Analysis Overview
SHA256
4b21f82f5c8f9b64de099faa770863ee3ad42592a388d0c6a395a30de1ee85c6
Threat Level: Shows suspicious behavior
The file ad0f597b399d63386605b15541cc6d93_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Obtains sensitive information copied to the device clipboard
Requests dangerous framework permissions
Queries information about the current Wi-Fi connection
Queries the mobile country code (MCC)
Queries the unique device ID (IMEI, MEID, IMSI)
Queries information about active data network
Reads information about phone network operator.
Registers a broadcast receiver at runtime (usually for listening for system events)
Checks memory information
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-06-15 05:50
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
Analysis: behavioral5
Detonation Overview
Submitted
2024-06-15 05:50
Reported
2024-06-15 05:50
Platform
android-x64-20240611.1-en
Max time network
5s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral6
Detonation Overview
Submitted
2024-06-15 05:50
Reported
2024-06-15 05:50
Platform
android-x64-arm64-20240611.1-en
Max time network
6s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-15 05:50
Reported
2024-06-15 05:53
Platform
android-x86-arm-20240611.1-en
Max time kernel
179s
Max time network
179s
Command Line
Signatures
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Reads information about phone network operator.
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
net.kairosoft.android.horse_ja
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | config.adview.cn | udp |
| CN | 211.103.153.95:443 | config.adview.cn | tcp |
| CN | 211.103.153.95:443 | config.adview.cn | tcp |
| GB | 216.58.201.110:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.238:443 | android.apis.google.com | tcp |
| CN | 211.103.153.95:443 | config.adview.cn | tcp |
| CN | 211.103.153.95:443 | config.adview.cn | tcp |
| CN | 211.103.153.95:443 | config.adview.cn | tcp |
| CN | 211.103.153.95:443 | config.adview.cn | tcp |
| CN | 211.103.153.95:443 | config.adview.cn | tcp |
Files
/data/data/net.kairosoft.android.horse_ja/databases/google_analytics.db-journal
| MD5 | d9beb1f9c823890e8b456bf146ec62bb |
| SHA1 | ae99e1992eb64a509171c6a633c38066adb9e1ab |
| SHA256 | ba59ebcf284f6e536bd3ae1867080bc998385705e1ee4da34dd042d92e960904 |
| SHA512 | e074c25d12914712b088ad4d4d188b97b272b303dc1ee4c799b2420ce08d74e035eb989f63c698dbdb0af06beccd5f6235342d586bb15653ca39728b7f59955f |
/data/data/net.kairosoft.android.horse_ja/databases/google_analytics.db
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/net.kairosoft.android.horse_ja/databases/google_analytics.db-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/net.kairosoft.android.horse_ja/databases/google_analytics.db-wal
| MD5 | b169f569c8031130a5f2d5e35863c456 |
| SHA1 | 7c7333298fe093603403593d6b3d5a2fdf048a3c |
| SHA256 | f208d413edb64e764df48d35cd99382941708ae5e8967f2c37661713b02e2397 |
| SHA512 | 0e403f317e30cf4f96a478aa0e2ed10a6a764052f17904640a5764f01be01747488deb8147471bb4b616608865acab296e88ad2f90409e8b48f1d5c142d01413 |
/data/data/net.kairosoft.android.horse_ja/databases/reqinfo.db-journal
| MD5 | 5a89d9620096235107d6bc22c9bae945 |
| SHA1 | 88b6d17d675740a0a8dbf272af19523e20aca3d7 |
| SHA256 | c20768b2fc57737982feece7cc3c99bda09f11f6edcc7b71a5c705af34fbc3d2 |
| SHA512 | 7dbc480637e3700e41af8b6d5479173a093daaa509cbb20f6a41e2fd4254ea50aa67b5f40f0f24106446c597657f6129e2616e74f50dbb4caf7ebe5d20d8c915 |
/data/data/net.kairosoft.android.horse_ja/databases/reqinfo.db
| MD5 | faa894e54629c824b65b04d3442cb83e |
| SHA1 | 2763e002af3a7230676d253bfc19f09252cabcbb |
| SHA256 | 89f0359d7c6fd98c2403f473ac879eccca483db035559ab0d0e3d32d9654b9cb |
| SHA512 | 2be5b3c02bce0eaf0b1ad75789efed0eba58da89ee6c0c79de799eb40cd3bacffaf4942ac4e82455dabd4f8e459221f1fbe09fb463b3c9c278c19ce694c6d140 |
/data/data/net.kairosoft.android.horse_ja/databases/reqinfo.db-wal
| MD5 | 69cf6d00fa6a12325422c87ec543fa5b |
| SHA1 | 6b2028a2dfaf182d18804e52626991450fadeb70 |
| SHA256 | d46332dd9ac50f89df9bffdce807e93fd999f7795df55b02b17a55321b0de596 |
| SHA512 | 2ee40df999e40ef03cb2c8ee89b68680207bb618489d302e2f9ff15e775d576fefc58e428e2a78563723e4b2d1dfd06d789a8fe3d44dd30f37d0ea1486c676b1 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-15 05:50
Reported
2024-06-15 05:53
Platform
android-x64-20240611.1-en
Max time kernel
179s
Max time network
179s
Command Line
Signatures
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Queries the unique device ID (IMEI, MEID, IMSI)
Reads information about phone network operator.
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
net.kairosoft.android.horse_ja
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 172.217.169.42:443 | tcp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.179.232:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | config.adview.cn | udp |
| CN | 211.103.153.95:443 | config.adview.cn | tcp |
| CN | 211.103.153.95:443 | config.adview.cn | tcp |
| GB | 172.217.169.42:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.14:443 | android.apis.google.com | tcp |
| GB | 142.250.179.238:443 | tcp | |
| GB | 142.250.187.206:443 | tcp | |
| GB | 142.250.187.194:443 | tcp | |
| GB | 172.217.169.42:443 | tcp | |
| CN | 211.103.153.95:443 | config.adview.cn | tcp |
| GB | 172.217.16.228:443 | tcp | |
| GB | 172.217.16.228:443 | tcp | |
| CN | 211.103.153.95:443 | config.adview.cn | tcp |
| CN | 211.103.153.95:443 | config.adview.cn | tcp |
| CN | 211.103.153.95:443 | config.adview.cn | tcp |
| CN | 211.103.153.95:443 | config.adview.cn | tcp |
Files
/data/data/net.kairosoft.android.horse_ja/databases/google_analytics.db-journal
| MD5 | 063904b26fa6faf340f92193f5d35a86 |
| SHA1 | c45499e942af42705e478cd4ed68e9a4b5361e5b |
| SHA256 | 83aec6facbdc9ab62b1d51e1ab66fa810f5623ad6ccabcf305e1880b823c4c22 |
| SHA512 | ee6be386c818fe6ea6eb127273540c254cd97dc9ba685e59e938040205890297c80bea7af096ce959cbbfeff1eff207ce474f5c3adffd3e08617b397fdf92676 |
/data/data/net.kairosoft.android.horse_ja/databases/google_analytics.db
| MD5 | 99dee33de90b63d945b3d32d0dfea63f |
| SHA1 | ca2204612d825330c97f653e8583279f65e84fa2 |
| SHA256 | df9b1adb1e0f611a1ef9f7fa2b0473638aed7695e5bf67081540a754c887be96 |
| SHA512 | 10578832634e68efa27f12f73bfdcf5b1e7194c7a93263471711449bd485a858ebc14f2a241dfa1267833eaf137a39098f7da96f5f0151e4c36f60ed17c4d5bb |
/data/data/net.kairosoft.android.horse_ja/databases/google_analytics.db-journal
| MD5 | a1e5321dbe358a7cc7787cf6529efe17 |
| SHA1 | c3e1220311b0fa940c7dc848aba6569f439d339d |
| SHA256 | 9599593963a778cc3919c510f3d66758825e24c57e2ad55ce13a5dc1f5adbe74 |
| SHA512 | 1f57d77259dc99889ee052c4b4bf27dad33f461e78ae50291233b4200a6184fcb46f165afb77a6f3378311fbab12f9e6e8e9d184ea746ecb5f7239f05de5c1af |
/data/data/net.kairosoft.android.horse_ja/databases/google_analytics.db-journal
| MD5 | 4e7af5a914e7a40d9c44a5795295c02b |
| SHA1 | 8e5e236bc408c803d2e39bc46ab0dda4ce1a64e8 |
| SHA256 | 429d2c5cc8730b979e6c19c99a8ca664c81447d8cccf68517ee2720c2e36872b |
| SHA512 | dc23e0f1965af45cbe5e42f3219c6f2ff996ac1cb3811bd01f7bff4185a2e825b0cae80f886498b9633affac792cb608ff2546f1a8364a9e603bb7089f26e9f2 |
/data/data/net.kairosoft.android.horse_ja/databases/google_analytics.db-journal
| MD5 | e3106a8464fed749bfda72336b8fd03b |
| SHA1 | 3a292dd8c166056f7d25fef575790313aaf06a79 |
| SHA256 | 508ec5508c436b9cabb523c5798d9e33ee46b5e676cef4675132dda185879068 |
| SHA512 | 59049443b6043fe95286393c222334be785ec7bc2c09fc856f8f7f72df4e9ed2b1f3604a821bbffee3291935282602c91d3dd8cf56244200f5bfe65ff9c1a16f |
/data/data/net.kairosoft.android.horse_ja/databases/reqinfo.db-journal
| MD5 | 8947301b152041c954762f738cbe7bee |
| SHA1 | 305d04c6bbf155bbe9378bb6cadf4ca798cefaef |
| SHA256 | 8a4065e5bf76d68cd05d41dc4d6e5c6b2abdf33e1ddfc364bc9a54e1730d5551 |
| SHA512 | fec6cf595505cf47d3aebd287e660cafe889ed694b3caf47e8b6c2662c67bf86d92c3b8dedd9fa2375432af385c651e098e394bc8da9df086716999f1277c88e |
/data/data/net.kairosoft.android.horse_ja/databases/reqinfo.db
| MD5 | 2decc027d61e34f35329b264b713a25e |
| SHA1 | 0d6a97ad1e147ff5cb15d7bc50d016402720c2b1 |
| SHA256 | 7dd6f54b773436b58acc0b528fedba35d4a98f109c0d5de469f873418d13c567 |
| SHA512 | e954c3182c9a19e912014c609366e3e69fb8e9c6a3f890762f0d00558da99a040e9f0e1908049ccd9cc7dd085e9dc51e0af2718cc1c8278118cb77facb0ac277 |
/data/data/net.kairosoft.android.horse_ja/databases/reqinfo.db-journal
| MD5 | 8914631c7ab272fbf712b532198fab1b |
| SHA1 | 356c0008dc44c7ae6862f29309fc665e18757d7f |
| SHA256 | 0558c4e3c798056219cc7714d7f316eba83ba079b8b0ae349137d85f888dbec9 |
| SHA512 | cbe81803b74a2246c7085415572e654f479055a9af818ceed849299f5635f1efdfccebb697cfcd4f39d0b3c76e4bc5be49d12fe4bf5edee6c0b090625c156249 |
/data/data/net.kairosoft.android.horse_ja/databases/reqinfo.db-journal
| MD5 | 8affd996a6da06aa72fa81051b3c0027 |
| SHA1 | 013d60e1d1e38ecf0417c906a3900e6e895e178c |
| SHA256 | 66b9e057f7d5afbce4c48ec52b4d2e1ef6951afae8b220e598bbfc80cc5503b1 |
| SHA512 | 489640c99107d5c7ec81238de7f3d7ef1e106a4a299d3505b647f4c31039ea3105255bdbb8070f2104d77805ecafdebeb54e34af0338d2389ff6eef11036201d |
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-15 05:50
Reported
2024-06-15 05:53
Platform
android-x64-arm64-20240611.1-en
Max time kernel
179s
Max time network
180s
Command Line
Signatures
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
net.kairosoft.android.horse_ja
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.179.234:443 | tcp | |
| GB | 142.250.179.234:443 | tcp | |
| GB | 142.250.187.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.178.14:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 216.58.212.200:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | config.adview.cn | udp |
| CN | 211.103.153.95:443 | config.adview.cn | tcp |
| CN | 211.103.153.95:443 | config.adview.cn | tcp |
| GB | 142.250.180.4:443 | tcp | |
| GB | 142.250.180.4:443 | tcp | |
| CN | 211.103.153.95:443 | config.adview.cn | tcp |
| CN | 211.103.153.95:443 | config.adview.cn | tcp |
| CN | 211.103.153.95:443 | config.adview.cn | tcp |
| CN | 211.103.153.95:443 | config.adview.cn | tcp |
| CN | 211.103.153.95:443 | config.adview.cn | tcp |
Files
/data/user/0/net.kairosoft.android.horse_ja/databases/google_analytics.db-journal
| MD5 | f3fd1b27217ae1accb37742bed7b8454 |
| SHA1 | 4b04d14ea626d306171a079f66b12f3abd49224e |
| SHA256 | e6ab4bf1f99037790307c705511714a7974bab6357ea408910a7981116ecc572 |
| SHA512 | 3f838e2d0f30c0a954188f0f8dac03251b77d61fcd80403b6771166a449855c84275ee669905e4369446f85c193d5e84b81b0f3c685a689a5bc1caa41d1db002 |
/data/user/0/net.kairosoft.android.horse_ja/databases/google_analytics.db
| MD5 | ba12f53b6f1d877f6082e3720645451f |
| SHA1 | b3e8238a1d4fcee6b8df05ddac0bf35ad11c3842 |
| SHA256 | a582148fa6713d72361f1c890ff91beca3d559c4a4378ba868318e3ccbc4f53d |
| SHA512 | d60e4f448883c14fc7de6c7c0a418ff515458c75f9ce524c528797cf7aea951d60b01b66595b8a65207afcbfd5983ae508f56d1835d04758bba4e779d882baa8 |
/data/user/0/net.kairosoft.android.horse_ja/databases/google_analytics.db-journal
| MD5 | de56e414bdb778874fc443627ff14800 |
| SHA1 | cdcffb68c53e4af2490af250c89dd50b9e3ba0a3 |
| SHA256 | 153105ba468a94de230adf624f3e7eb7d8f353504e2c11481e2d8b6a335e2c3e |
| SHA512 | 03314279338121d51b7470fb255a86254a1f62e61aa32150c861516ea232333579a015c3f1cc42dc357929a54d6260dd0a2b2ad671444597d9cc7e6ef63e0e13 |
/data/user/0/net.kairosoft.android.horse_ja/databases/google_analytics.db-journal
| MD5 | f34211997b2421b1112085dc81446036 |
| SHA1 | 2e0c2487a7f26bedc9c1ac40695d51fc4c8cea39 |
| SHA256 | 1fbb904dc4824e365ce8f6f07dcdb30d280771294e97d3c577591954705d5a04 |
| SHA512 | 7531a4c46cd1eeb9451eddcc7580219ecdf79415435c9e6f418b7fc5d51f9b66cf802755b10598b62199803aa3d25662cb60caa86bfdb31079cb1d35e1acc1e1 |
/data/user/0/net.kairosoft.android.horse_ja/databases/google_analytics.db-journal
| MD5 | ca1e522df127540ab12c412615e71189 |
| SHA1 | b8c0b56d8d79f233c96144c78b4ee6373e0df933 |
| SHA256 | a72886962a6dfeaafdb5bba9b3c0234cf70ed8c42f85d200c53a91b65ceff3f3 |
| SHA512 | a9ba6445525c0fd13d38d3d7790ad9a0bc15ecf4341c9e35329e5b4bf50f3aec4c3b996bef11b0426fae13fe3eb5e2d023f619b823dd6953201106e41ac2f284 |
/data/user/0/net.kairosoft.android.horse_ja/databases/reqinfo.db-journal
| MD5 | 0ce797ee1c717675467aca6b166d8b00 |
| SHA1 | e2c2d28b339b6c95ce3d6b4b20e1d0d2c7b98624 |
| SHA256 | 9ebfad6a66239acb2406be982939816a39d6a4f761442b895199ab17ae458257 |
| SHA512 | 24f3486c78e97e7e86bbe558b22f5619b39d21bc52a8aea95281bbb7b6893a76cfe24d6eb46bf01c6a764effa36a61a5616589b1eeb4086b34e7e30524083eef |
/data/user/0/net.kairosoft.android.horse_ja/databases/reqinfo.db
| MD5 | 2eb6ccd15bd045758b754a1c9591cbe8 |
| SHA1 | 3f44b74ac7923d5050b1d1d7ff4dbe332c60673b |
| SHA256 | 57c26b757ea53ba399d2835333d76c80fda9f88921cc482edf1e6d2efa7d6a67 |
| SHA512 | 975c99e9a8f677b5f40efccb0255636bc05c93118b60f18d881b4445a76fc921d0f9499adcf6e4a786d27c360d029fe3c1aaadce096be5621c215b81ce4a9037 |
/data/user/0/net.kairosoft.android.horse_ja/databases/reqinfo.db-journal
| MD5 | b7972caa501b9adaa458d14bd958df34 |
| SHA1 | 4b35d0d28ddd07c9e8f3a38fc4c54b09bdb5bade |
| SHA256 | 96318bab2fe5973adf418a2e543c6e7e8dbe64f946510ac622bb5817ba0bf9a1 |
| SHA512 | 2148b84bb13bda177ae1c865d39c51ce1f379099d61f2e8a9212df90cc1067311133683e10cde54bf303182f3997a1387543bf55c5e29c05efd5108266f5baf4 |
/data/user/0/net.kairosoft.android.horse_ja/databases/reqinfo.db-journal
| MD5 | 98adff97859d8310f368291e4895e68f |
| SHA1 | d9dd362c30ff0597df30b88fc3074462c8e9bc43 |
| SHA256 | fd6edae06b9ebd3ee4c13dd805b4371d870437cfa1a18d6f04e36d237b2ad5a1 |
| SHA512 | 3114453e095e9c7e7c22b7a45b9af566ce13a063a3c3e3e31464c0cb655c0087872b633108a7f71373b6290e0497afdf6c3e25b3d827615b54ebfb47ff2bfbf7 |
Analysis: behavioral4
Detonation Overview
Submitted
2024-06-15 05:50
Reported
2024-06-15 05:50
Platform
android-x86-arm-20240611.1-en
Max time network
6s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |