ca573def3f4a2f3a3342696f3d |
| SHA512 | b77a8c2ab53f681c2aa9d00bf9486f13968e70fbdecc015bcfe404c031eabc63c3dd3a826d73b53148b402eef4f08f5b3ecd636ea433fc4d7b46ac4ffef2e4eb |
/data/data/com.ssgshop/databases/bugly_db_legu-journal
| MD5 | d063ef3d809d02c06ae4fad284f80fea |
| SHA1 | e66481f9829d87b3c117cbaa92cd8217f4b22513 |
| SHA256 | dead7606cc8535eed72d75ae3acc3cfbffaf93c966ac7fd35e0aaf1d80bb5146 |
| SHA512 | ef8839a7f8a4bbdad153dd34ee0cc50856e08de274b21730fb738e3c0d261508575d9f12cf5d0a3ee7a9727fc54e69376c17cb884621c587a5e16a0fec81e3b1 |
/data/data/com.ssgshop/databases/bugly_db_legu-journal
| MD5 | 77098af5afd50a899eecfbe32d2716c7 |
| SHA1 | e2de1ff2e7835c313bed86879da6a481c26164b6 |
| SHA256 | 864d8f0a7269f34a9c88a857e440af9777375872f43abb1b4868c6c561bee9f5 |
| SHA512 | 4f2c18f93f3840051720b1df63de2171a6d69b5d79dfc7320a91efc2beb79e0df0f62d5e2bb5ff75b124d626e8f5a63c8bda93163939779371c98b9a8147bc38 |
/data/data/com.ssgshop/databases/bugly_db_legu-journal
| MD5 | df429cdd699a7fbf023c8c60bd376aa2 |
| SHA1 | 33d1b16bd6f83a9c7817546fdc3905a31067222c |
| SHA256 | 23726ed9e665c20cc9e22c7879c06554cb5dae7f9ab08d82b3dc90b1915f9115 |
| SHA512 | 9ff264af404f21c4d31c4652aae9dbd51b66671a970f270516e9fa5ea851a5946520db09fd0998ac45d71154877890c01cd33a0c89659ad8d7e33347f26fde90 |