Malware Analysis Report

2025-01-19 07:43

Sample ID 240615-aet59awapn
Target ac28700207802b0857a003e4df20307c_JaffaCakes118
SHA256 351fdf2dca66471ad72737037ab4b0ad3c40e78d85d70279bae8693e284eee8a
Tags
discovery
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

351fdf2dca66471ad72737037ab4b0ad3c40e78d85d70279bae8693e284eee8a

Threat Level: Shows suspicious behavior

The file ac28700207802b0857a003e4df20307c_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery

Requests dangerous framework permissions

Queries information about active data network

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-15 00:08

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-15 00:07

Reported

2024-06-15 00:08

Platform

android-x86-arm-20240611.1-en

Max time network

4s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2024-06-15 00:07

Reported

2024-06-15 00:08

Platform

android-x64-arm64-20240611.1-en

Max time network

7s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2024-06-15 00:07

Reported

2024-06-15 00:08

Platform

android-x64-20240611.1-en

Max time network

5s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-15 00:07

Reported

2024-06-15 00:11

Platform

android-x86-arm-20240611.1-en

Max time kernel

4s

Max time network

141s

Command Line

cn.kdqbxs.reader

Signatures

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Processes

cn.kdqbxs.reader

chmod 755 /data/user/0/cn.kdqbxs.reader/.jiagu/libjiagu.so

/system/bin/dex2oat --instruction-set=x86 --dex-file=/data/data/cn.kdqbxs.reader/.jiagu/classes.dex --dex-file=/data/data/cn.kdqbxs.reader/.jiagu/classes.dex!classes2.dex --dex-file=/data/data/cn.kdqbxs.reader/.jiagu/classes.dex!classes3.dex --oat-file=/data/data/cn.kdqbxs.reader/.jiagu/oat/x86/classes.odex --inline-max-code-units=0 --compiler-filter=speed

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp

Files

/data/data/cn.kdqbxs.reader/.jiagu/libjiagu.so

MD5 7274dfc1e8d08075495ca657dadff181
SHA1 e3cb1f637468445de6132385e5d1043d2b4850d9
SHA256 07d59919a5936e001ab4d9b3ede13e543f8802d6d3095480c29851efdecfe723
SHA512 a0a04e0fba84a1eb30b812fba12a3f21c7269a3f1b673bb2f89979d19fceff5e7f92fcb6d564f93069c5ed6169778126616012e528e42af0bd4345b8358dca9e

/data/data/cn.kdqbxs.reader/.jiagu/classes.dex

MD5 5b9aabc958158481e8e12c22a3707fae
SHA1 53d4a938b5515eac56f46fbade07e452c1ebb867
SHA256 b4444beb7ef42dcd3b4734a7c59141793644e6482372e6372a45dda80b1d4eaa
SHA512 5cb543507650694cc98a160d2fb0ead13a7ad760c11f372d8252b5e09c3684075beedaa526679071bccda917f5055939f74a05988947f475a023d5e9251e57ed

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-15 00:07

Reported

2024-06-15 00:11

Platform

android-33-x64-arm64-20240611.1-en

Max time kernel

8s

Max time network

133s

Command Line

cn.kdqbxs.reader

Signatures

N/A

Processes

cn.kdqbxs.reader

Network

Country Destination Domain Proto
GB 172.217.169.68:443 udp
GB 172.217.169.68:443 tcp
BE 142.250.110.188:5228 tcp
GB 172.217.16.228:443 tcp
N/A 224.0.0.251:5353 udp
GB 216.58.212.234:443 udp
GB 216.58.212.234:443 tcp
US 172.64.41.3:443 tcp
US 172.64.41.3:443 tcp
GB 172.217.16.227:443 tcp
US 172.64.41.3:443 udp
GB 172.217.16.227:443 udp
GB 172.217.169.68:443 udp
GB 142.250.179.228:443 udp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp
GB 216.58.212.227:443 tcp

Files

/data/user/0/cn.kdqbxs.reader/.jiagu/libjiagu.so

MD5 7274dfc1e8d08075495ca657dadff181
SHA1 e3cb1f637468445de6132385e5d1043d2b4850d9
SHA256 07d59919a5936e001ab4d9b3ede13e543f8802d6d3095480c29851efdecfe723
SHA512 a0a04e0fba84a1eb30b812fba12a3f21c7269a3f1b673bb2f89979d19fceff5e7f92fcb6d564f93069c5ed6169778126616012e528e42af0bd4345b8358dca9e

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-15 00:07

Reported

2024-06-15 00:08

Platform

android-x64-20240611.1-en

Max time network

7s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-06-15 00:07

Reported

2024-06-15 00:08

Platform

android-x64-arm64-20240611.1-en

Max time network

7s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-06-15 00:07

Reported

2024-06-15 00:08

Platform

android-x86-arm-20240611.1-en

Max time network

6s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 142.250.180.14:443 tcp
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-06-15 00:07

Reported

2024-06-15 00:08

Platform

android-x64-20240611.1-en

Max time network

5s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral9

Detonation Overview

Submitted

2024-06-15 00:07

Reported

2024-06-15 00:08

Platform

android-x86-arm-20240611.1-en

Max time network

5s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral11

Detonation Overview

Submitted

2024-06-15 00:07

Reported

2024-06-15 00:08

Platform

android-x64-arm64-20240611.1-en

Max time network

8s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A