Malware Analysis Report

2025-01-19 07:44

Sample ID 240615-at7d5asfjb
Target ac3bb2c0c598bd115c808915db9a3908_JaffaCakes118
SHA256 93628d9ffd9560ca343c466eeb4be873150c355d941dff2c66ca6bf9f13f0be4
Tags
persistence
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

93628d9ffd9560ca343c466eeb4be873150c355d941dff2c66ca6bf9f13f0be4

Threat Level: Shows suspicious behavior

The file ac3bb2c0c598bd115c808915db9a3908_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

persistence

Requests dangerous framework permissions

Registers a broadcast receiver at runtime (usually for listening for system events)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-15 00:31

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-15 00:31

Reported

2024-06-15 00:34

Platform

android-x86-arm-20240611.1-en

Max time kernel

7s

Max time network

150s

Command Line

air.com.ppllaayy.tfqsports

Signatures

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

air.com.ppllaayy.tfqsports

Network

Country Destination Domain Proto
GB 142.250.180.14:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.213.14:443 android.apis.google.com tcp
GB 172.217.16.234:443 semanticlocation-pa.googleapis.com tcp

Files

/data/data/air.com.ppllaayy.tfqsports/com.ppllaayy.tfqsports/Local Store/#SharedObjects/TFQ_spil_final.swf/TFQ6_15.sol

MD5 27ccd1d97ab4bad85136a60f6ea678ae
SHA1 403f6dd5000efc858fe18fb10592931b15ef2919
SHA256 e61bbfc70b1408410d6272dabf7ab9d87a3eb7ead9f6888fad2f4937c064cc8b
SHA512 ce0574ba63d9bbe8283b7e716192286e992cd4821dbc2ddcc14ca4657fdb5a2babc0661b723d40a6030ee46613ac8ca835ccf2b2c0ec881e46c757e5b46548b5