Malware Analysis Report

2025-01-19 07:43

Sample ID 240615-akqp1sscmc
Target ac2fa9617a68d1f60076a87396fc591c_JaffaCakes118
SHA256 88542f2aaa5c077db550dcf42bfce8f09a26eb077bb42651895b19f2f2bbc4ec
Tags
discovery persistence
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

88542f2aaa5c077db550dcf42bfce8f09a26eb077bb42651895b19f2f2bbc4ec

Threat Level: Shows suspicious behavior

The file ac2fa9617a68d1f60076a87396fc591c_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery persistence

Requests dangerous framework permissions

Queries the mobile country code (MCC)

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks CPU information

Checks memory information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-15 00:16

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to write the user's contacts data. android.permission.WRITE_CONTACTS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-15 00:16

Reported

2024-06-15 00:19

Platform

android-x86-arm-20240611.1-en

Max time kernel

157s

Max time network

185s

Command Line

com.my114.my11404530213793wap

Signatures

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.my114.my11404530213793wap

Network

Country Destination Domain Proto
GB 172.217.169.74:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 m.xuhangshiye.com udp
HK 154.215.6.215:80 m.xuhangshiye.com tcp
HK 154.215.6.215:80 m.xuhangshiye.com tcp
HK 154.215.6.215:80 m.xuhangshiye.com tcp
HK 154.215.6.215:80 m.xuhangshiye.com tcp
HK 154.215.6.215:80 m.xuhangshiye.com tcp
HK 154.215.6.215:80 m.xuhangshiye.com tcp
US 1.1.1.1:53 api.map.baidu.com udp
HK 103.235.46.245:443 api.map.baidu.com tcp
HK 103.235.46.245:443 api.map.baidu.com tcp
US 1.1.1.1:53 www.baidu.com udp
HK 103.235.47.103:80 www.baidu.com tcp
HK 103.235.47.103:80 www.baidu.com tcp
US 1.1.1.1:53 hm.baidu.com udp
HK 103.235.46.245:80 api.map.baidu.com tcp
CN 183.240.98.228:443 hm.baidu.com tcp
CN 183.240.98.228:443 hm.baidu.com tcp
HK 103.235.46.245:80 api.map.baidu.com tcp
HK 103.235.46.245:80 api.map.baidu.com tcp
HK 103.235.46.245:80 api.map.baidu.com tcp
HK 154.213.109.227:80 154.213.109.227 tcp
US 1.1.1.1:53 online0.map.bdimg.com udp
US 1.1.1.1:53 online4.map.bdimg.com udp
US 1.1.1.1:53 online1.map.bdimg.com udp
US 1.1.1.1:53 online2.map.bdimg.com udp
HK 154.213.109.227:80 154.213.109.227 tcp
CN 119.188.176.49:80 online2.map.bdimg.com tcp
CN 119.188.176.49:80 online2.map.bdimg.com tcp
CN 119.188.176.49:80 online2.map.bdimg.com tcp
CN 119.188.176.49:80 online2.map.bdimg.com tcp
CN 119.188.176.49:80 online2.map.bdimg.com tcp
CN 119.188.176.49:80 online2.map.bdimg.com tcp
CN 119.188.176.49:80 online2.map.bdimg.com tcp
CN 119.188.176.49:80 online2.map.bdimg.com tcp
HK 154.213.109.227:80 154.213.109.227 tcp
HK 154.213.109.227:80 154.213.109.227 tcp
CN 119.188.176.49:80 online2.map.bdimg.com tcp
CN 119.188.176.49:80 online2.map.bdimg.com tcp
US 1.1.1.1:53 online3.map.bdimg.com udp
US 1.1.1.1:53 app.baidu.com udp
HK 154.213.109.227:80 154.213.109.227 tcp
HK 154.213.109.227:80 154.213.109.227 tcp
HK 103.235.47.17:443 app.baidu.com tcp
HK 103.235.47.17:443 app.baidu.com tcp
CN 119.188.176.49:80 online3.map.bdimg.com tcp
CN 119.188.176.49:80 online3.map.bdimg.com tcp
US 1.1.1.1:53 m.baidu.com udp
HK 103.235.46.213:80 m.baidu.com tcp
HK 103.235.46.213:80 m.baidu.com tcp
GB 142.250.187.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
GB 172.217.169.74:443 tcp
GB 172.217.169.74:443 tcp
CN 14.215.183.79:443 hm.baidu.com tcp
CN 14.215.183.79:443 hm.baidu.com tcp

Files

N/A