Malware Analysis Report

2025-01-19 07:45

Sample ID 240615-cjex8szaln
Target ac895c5188bdeb076a6b4544ac52d58e_JaffaCakes118
SHA256 e2fb4062e8b7253122874d43825352b20c75088a207007af46a641ee09e7a91c
Tags
discovery
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

e2fb4062e8b7253122874d43825352b20c75088a207007af46a641ee09e7a91c

Threat Level: Shows suspicious behavior

The file ac895c5188bdeb076a6b4544ac52d58e_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery

Requests dangerous framework permissions

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Queries information about active data network

Queries information about the current Wi-Fi connection

Reads information about phone network operator.

Checks CPU information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-15 02:06

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-15 02:06

Reported

2024-06-15 02:09

Platform

android-x64-20240611.1-en

Max time network

163s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.180.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
GB 142.250.187.196:443 tcp
GB 142.250.187.196:443 tcp
GB 172.217.169.10:443 tcp
GB 172.217.169.14:443 tcp
GB 172.217.169.78:443 tcp
GB 142.250.179.226:443 tcp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-15 02:06

Reported

2024-06-15 02:09

Platform

android-x64-arm64-20240611.1-en

Max time kernel

64s

Max time network

132s

Command Line

com.longjiang.bainalj

Signatures

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A alog.umeng.com N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads information about phone network operator.

discovery

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Processes

com.longjiang.bainalj

Network

Country Destination Domain Proto
GB 172.217.16.238:443 tcp
N/A 224.0.0.251:5353 udp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 oc.umeng.com udp
CN 59.82.23.79:80 oc.umeng.com tcp
US 1.1.1.1:53 wscdn.longwap.9yuonline.com udp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.177:80 alog.umeng.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.169.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 oc.umeng.co udp
CN 223.109.148.178:80 alog.umeng.com tcp
CN 223.109.148.179:80 alog.umeng.com tcp
CN 223.109.148.141:80 alog.umeng.com tcp
GB 172.217.169.68:443 tcp
GB 172.217.169.68:443 tcp
CN 223.109.148.176:80 alog.umeng.com tcp
CN 223.109.148.130:80 alog.umeng.com tcp
US 1.1.1.1:53 alog.umeng.co udp

Files

/data/user/0/com.longjiang.bainalj/files/mobclick_agent_cached_com.longjiang.bainalj

MD5 ac58c33702781da75a6268f5230f8e53
SHA1 893c629c0e45fb262c102f764bd7bce394cf8fa7
SHA256 d99a562c78d6f0d92f19c0114d374bd131535fba54e874078d4e99ff79a1b98b
SHA512 4704b6e12309a41a51baa0a96e74468786e9a525554002875bb2bb56c2d1693cd869f54ac01edd132bb92c8a491112363df4f6b9a2cdaf0a61c303c68fffaa2f

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-15 02:06

Reported

2024-06-15 02:09

Platform

android-x86-arm-20240611.1-en

Max time kernel

63s

Max time network

159s

Command Line

com.longjiang.bainalj

Signatures

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A alog.umeng.com N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads information about phone network operator.

discovery

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Processes

com.longjiang.bainalj

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 wscdn.longwap.9yuonline.com udp
US 1.1.1.1:53 oc.umeng.com udp
CN 59.82.23.79:80 oc.umeng.com tcp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.177:80 alog.umeng.com tcp
US 1.1.1.1:53 oc.umeng.co udp
CN 223.109.148.178:80 alog.umeng.com tcp
GB 216.58.201.110:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
CN 223.109.148.130:80 alog.umeng.com tcp
CN 223.109.148.141:80 alog.umeng.com tcp
CN 223.109.148.176:80 alog.umeng.com tcp
CN 223.109.148.179:80 alog.umeng.com tcp
US 1.1.1.1:53 alog.umeng.co udp

Files

/data/data/com.longjiang.bainalj/files/mobclick_agent_cached_com.longjiang.bainalj

MD5 39909e43014acd9750860652795505ec
SHA1 01a49a4dc185b7822fd03b284dc6c915c5167b7a
SHA256 7578945262c3b90ae591de59e9f983739a640b05bd8975543c94b40fadc863cb
SHA512 06a0b4eeb1b9a86fceb2035a0e282cc6820e00a8de3d9f18eb097ee32fe9ae72155b77b83cf247fcfe0e689b9bc475960601176e1e0ce319c5eb134774200373