Analysis Overview
SHA256
fa33e6dd87f8f4c6b1f3929537af56826f1d7b6e1454a373021e7b7e3430a6bc
Threat Level: Shows suspicious behavior
The file ac50670f7deeed7aa80c32a15d6c83fb_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Loads dropped Dex/Jar
Requests dangerous framework permissions
Queries information about active data network
Registers a broadcast receiver at runtime (usually for listening for system events)
Checks memory information
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-15 00:53
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Required to be able to access the camera device. | android.permission.CAMERA | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows access to the list of accounts in the Accounts Service. | android.permission.GET_ACCOUNTS | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
| Required to be able to access the camera device. | android.permission.CAMERA | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-15 00:53
Reported
2024-06-15 00:56
Platform
android-x86-arm-20240611.1-en
Max time kernel
157s
Max time network
148s
Command Line
Signatures
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/data/com.vikecn/mix.dex | N/A | N/A |
| N/A | /data/data/com.vikecn/mix.dex | N/A | N/A |
| N/A | /data/data/com.vikecn/mix.dex | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.vikecn
sh -c getprop ro.yunos.version
getprop ro.yunos.version
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.vikecn/mix.dex --output-vdex-fd=57 --oat-fd=59 --oat-location=/data/data/com.vikecn/oat/x86/mix.odex --compiler-filter=quicken --class-loader-context=&
logcat -d -v threadtime
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | rs.easemob.com | udp |
| GB | 193.118.32.52:80 | rs.easemob.com | tcp |
| CN | 39.97.9.52:80 | tcp | |
| US | 1.1.1.1:53 | app.680.com | udp |
| HK | 8.212.115.227:80 | app.680.com | tcp |
| HK | 8.212.115.227:443 | app.680.com | tcp |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.46:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | a4.easemob.com | udp |
| CN | 47.95.246.247:443 | a4.easemob.com | tcp |
| CN | 101.201.233.110:443 | a4.easemob.com | tcp |
| US | 1.1.1.1:53 | a4-v2.easemob.com | udp |
| CN | 101.201.233.110:443 | a4-v2.easemob.com | tcp |
| CN | 47.95.246.247:443 | a4-v2.easemob.com | tcp |
Files
/data/data/com.vikecn/databases/bugly_db_legu-journal
| MD5 | 529e25d6df9e808c13f37cfc8fe4348e |
| SHA1 | e914e7d1260b0f6cd166f448eab3c07fb07941c5 |
| SHA256 | 3e5040f611ff6e7996c6c4f1ce6c370dd3ddc98f79d651d30da3346d504a0d31 |
| SHA512 | eba5ace30a52c9db8822067447e1da04fce4834fa542e74221c2284a5ac902e7f6cc39f9f793d192203d1fc88ea11e0bce5448398f6221ff8113a8299c5af787 |
/data/data/com.vikecn/databases/bugly_db_legu
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/com.vikecn/databases/bugly_db_legu-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/com.vikecn/databases/bugly_db_legu-wal
| MD5 | ab028a2f7ffe50acce6a76d13ca25c4f |
| SHA1 | 1ab5607e5274406015c69117bb699009f31ebb77 |
| SHA256 | 41e12c6bf0215d84148b2e7562ee72623d2c360ac137d2268f8fec0df1b6b6bb |
| SHA512 | d82aef335c1f95c233c593484eeb47d7171d769d4a10c1d53b54dc4fced7cd17b869adbdc7d1482a25343ec172fd3b3aa0e574336a67b0bb802534b226c5bb32 |
/data/data/com.vikecn/mix.dex
| MD5 | 63f77f99bd2c2b772a479923bde11974 |
| SHA1 | c7632e7d301e4463fafce85f84e9c3d7da3fdbbe |
| SHA256 | 4c76a3af64cdd2f8713ffe2733dea50dbe714d0ca41c17d1847ee5b62a7ca615 |
| SHA512 | 3aae4a89d1ed51fdd911cb367eb10afe3c2264e4222085891b18a60d5412f85d10bf5c8f3c6642db70abb9aa42732bac5c42c42ee32d587100f53c21b5beb16c |
/storage/emulated/0/Android/data/com.vikecn/1196170302178697#sjcfwk/core_log/easemob.log
| MD5 | 08ba20a76bb7066dd6823b7cf07193de |
| SHA1 | d1a1e34595cbb6da0dca0e7944effa8e4f46a12b |
| SHA256 | d1ca4d2520b069a3885b0565449a07c408df1917543dff2f535187afd77425a9 |
| SHA512 | 7819561694bd041e74c5d8b505d954bdad09b0d49e328809170edfa3dbabd81f999e697e64680c5fe88d2c135f2f59d44be2133963c95e2cd59eba1db337917c |
/data/data/com.vikecn/app_crashrecord/1004
| MD5 | a7fd38db7276ab07a6618a66f00d9b3f |
| SHA1 | a0e0e8a714e0675077b532267550fdcba53643c2 |
| SHA256 | cc396b377b62fb543fc140313abf2c12a32bd33d4f5f4bb98eb513969e66d0d1 |
| SHA512 | 3d0fae17ebae7fa38f9cce238afeef44c39fc5dcc067868bf4caa34b1a77044286585a8158796b328bd61181448bc08fd53566e68f84bced014170331c47a704 |
/data/data/com.vikecn/databases/bugly_db_-journal
| MD5 | 88577306b493037ddafeda37103fc5b4 |
| SHA1 | e34f815a3eed46482ea12b8794bedb9f1967d519 |
| SHA256 | 287416dcb27c8c7d73cb4126736d812bdc36acc80faa7b6a9f9d065326b68597 |
| SHA512 | 0fd6c8aef7a27ffc1ec4f8d7289bc979d20af24afc0748c406653e23fc38d053e3551e1d7decdd4d4e01368166d6c0ff1b4cda048ee726c723b9148d3435583c |
/data/data/com.vikecn/databases/bugly_db_-wal
| MD5 | ec42b3f498b44b91d38ed3889f8ade9d |
| SHA1 | b033a5a6d5b038c4b028a02056ccb3998e15b8a9 |
| SHA256 | ba9af9fccd2537a13b1730182ca0cbc39a6cf6c1a32ead891b9724c556557fcd |
| SHA512 | a903917267f4fb920c5b170a5881f9feb38461e61e46ecf599c0d2028e954d9f8e9d1dbd286ad6d07f240a844caa80e3bd25086250ca49e139b790b9eff58072 |
/data/data/com.vikecn/app_crashrecord/1004
| MD5 | 0d210bfb2a0e1f1b4c082a6a0f79de07 |
| SHA1 | bb8ed9e364db79d1d9f2fcde3f15091893222faa |
| SHA256 | 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d |
| SHA512 | 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1 |
/data/data/com.vikecn/files/config.json
| MD5 | cec903432fc37f2813975fb987d9ccdd |
| SHA1 | 0d8c950670e851112cf6ba25def4660f0c8cf169 |
| SHA256 | bafed52f6afb611dd683cb73626494610834573c57c45f654d37d2209deff9b4 |
| SHA512 | adbe90c855cf3c4a49e14916226256e32d8eaa470bcdf5a6dc125ac3b33efb150a1f2564845630ffb735797b5f0a144454a183acd90316a4ac87c1b441119585 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-15 00:53
Reported
2024-06-15 00:56
Platform
android-33-x64-arm64-20240611.1-en
Max time kernel
3s
Max time network
132s
Command Line
Signatures
Processes
com.vikecn
Network
| Country | Destination | Domain | Proto |
| GB | 172.217.169.68:443 | udp | |
| GB | 172.217.169.68:443 | tcp | |
| BE | 142.250.110.188:5228 | tcp | |
| GB | 172.217.16.228:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.212.234:443 | udp | |
| GB | 216.58.212.234:443 | tcp | |
| US | 172.64.41.3:443 | tcp | |
| US | 172.64.41.3:443 | tcp | |
| GB | 142.250.180.3:443 | tcp | |
| US | 172.64.41.3:443 | udp | |
| GB | 142.250.180.3:443 | udp | |
| GB | 172.217.169.68:443 | udp | |
| GB | 142.250.179.228:443 | udp | |
| GB | 142.250.179.228:443 | tcp | |
| GB | 142.250.179.228:443 | tcp | |
| GB | 142.250.179.228:443 | tcp | |
| GB | 216.58.212.227:443 | tcp |
Files
/data/user/0/com.vikecn/databases/bugly_db_legu-journal
| MD5 | b34fffde3f3679b68a9815d3bcade08e |
| SHA1 | 513ec213db086c112057f0dad15ceb5c92b47cc6 |
| SHA256 | c60bb88761894fbbcf88f89bbd9c0b5f817abd2aea72b5a6942383f60497e3c7 |
| SHA512 | e3515da4faa9ad2df9323976711652b62c5d0b072d37eea1c4af5dba99aa2f4787c48de0fd93fd02823041f0cb405c91b4b27544b4e5a26ecccdcfd957c7098d |
/data/user/0/com.vikecn/databases/bugly_db_legu
| MD5 | 7b1945295118b933801638bd96546bfe |
| SHA1 | 77a47a15d3ded4a8e10487da596405f8d1af6ab9 |
| SHA256 | 03adf1b0c9e36ab2f7d270f1d16815911cf62652d52cb6d02ed9d96a7a2723c6 |
| SHA512 | 1ccc2fbafe031f25a457a313875ecf23542c9fc2d5e75b296835dad7ca12013665833bca29431bda2fc389b337b6b573f4a9260c82b78bc70111493c4cce5dbc |
/data/user/0/com.vikecn/databases/bugly_db_legu-journal
| MD5 | 1e60d49ef159b3127005cc281270c545 |
| SHA1 | e1e91cdf9060f841ad3c25afd0bb0cb8329d6ffe |
| SHA256 | e61a142304e6861363a9e85f3013c3e4e4b18d32f4e576cd998745ed9a65f1b6 |
| SHA512 | c03186f46be8408a7efb84ea59bdb2c822e4868b36595148a876dbf8d284004bf07b3eac1d420edbe26a5b180b13be57208c3b1926b24533948623b43e1615d3 |
/data/user/0/com.vikecn/databases/bugly_db_legu-journal
| MD5 | bd14502b703e2cfa3ddea4524c7502c6 |
| SHA1 | a778e65c821b855461d83887b3ba021fb176a485 |
| SHA256 | 3b3ab79e891ec658d9454c840b0aa23d4eb0e68a0f2f9ddce0a9ba665ce41def |
| SHA512 | fc6ac2d50c41bb4a11590d00950fde0b326be6a7a6980e8ab4a77649b3c54b0dbdabed50fee478eb7e17b0e9d30a49437a180340b206d375df0309b997e6869d |
/data/user/0/com.vikecn/databases/bugly_db_legu-journal
| MD5 | c1b7fb56076c8da3a18c71c2bdf1ce9a |
| SHA1 | 4af9cea355f005607c55c2d33e1d9c62bda6d8df |
| SHA256 | 69e0b3b19a772110e06f7058092156a61597a481e72a5cadaa18c7f3e0516ff9 |
| SHA512 | 696f0ed1bc22f71a698beb4f2b1ba59ff4b09c808500c0d070cddfc67baddcae69edc6d0b2a6043c890e1408dd61ab123bf974477c6f88ec539854b9343822de |
/data/user/0/com.vikecn/databases/bugly_db_legu-journal
| MD5 | c2d818fc8433d80110348f6eee1386d6 |
| SHA1 | 49eac9cbe3e48bc0e87e8b045beed301743b1943 |
| SHA256 | f8232dfa6ce1f5019352758aafe727798394f235a6b0910ecbac61b407e99cda |
| SHA512 | 2dfe4f38c4ddd73388444702272c7c7247b1889806939ce520343d4822d3224a74879d931a2407f924dac5faf0aeec5e2453a23d34754291b35079b001b7ffa8 |
/data/user/0/com.vikecn/databases/bugly_db_legu-journal
| MD5 | 276b5be722da3af997d4935f55f31b73 |
| SHA1 | 17164aa05e2ecc13a322142e66d29ba306be7dc9 |
| SHA256 | 4504b7978a60bd89898b34831d1914ced8ed670840b94eb408dcc877cef135bd |
| SHA512 | 03023617f543d2ec4d7367d736ef4aafc5ab68e2b96479d2880868ec30197ea9d213e0e2dc0d8f514cf38b218d4764e3a8541eaf27a08553c7964bae8e219177 |