Analysis Overview
SHA256
93628d9ffd9560ca343c466eeb4be873150c355d941dff2c66ca6bf9f13f0be4
Threat Level: Shows suspicious behavior
The file ac3bb2c0c598bd115c808915db9a3908_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Requests dangerous framework permissions
Registers a broadcast receiver at runtime (usually for listening for system events)
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-15 00:31
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-15 00:31
Reported
2024-06-15 00:34
Platform
android-x86-arm-20240611.1-en
Max time kernel
7s
Max time network
150s
Command Line
Signatures
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Processes
air.com.ppllaayy.tfqsports
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.180.14:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.213.14:443 | android.apis.google.com | tcp |
| GB | 172.217.16.234:443 | semanticlocation-pa.googleapis.com | tcp |
Files
/data/data/air.com.ppllaayy.tfqsports/com.ppllaayy.tfqsports/Local Store/#SharedObjects/TFQ_spil_final.swf/TFQ6_15.sol
| MD5 | 27ccd1d97ab4bad85136a60f6ea678ae |
| SHA1 | 403f6dd5000efc858fe18fb10592931b15ef2919 |
| SHA256 | e61bbfc70b1408410d6272dabf7ab9d87a3eb7ead9f6888fad2f4937c064cc8b |
| SHA512 | ce0574ba63d9bbe8283b7e716192286e992cd4821dbc2ddcc14ca4657fdb5a2babc0661b723d40a6030ee46613ac8ca835ccf2b2c0ec881e46c757e5b46548b5 |