Analysis Overview
SHA256
348d26ac2267c9785208b205ec6389744f63ae9cc464f51048c447103345a412
Threat Level: Likely malicious
The file ace22f6605190d1dd03d9e251ec9d795_JaffaCakes118 was found to be: Likely malicious.
Malicious Activity Summary
Checks if the Android device is rooted.
Requests cell location
Loads dropped Dex/Jar
Queries information about running processes on the device
Queries information about the current Wi-Fi connection
Requests dangerous framework permissions
Queries information about active data network
Listens for changes in the sensor environment (might be used to detect emulation)
Registers a broadcast receiver at runtime (usually for listening for system events)
Uses Crypto APIs (Might try to encrypt user data)
Checks CPU information
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-15 04:28
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read or write the system settings. | android.permission.WRITE_SETTINGS | N/A | N/A |
| Allows an application to request installing packages. | android.permission.REQUEST_INSTALL_PACKAGES | N/A | N/A |
Analysis: behavioral4
Detonation Overview
Submitted
2024-06-15 04:27
Reported
2024-06-15 04:31
Platform
android-x64-20240611.1-en
Max time kernel
10s
Max time network
156s
Command Line
Signatures
Processes
com.youku.cloud.apk
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.238:443 | android.apis.google.com | tcp |
| GB | 142.250.200.46:443 | tcp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.180.8:443 | ssl.google-analytics.com | tcp |
| GB | 216.58.212.238:443 | tcp | |
| GB | 142.250.200.2:443 | tcp | |
| GB | 172.217.169.68:443 | tcp | |
| GB | 172.217.169.68:443 | tcp |
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-06-15 04:27
Reported
2024-06-15 04:31
Platform
android-x64-arm64-20240611.1-en
Max time kernel
8s
Max time network
132s
Command Line
Signatures
Processes
com.youku.cloud.apk
Network
| Country | Destination | Domain | Proto |
| GB | 172.217.16.238:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 172.217.16.238:443 | tcp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 216.58.204.72:443 | ssl.google-analytics.com | tcp |
| GB | 172.217.169.68:443 | tcp | |
| GB | 172.217.169.68:443 | tcp |
Files
Analysis: behavioral9
Detonation Overview
Submitted
2024-06-15 04:27
Reported
2024-06-15 04:28
Platform
android-x86-arm-20240611.1-en
Max time network
7s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral10
Detonation Overview
Submitted
2024-06-15 04:27
Reported
2024-06-15 04:28
Platform
android-x64-20240611.1-en
Max time network
7s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral11
Detonation Overview
Submitted
2024-06-15 04:27
Reported
2024-06-15 04:28
Platform
android-x64-arm64-20240611.1-en
Max time network
7s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-15 04:27
Reported
2024-06-15 04:31
Platform
android-x86-arm-20240611.1-en
Max time kernel
7s
Max time network
140s
Command Line
Signatures
Checks if the Android device is rooted.
| Description | Indicator | Process | Target |
| N/A | /system/app/Superuser.apk | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.kidplay.bbtgs/app_plugin/PlayerUIApk.apk | N/A | N/A |
Queries information about running processes on the device
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Listens for changes in the sensor environment (might be used to detect emulation)
| Description | Indicator | Process | Target |
| Framework API call | android.hardware.SensorManager.registerListener | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Processes
com.kidplay.bbtgs
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| CN | 203.107.1.97:443 | tcp | |
| US | 1.1.1.1:53 | log.umsns.com | udp |
| CN | 59.82.29.162:443 | log.umsns.com | tcp |
| US | 1.1.1.1:53 | adash.man.aliyuncs.com | udp |
| CN | 59.82.40.77:80 | adash.man.aliyuncs.com | tcp |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.46:443 | android.apis.google.com | tcp |
Files
/data/data/com.kidplay.bbtgs/databases/MessageStore.db-journal
| MD5 | e0c55a4263cb0d73fe1630052e7fe966 |
| SHA1 | 4ee5142dffd725f03785d9f300d413d539fd14e0 |
| SHA256 | 66f2ec80d403ff224126ff6e99be337b6e33df891208bff72fb7b49d1ea9af2c |
| SHA512 | 7c29d6f6c8d21095f2f1dc80e6e0682d0770b1b5d969fdf49856e8cb2e015bdbfbe326a43c188afcc95b69275a62b6e18521c0ac7e4a2d8fd93fd4e02ebb0ada |
/data/data/com.kidplay.bbtgs/databases/MessageStore.db
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/com.kidplay.bbtgs/databases/MessageStore.db-shm
| MD5 | cf845a781c107ec1346e849c9dd1b7e8 |
| SHA1 | b44ccc7f7d519352422e59ee8b0bdbac881768a7 |
| SHA256 | 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7 |
| SHA512 | 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612 |
/data/data/com.kidplay.bbtgs/databases/MessageStore.db-wal
| MD5 | a3c200cb1b384ba262b093cd7e248a55 |
| SHA1 | 98aee39b97db679cd2b4be5a8eb5393003a14ede |
| SHA256 | a007ebdf2fddba922bffbea6ec721197e04be25f104a4cd2b2e1265e5998cf22 |
| SHA512 | f8a5038f2f771a184dfd7c0b82f4f002086e00da2584ee93c4146f6e3e1b9fb5ae01f09f6ec706f9bc6eaed03085963f8a1720d479b261140ef851d9aabf1a91 |
/data/data/com.kidplay.bbtgs/databases/MsgLogStore.db-journal
| MD5 | 489d313cd66390641eede4409ca32262 |
| SHA1 | 4c6b9ed277994221f7d2ad609668887f7a1e8563 |
| SHA256 | 051dcf929313fdc7dbeb2fa341240a7536555773a9723c272694411af32ad1b5 |
| SHA512 | 998aca7f350c9f7f446f7ed2c7e9ff02ade57b22e4ccc1d30bca7d853466889d732482223c4dc76de0954965b165504bdd00629701412ca9df13fdd58b9a2ad2 |
/data/data/com.kidplay.bbtgs/databases/MsgLogStore.db-wal
| MD5 | 30b877046479ab1944bf58af4691d826 |
| SHA1 | 1019d4da6770a069b9a112c5df03d77e32f5df17 |
| SHA256 | f46a3c25616ca0b2e0dc35ade0ac47bc75901c5fbc32ed57870d2f33019c6f2f |
| SHA512 | b5d3d8864ea50b64321e02933f3703b02a9b524347fe00767b1ded574c727dc33a4bfdcf208bd6efa44dd46627dde6c01e3a4849bca97b450056708ad5b42d37 |
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | 9781ca003f10f8d0c9c1945b63fdca7f |
| SHA1 | 4156cf5dc8d71dbab734d25e5e1598b37a5456f4 |
| SHA256 | 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793 |
| SHA512 | 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03 |
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | c3e6ed45023a0bd17abf49893417cba2 |
| SHA1 | 105ebe6b9d282f87ef44f5e21f05462ce249448a |
| SHA256 | 30624d8d44d2932c4502c690a82e67972d9f2fc013a3527088ca34e34fb2ebfe |
| SHA512 | 13f379f821f337c1fb87e6f41e2a7bed494b96e8563e2485be8ddae7247f0bd68afeeb95bc00ace949591dac1c04e0df7a04038b32e2184b21e6a71b5408fe18 |
/storage/emulated/0/.DataStorage/ContextData.xml
| MD5 | b04789083f6135d5242536c06afb5f6f |
| SHA1 | a68e3368319190c0ea8a604f7c23f34edc9c3bf7 |
| SHA256 | 7a65cc366074d4344e7b90680cb263a67b2609bc0e9b678a7d3faa26ae770d3a |
| SHA512 | 939e6cb9799b543752850b0aa76188852fed947a52a0b3fd6aca2188430484632de1ebb69fc58ebed03182ca080eb61a08294939125d771bea080e6252e11608 |
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | f85df6052af13f1cda677758723e25d9 |
| SHA1 | 3607374920f108bc6d7a20d6544cace5b87258fc |
| SHA256 | 7df0cbce3f8c11af55685dfae7fa3986ebaa53cd4c4481b05fe3e4cab90a547f |
| SHA512 | 75d8de42e16cecdc916baa9b0145dcf62ff9bd02fad21d96a527bbddc2118c5a29c287a677da1a3962b382a79f9b646c155898fe1838084f401252d6a65f9ec3 |
/storage/emulated/0/.DataStorage/ContextData.xml
| MD5 | 5b1f75f4d0b149eb43039f327b8365ea |
| SHA1 | f9d73f87bc0f4b7bbb3c0b4d1ddb01b1a57d4d4a |
| SHA256 | 7d2c519ad438f16a7a339c2285e31f4ed3c8e1be99ba40c8e0accf5193dada0c |
| SHA512 | d38ae8c881b7bc17b9ab91e4330dfb34a4f23cb683a3e63c9b3de861ed90c280e04d033a5343f88bc95811c9dd154067037362d51ef520a4604a62ee80933617 |
/data/data/com.kidplay.bbtgs/databases/accs.db-journal
| MD5 | 854be3b10ca25a6d5e043d7f64226a16 |
| SHA1 | 9ae89748847bd83eccc585adcae8ae472a41fc59 |
| SHA256 | 7ef7e6246427c0e7e09d1916e8bcd0e91aa1d308d6188d1ff058207b4c742c63 |
| SHA512 | 54fa48f65305397c78ba179deb628c823d0777d5d0aa8a09a91b4e3dff8b2d5dc38f11c0e174d92534ed369af2020ade411dbfa693751090f39c5060ec0f8484 |
/data/data/com.kidplay.bbtgs/databases/accs.db-wal
| MD5 | f36dbb2791d6b5852d656acba1d3b629 |
| SHA1 | 6412c522ea22f1951df1bf9c33f1503a2acb3f2d |
| SHA256 | 9139eccf943e7d93dca180a24d65e2f91a55e7029769e240c5cc2f6181e91868 |
| SHA512 | bd4560a35c3209d42d894df2f7377698aaffcc5944d11fcec501618c41be58a84b6f13a6a01bb2e6990c28a220c4955c54ac41e557c920843dd82f22fc69f319 |
/data/data/com.kidplay.bbtgs/app_plugin/PlayerUIApk.apk
| MD5 | 4c300a61d0d96ebe8a74cc1219c7d489 |
| SHA1 | 851cd913f1c6bdfc18d451197120369c7235d8b1 |
| SHA256 | 861d63ed266c4f63f3061a1a05fb2076615248534f400e48216e67f25e6be92e |
| SHA512 | 11288c439961a723ce68499769e9c14a4bedf2047d1609b204d2ee0776f81ffdba1b474d169c4e0c0c52c1fb43199893701fffef7b682d6c25adf557002868be |
/data/user/0/com.kidplay.bbtgs/app_plugin/PlayerUIApk.apk
| MD5 | 99e99c9ee2184a722ca10b850b221516 |
| SHA1 | 5a946d7157a028b9356675950e189a2e44c06ffb |
| SHA256 | 18120f8875cdf7bb542337748fb8998bb3be5393ce27165db56ed163954211b3 |
| SHA512 | fd8bc479b18e8310931f6285ef8e8834e94ee7a4b042e8fe67581bef8c35edf0bad09515c332cf383d2737eea1ee05b5770972d91703cc50a9db894bfb577313 |
/data/data/com.kidplay.bbtgs/databases/ua.db-journal
| MD5 | 2aadc766c69d778049930737ece24dcb |
| SHA1 | 428aec6b861ee8d2bafc947aa76325c0e3cdd144 |
| SHA256 | 1f7a360263fb5b9217d0f86de29fa1d0d0bdec3b66b1edf4bba8ef8ce871ef07 |
| SHA512 | 5e53ca86fa3b7c070492ceb24864baebeaf12f527dfe315ee7a3762f4e458ff5023bdb098b9ccb0a9b5f74e7bf2c60bafe7397700f428e832a3451be360a1ed2 |
/data/data/com.kidplay.bbtgs/databases/ua.db
| MD5 | ef6878e55b39d82d774e9d212bcb6f17 |
| SHA1 | 0c860b84ffd662266c074bb2854c4010a2befa2e |
| SHA256 | 83ec92923e7fa7c9e7276ee8a7f0f5d4dfaa615006252dad0d4a6932a93119f9 |
| SHA512 | 4365974602cd29411543798ea4a8afb146151511952fed263e300cd44cdf90b558a4f23f7144e98de8492c9b00bd4e0f52c3e2a73bb7c3111ea6593dc71ce5d8 |
/data/data/com.kidplay.bbtgs/databases/ua.db-wal
| MD5 | e13c7f50b492a882e7b6651c109ffcca |
| SHA1 | 3c765930b2828be276c566935bde984526f057bf |
| SHA256 | c9a928b98d29be885faf378fd2b25600bd266dceb734c252ca23c1fe9a0d7421 |
| SHA512 | 604ad64a9a66726b6200a9a8c84c50c4a85e1a911b34181db87f708f8fba0220e2c302bd61237042f9c5b04b0af70a162e58d0f21e08ac87bc5a2383e6333b9b |
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-15 04:27
Reported
2024-06-15 04:31
Platform
android-x86-arm-20240611.1-en
Max time kernel
8s
Max time network
139s
Command Line
Signatures
Processes
com.youku.cloud.apk
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.212.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.178.14:443 | android.apis.google.com | tcp |
Files
Analysis: behavioral6
Detonation Overview
Submitted
2024-06-15 04:27
Reported
2024-06-15 04:28
Platform
android-x86-arm-20240611.1-en
Max time network
6s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral7
Detonation Overview
Submitted
2024-06-15 04:27
Reported
2024-06-15 04:28
Platform
android-x64-20240611.1-en
Max time network
8s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral8
Detonation Overview
Submitted
2024-06-15 04:27
Reported
2024-06-15 04:28
Platform
android-x64-arm64-20240611.1-en
Max time network
7s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.187.206:443 | tcp | |
| GB | 142.250.187.206:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-15 04:27
Reported
2024-06-15 04:28
Platform
android-33-x64-arm64-20240611.1-en
Max time network
9s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| GB | 172.217.169.68:443 | udp | |
| BE | 142.250.110.188:5228 | tcp | |
| GB | 172.217.16.228:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 172.217.169.68:443 | udp |