Analysis Overview
SHA256
444a2634df68d083b1e1d7004ec1d4d52d25d2ff7f62d9275bfa71937a7bb554
Threat Level: Shows suspicious behavior
The file acd5e3a943d00709b9d6678d5b000bbf_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Obtains sensitive information copied to the device clipboard
Queries the unique device ID (IMEI, MEID, IMSI)
Queries information about the current Wi-Fi connection
Queries the mobile country code (MCC)
Requests dangerous framework permissions
Checks the presence of a debugger
Registers a broadcast receiver at runtime (usually for listening for system events)
Checks CPU information
Checks memory information
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-06-15 04:09
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read the user's calendar data. | android.permission.READ_CALENDAR | N/A | N/A |
| Allows an application to write the user's calendar data. | android.permission.WRITE_CALENDAR | N/A | N/A |
| Allows an application to read or write the system settings. | android.permission.WRITE_SETTINGS | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-15 04:09
Reported
2024-06-15 04:13
Platform
android-x86-arm-20240611.1-en
Max time kernel
153s
Max time network
172s
Command Line
Signatures
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Checks the presence of a debugger
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.lng168.yxtapp
Network
| Country | Destination | Domain | Proto |
| GB | 172.217.169.74:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | yzx2.lng168.com | udp |
| CN | 47.95.241.237:80 | yzx2.lng168.com | tcp |
| CN | 47.95.241.237:80 | yzx2.lng168.com | tcp |
| CN | 47.95.241.237:80 | yzx2.lng168.com | tcp |
| CN | 47.95.241.237:80 | yzx2.lng168.com | tcp |
| CN | 47.95.241.237:80 | yzx2.lng168.com | tcp |
| CN | 47.95.241.237:80 | yzx2.lng168.com | tcp |
| GB | 142.250.187.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.212.238:443 | android.apis.google.com | tcp |
| CN | 47.95.241.237:80 | yzx2.lng168.com | tcp |
| CN | 47.95.241.237:80 | yzx2.lng168.com | tcp |
Files
/data/data/com.lng168.yxtapp/databases/_ionicstorage-journal
| MD5 | 735dbbe6015b1ff90cc821c0f88b96a3 |
| SHA1 | e4efbc5549ed1fa04ebe80c7dcf9921c8a53236c |
| SHA256 | 3e0a393b8882d3a6a82b14ed5389f8a88be7186d08920fd663aa1cfe80ba76fc |
| SHA512 | ca684d8835c069cdf7bb0c45595bc8046e59b94a9652284a4e2b3d938fb7758a8e6cf1ac0605a881c98a99c71239f001ce153aa79794fcf352fc46bdd57bf1d2 |
/data/data/com.lng168.yxtapp/databases/_ionicstorage
| MD5 | 61143da4a088455681eb3f4dff524952 |
| SHA1 | 0750021af8aa346caff662acfe66600310a645e7 |
| SHA256 | 0af141959bf6e4b7dfe7471ae7993c2416375bfb29a78fa724762a918f0c27b5 |
| SHA512 | 1f3e48c582338afc10b0eafb13da5a8508949359d28f10083f981fc8d516d2fc3a81bdbb6eeaafb262f78d6bebe8ad1025a99a0db0a2f0f39a071b77b4191b1a |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-15 04:09
Reported
2024-06-15 04:13
Platform
android-x64-20240611.1-en
Max time kernel
160s
Max time network
182s
Command Line
Signatures
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Queries the unique device ID (IMEI, MEID, IMSI)
Checks the presence of a debugger
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.lng168.yxtapp
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 216.58.212.232:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | yzx2.lng168.com | udp |
| CN | 47.95.241.237:80 | yzx2.lng168.com | tcp |
| CN | 47.95.241.237:80 | yzx2.lng168.com | tcp |
| CN | 47.95.241.237:80 | yzx2.lng168.com | tcp |
| CN | 47.95.241.237:80 | yzx2.lng168.com | tcp |
| CN | 47.95.241.237:80 | yzx2.lng168.com | tcp |
| CN | 47.95.241.237:80 | yzx2.lng168.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| GB | 142.250.200.14:443 | tcp | |
| GB | 172.217.169.66:443 | tcp | |
| GB | 216.58.201.100:443 | tcp | |
| GB | 216.58.201.100:443 | tcp | |
| GB | 216.58.204.78:443 | tcp | |
| CN | 47.95.241.237:80 | yzx2.lng168.com | tcp |
| CN | 47.95.241.237:80 | yzx2.lng168.com | tcp |
| CN | 47.95.241.237:80 | yzx2.lng168.com | tcp |
Files
/data/data/com.lng168.yxtapp/databases/_ionicstorage-journal
| MD5 | 6e7c42b18aa6bbb92d9c3c02d01bfdb4 |
| SHA1 | 8c2e94ed8c8dc2de5c88103cb313399b02160137 |
| SHA256 | 78f41021c350f4adcae1a08d45d248d4c5955f3def062e2dd9f12d2819c2f2be |
| SHA512 | aacdb50137e3b31bb8960b450212b97c1d8d1d2897941c0a4e10994ec64ed3cf4891a183a4c1e6541eb99228cfc1db15e8cabfc13e4f0cbd40bcae2e5432d7b0 |
/data/data/com.lng168.yxtapp/databases/_ionicstorage
| MD5 | 61143da4a088455681eb3f4dff524952 |
| SHA1 | 0750021af8aa346caff662acfe66600310a645e7 |
| SHA256 | 0af141959bf6e4b7dfe7471ae7993c2416375bfb29a78fa724762a918f0c27b5 |
| SHA512 | 1f3e48c582338afc10b0eafb13da5a8508949359d28f10083f981fc8d516d2fc3a81bdbb6eeaafb262f78d6bebe8ad1025a99a0db0a2f0f39a071b77b4191b1a |