Malware Analysis Report

2024-09-09 15:59

Sample ID 240615-kqymxsvaqe
Target ad9d2905c085c0d889f2925932c410bb_JaffaCakes118
SHA256 67692a68412f93fec2b7a666874f3cc157476af12a9f0adae2eb2b3e9e10e636
Tags
collection credential_access discovery impact persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

67692a68412f93fec2b7a666874f3cc157476af12a9f0adae2eb2b3e9e10e636

Threat Level: Shows suspicious behavior

The file ad9d2905c085c0d889f2925932c410bb_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

collection credential_access discovery impact persistence

Obtains sensitive information copied to the device clipboard

Queries the unique device ID (IMEI, MEID, IMSI)

Requests dangerous framework permissions

Queries information about active data network

Queries the mobile country code (MCC)

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks memory information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-15 08:48

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to write the user's contacts data. android.permission.WRITE_CONTACTS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. android.permission.PROCESS_OUTGOING_CALLS N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-15 08:48

Reported

2024-06-15 08:52

Platform

android-x64-20240611.1-en

Max time kernel

22s

Max time network

147s

Command Line

com.secondphoneapps.SecondPhoneTextPink

Signatures

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.secondphoneapps.SecondPhoneTextPink

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.169.42:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.180.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 ads.mp.mydas.mobi udp
GB 87.248.114.11:80 ads.mp.mydas.mobi tcp
US 1.1.1.1:53 androidsdk.ads.mp.mydas.mobi udp
GB 87.248.114.12:80 androidsdk.ads.mp.mydas.mobi tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
GB 172.217.169.42:443 tcp
GB 142.250.187.206:443 tcp
GB 142.250.187.194:443 tcp
GB 172.217.169.42:443 tcp
GB 172.217.16.228:443 tcp
GB 172.217.16.228:443 tcp
GB 142.250.179.238:443 tcp

Files

/data/data/com.secondphoneapps.SecondPhoneTextPink/databases/SpaTextDB.db-journal

MD5 a70b187344f9d345ab80e6fbd23579dc
SHA1 53f4eec0053cd5d6fef45ae1550af697725b4b3b
SHA256 a9b6bde2db64f275c81f19574e4ac01fae35d2e53648d4d760f783897138c79f
SHA512 42e0cb979543dc97f9af0091add48fb3b45e010192c57100b657c22231145ae9c52411eeb1e7dd1468cb68fca22c3779c91db573f1631df0e12a2cf6808dce79

/data/data/com.secondphoneapps.SecondPhoneTextPink/databases/SpaTextDB.db

MD5 248e188a4a6dfcd55c4795707e1e7bcf
SHA1 1f27b5b3b903a0a732ab2fafc43a91bdbc732d5c
SHA256 4bcaf91c095f89cdf826b58f9317d0d8a2c76ca1a3b19d847d0f265b41ee064b
SHA512 302b31c24e7365e530fe99811995a5a382f2ea7ccdf76371b4dc61c3a9bb52ed5cdabdb3033117c770c32ea920de4bcc03763e8f2330bd3a37860d31078c6e9d

/data/data/com.secondphoneapps.SecondPhoneTextPink/databases/SpaTextDB.db-journal

MD5 2f86eaa9e8d90ad858c2ad7e8025bfac
SHA1 18f367169fed5bfbc5d29ff83cea772210631160
SHA256 2e1c0bcc519410e581c7359ff788b49574557d5e7d453ef8638ad49e986444b6
SHA512 ccf34554654077eeaa9bdb64322de462b2c48c4ce4c3c61836caa7260e6ff9e544aa023840c252bb684fed34f68b896766d8f23c5f8b430f145c257670acfe91

/data/data/com.secondphoneapps.SecondPhoneTextPink/databases/SpaTextDB.db-journal

MD5 375dc19839e2ea2d2fb605c89e3e9b38
SHA1 ca23c8de48086dffcf612a3dcb3f13cfa5468118
SHA256 cd2e1b685e900ab9b9362ad9db97942e1238a51abf2bc8727f15a3b4da0013ad
SHA512 d9e4fe9223085824f949726fd140006e31bc074e6dff89f026b3324e277a9e21cd8ee549eed0c424a46411970a8665bd24df8360675fd799c826f53cdd893db4

/data/data/com.secondphoneapps.SecondPhoneTextPink/databases/millennialmedia.db-journal

MD5 abeb0361ce78c78fef807fe768754315
SHA1 dd7d9cb05e2c27e80ad8159c1d1dd8d33a5a13f3
SHA256 1482e5abcf07b78be4be31c80a447f8d016c7117a9e681feefe5d40515624298
SHA512 3c2ee414ea8bc5d47dd6f61dbff450c1eb7882a8074e2e28b6a16cf9986bf1ac51ab9ca53d0991156eb52217d048dc41c1a0e400520832ce07e5a790c79d32b2

/data/data/com.secondphoneapps.SecondPhoneTextPink/databases/millennialmedia.db

MD5 6daa13443ffe592bc74457715615c605
SHA1 5e0581adbf1ce81c1c9a6fa59725947f6637cef7
SHA256 05816ef73acf2d273865460cc4bed0f99e03794464ee34d4974d77f978091e42
SHA512 03ce5aa54e9b809973e7da3454555122e08ebc3744880e15e6a60d1f5f1179adbf89ceea20bf61810a4a610aaa1a006410d2d5ac58052a15cf367aa09f527250

/data/data/com.secondphoneapps.SecondPhoneTextPink/databases/millennialmedia.db-journal

MD5 1226257b9791c22ac8c2b7a3fe4d8b3a
SHA1 0b4cb6125afe400f1bc41980f8c578f0e0458fbb
SHA256 c842ba6f3a8ae3b7fa4c1827647e6cf658fbeeab89c9d3ea70f9db6386f367f8
SHA512 67f702cbea41bd5110affdc7c4c3babe1353527636ffd458354066352f63753577c05f22d0ae70d86641de1fcea021214451f94e98b7054cda980ff9703a236e

/data/data/com.secondphoneapps.SecondPhoneTextPink/databases/millennialmedia.db-journal

MD5 82391339eed85583de35bf0de72e9771
SHA1 420c2ef0d6123892cc787619d29c34bb2b4dd317
SHA256 701f38582525635626fee875a979c109296f0022f4e5987d85b255ddb1ae916f
SHA512 66c65becc81d5560b0c5af99b9785c4ce38c5ff29eb8939851b3da6fcfacd6bfa0f132f1c36816a75ae852ec0966ad4c541944ad118eafd68c824a68ec4708ba

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-15 08:48

Reported

2024-06-15 08:52

Platform

android-x64-arm64-20240611.1-en

Max time kernel

20s

Max time network

132s

Command Line

com.secondphoneapps.SecondPhoneTextPink

Signatures

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.secondphoneapps.SecondPhoneTextPink

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.179.234:443 tcp
GB 142.250.179.234:443 tcp
GB 142.250.187.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
US 1.1.1.1:53 ads.mp.mydas.mobi udp
GB 87.248.114.11:80 ads.mp.mydas.mobi tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.212.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 androidsdk.ads.mp.mydas.mobi udp
GB 87.248.114.11:80 androidsdk.ads.mp.mydas.mobi tcp
GB 142.250.180.4:443 tcp
GB 142.250.180.4:443 tcp

Files

/data/user/0/com.secondphoneapps.SecondPhoneTextPink/databases/SpaTextDB.db-journal

MD5 82bafee50fd243da3ee4d3c2fa0cecf9
SHA1 d4db51ad5b339ea628a625a78a63adaaea6d41cc
SHA256 9ceaafe44212a2669f30a3f00eed65d5b91ecb4d8ec64694bf4314709024ebd5
SHA512 db9a44dc803222eaddbb7910458cbcabb4dd4b4624fbfd2d9cbe3b799365ab347f6d150c4d2fe1c693535ea5442291533a707d062c1d2ecf83e1768ba6753832

/data/user/0/com.secondphoneapps.SecondPhoneTextPink/databases/SpaTextDB.db

MD5 c37728afd702b77f530827440a604fc5
SHA1 95f163fc3225f075cee36b6340630d8bba039a4e
SHA256 f6fe56f50d20a817e0882f7a83637ee47e9a8bea89e9fce923b202c285a51570
SHA512 0f1b71e8f5556e709461c2fd6c6fcb740aec65912f70dc29db2cb40c254b976c952ec3fbf5ca5859257270325e3ff7740d46d2e94eaa8821d8dff01e8f7c3ac6

/data/user/0/com.secondphoneapps.SecondPhoneTextPink/databases/SpaTextDB.db-journal

MD5 1075b723d71fd9a06d0beb147c1e70d0
SHA1 f2b77a0f29c9a3d9780f62d9eb2fa43b0873cb1c
SHA256 d9b74a32ad40aa035837545a56a29315d02bd2dccd970dfabc222a7d7c310bc8
SHA512 af786e1e979caec012f625f0d5ef8282ce2c50193867455358840e43af1c781e706d66c8af1cea0e9592cd1d25f7cbff2f25bd7837e452b94faba6b0451c87a5

/data/user/0/com.secondphoneapps.SecondPhoneTextPink/databases/SpaTextDB.db-journal

MD5 bba358be10084de32c545f49f63db520
SHA1 357b495f7c98c0f06a8a184b2f2d18c336e8c937
SHA256 76f874a9151c05e8c3c90b8bffb63f6b3fd12b944527cecb4347055e78a8b69c
SHA512 7e23b11c4e48e1dffa6f76b8ec448e531ac1ed4cf72fdebc73c720b7af44cbb92e49789b034c49fdd9689f2e94f3a23fc5745182a6c6fa39f45bc3faf1418698

/data/user/0/com.secondphoneapps.SecondPhoneTextPink/databases/millennialmedia.db-journal

MD5 3dce8935a7d42b421a60a2a451b91b14
SHA1 14372a96c2dcc2acfcce2b9fb178fd7a46b75c6a
SHA256 b485591e13800f482adb3627b71fb74d44f361983c93a298b98babbd3c02d7a8
SHA512 86ab084a86a2a2153b017d66f8ad4c853c0ea534610d074445ffaf28b7719cd2075359f2ef9429c01aadfc6351d3b0b46a6a718293a3903537a37c122aecef4b

/data/user/0/com.secondphoneapps.SecondPhoneTextPink/databases/millennialmedia.db

MD5 e78a74f992bc73c2e1d22bba4930e3bc
SHA1 3f8fcdbc190bd9a784d1be56a9c9293c16f02b18
SHA256 611871c8b30358440f8b9f8ba356f441da515d1e97da85ec1bc992d58978cf7f
SHA512 80f07fb8dde6686a8c7604548997a16bf8bd70815d459890c181d2106be9764e1a3d2446e4212397a7b51ce9b2066149eaf4c11187fbd3e21ca8b61f48d06ef4

/data/user/0/com.secondphoneapps.SecondPhoneTextPink/databases/millennialmedia.db-journal

MD5 8512a5d8ad0a73d47791faf996bbd748
SHA1 25674c5c5446bae75209956f977624b7745d4273
SHA256 16d03eaf2e4884bfea5059090dba8b4729111415aa622ed53e119cfdb3c9626e
SHA512 b551deadc87bf9bacc4ffcf1e33da09770d2fb93ffe4e248bddccc854b03c960d325fe9297a02fedc99649ff685d05115d49c226585d438a6583126a1c6230e6

/data/user/0/com.secondphoneapps.SecondPhoneTextPink/databases/millennialmedia.db-journal

MD5 adcc4ac567c7b740b29ce6ea935b632f
SHA1 58fa933c6ede3ac628f21b177e4d4c3436efe897
SHA256 7a5cf6d094b65dbdc28cd3c65f3102dff8589edaab43d00e4b4ed5ddde80ce5b
SHA512 07303dae79ca2beea92b45a721e43722a823f4f1cfd275780358866b9526903cb71172b927c11c9b714bac99a6890ccd91d9bceaba2011b68f3e03a327f41093

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-15 08:48

Reported

2024-06-15 08:52

Platform

android-x86-arm-20240611.1-en

Max time kernel

21s

Max time network

160s

Command Line

com.secondphoneapps.SecondPhoneTextPink

Signatures

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.secondphoneapps.SecondPhoneTextPink

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ads.mp.mydas.mobi udp
GB 87.248.114.11:80 ads.mp.mydas.mobi tcp
US 1.1.1.1:53 androidsdk.ads.mp.mydas.mobi udp
GB 87.248.114.11:80 androidsdk.ads.mp.mydas.mobi tcp
GB 216.58.201.110:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp

Files

/data/data/com.secondphoneapps.SecondPhoneTextPink/databases/SpaTextDB.db-journal

MD5 8168e3395157b9018da3ab021badfbfa
SHA1 dc776e6f9575e9106a8a7ea62ed3d648cd565db1
SHA256 45b6be6c893ee6d1f1b9a296089c144f9bf46067dd6f16b67cf20c33a0880b5d
SHA512 423e58813e7b3957eb2a7e7f738bbbe87f87acd666c00a71973756d931c2c1beabddca92d7a106814c8ef66f4f48557656eca4a39df98afef87d08f2e0902253

/data/data/com.secondphoneapps.SecondPhoneTextPink/databases/SpaTextDB.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.secondphoneapps.SecondPhoneTextPink/databases/SpaTextDB.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.secondphoneapps.SecondPhoneTextPink/databases/SpaTextDB.db-wal

MD5 84cd0bac54c7c1cd0bbcf6dbe79aaebf
SHA1 591962b89118b0d7a2b47df015ebccc47873af5a
SHA256 16d61fd2e79efff97404c83c8bc596b7c71e39c1ab8fa018ef1b1981568420ec
SHA512 473e134bf186a954f76ef130060b6e162cb16f37c8f986f7e107d6c392ecc21796ad6dae268e827f5595d4aeeb27425062777c087fd50f1dbe78a21940fb8f5e

/data/data/com.secondphoneapps.SecondPhoneTextPink/databases/millennialmedia.db-journal

MD5 499bb74648d0754303433a4d714fa335
SHA1 49a6aa0fe24a5ea66e7d8eb1b1d1d2c856895382
SHA256 80560c52b921e367c5fe13e03377712c6ab15ce9aaa07fdc32fef54c9880712c
SHA512 2acd60bc3b0ac066f8a88d6065de633f64861a748b09635e80ad86d8302d0dd2895c73c32c25ea391bf81c812aa5f16c4f614c583f0800c68c36e4359e71a8e5

/data/data/com.secondphoneapps.SecondPhoneTextPink/databases/millennialmedia.db

MD5 ebe1a5d5f115f5e1ea6aee30d3a52c8f
SHA1 6ff2a4633d60a8ae15aac7651ffd5204c392380f
SHA256 388c5113936f7d3034b02eda4a9064e52645c15c3b4c768c099df4197ca0c67f
SHA512 005923c4bb1a9bc530594f44e28cac807efadbaa6e88dd82bd11e8dcf90a6d669db22f558af86bc02ce66913c35d07e790de0c5836866d99209c562563f42043

/data/data/com.secondphoneapps.SecondPhoneTextPink/databases/millennialmedia.db-wal

MD5 7861cf3a64ab993345c00e7680c58636
SHA1 67465ec989cb17fb6ceb7c3066fe6175486a4ab5
SHA256 00a9345127d5bb4fbff47db07faf6587576815ac442a63383f396acdd00438fe
SHA512 3920d1de7d2831c11b4d4fa673f529f4a1bd64d1eeb909c2ab74dce89d0382960ae69974b712c3dc47dd6b08127bc2185fcc459c6fc215807ed84aa10bc488c4