Analysis Overview
SHA256
5d4fc5f494c3a71d7e8871614ee3b814299e82cf0af182dc7896d07ef03a566f
Threat Level: Shows suspicious behavior
The file b419c13564827ed8a818e6b786578f61_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Loads dropped Dex/Jar
Queries information about the current Wi-Fi connection
Requests dangerous framework permissions
Queries information about active data network
Registers a broadcast receiver at runtime (usually for listening for system events)
Uses Crypto APIs (Might try to encrypt user data)
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-16 14:56
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Required to be able to access the camera device. | android.permission.CAMERA | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-16 14:56
Reported
2024-06-16 15:00
Platform
android-x86-arm-20240611.1-en
Max time kernel
4s
Max time network
163s
Command Line
Signatures
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.cognitievedroid.ikvg/app_AdServer/AdServer_asset.apk | N/A | N/A |
| N/A | /data/user/0/com.cognitievedroid.ikvg/app_analytics/analytics_asset.apk | N/A | N/A |
| N/A | /data/user/0/com.cognitievedroid.ikvg/app_analytics/analytics_asset.apk | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
com.cognitievedroid.ikvg
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.cognitievedroid.ikvg/app_analytics/analytics_asset.apk --output-vdex-fd=65 --oat-fd=63 --oat-location=/data/user/0/com.cognitievedroid.ikvg/app_analytics/oat/x86/analytics_asset.odex --compiler-filter=quicken --class-loader-context=&
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ask.starreq.cn | udp |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| GB | 216.58.201.110:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| GB | 216.58.212.202:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 216.58.212.202:443 | semanticlocation-pa.googleapis.com | tcp |
Files
/data/data/com.cognitievedroid.ikvg/app_AdServer/AdServer_asset.apk
| MD5 | 73c2ac27961b9db4274ca13a178c0fa2 |
| SHA1 | 3d1b1a8f6c9bc63fc88068c71e98bbe70797d03e |
| SHA256 | 751012d560a3c16a6f377f403ea12b9c6805a279d84c08210f9a5543c5bef42e |
| SHA512 | 591bf3bd1316189616aed273c5bdcb49ed1c46fc7bdf6ee1db9ce11b317dbfda5477989cc3ceafaa2e02dc6555afa1ac4ba872ea27d9a8ae9b5a9ac3abadcef8 |
/data/user/0/com.cognitievedroid.ikvg/app_AdServer/AdServer_asset.apk
| MD5 | e865fc4fa68968e2f5375e94d8b9a9ed |
| SHA1 | ba765ce01cb46ddd73de57ee5035e39133840d1b |
| SHA256 | b1fff92a015efe5fbe4c4dc2c23fbeb7b10682dee887d91e80d7db939ae91e5c |
| SHA512 | cf5ea475bd4e5edb0e6e1a5e30e979edb49e6d683370fa05e410635c1251e5293ab59e830e5840556b0721e22b954b2c50341f26eae4a3e71ce5280246259b94 |
/data/data/com.cognitievedroid.ikvg/app_analytics/analytics_asset.apk
| MD5 | d2e90bb505f20fc73baf25805b0273aa |
| SHA1 | 240fbbfda194a65761baed6f3546bc4c744a1850 |
| SHA256 | 77060ad812f5e6e9e896c39bc548f8295238eaa9941e1986e8e024e7d2114309 |
| SHA512 | c2ef3f79b6cfb171b0904ff8138238cbf985344d91d6d9ec35472d14233d1b108cc0234259e8286cbb099747cc8d9d2f74c8c7394ab3a6dcfc2cc95e168c8c85 |
/data/data/com.cognitievedroid.ikvg/app_analytics/asset_lib/libanalytics.so
| MD5 | cd1cdef06a5e2a33c5c9e7d4a6cb915f |
| SHA1 | 8df09fd32c4fa6b821d9dee89a4fcbf7d32b9b02 |
| SHA256 | 929c2b04d1495dd1a8b8b72552daedb5d8c385526fac224f5e3c466f748467bf |
| SHA512 | 8518002482356e5caad64d33f74172f13fdf3150a05d3dd20662bac8e3ff3e95986a5a7331fc60753d6db8eb5aa3e0779127946505d1fbd03e197359203f88f1 |
/data/user/0/com.cognitievedroid.ikvg/app_analytics/analytics_asset.apk
| MD5 | 6d363f8778efe0e54f37ccce23d16fbc |
| SHA1 | 11d186169520c633d09a1a775747ed0fe5181c55 |
| SHA256 | b1b9b928f020d1ecd232211f2733dd1fc640f5101db35794ef43dca96766aa55 |
| SHA512 | e375c9d975e4c44d7424c43f7c01cdb5db474a71c4658ca1a021a5cd3265a8e5027f671f3d04ddee962a34f65ae4eeba5c45c36c286a8016277993a1d6931cb9 |
/data/user/0/com.cognitievedroid.ikvg/app_analytics/analytics_asset.apk
| MD5 | 6f6ca30e708e8d98c6b073d10a1fa151 |
| SHA1 | 7a41fd920ec83ed67e7505b5d4855eaf282d8e7c |
| SHA256 | aa7650f1cf19b3db8d70d765bab8a9ef6f234b9d3bf0d63fe682882302da1c4d |
| SHA512 | 6e4070e1ea36f13db1b562ecf42519e4ef13349bb5221d49b9b34781c573a2d034b287fc8c644f16ff7649b7669ce811fbd3be75b22acd31ee9ee6bfc62dee5c |
/data/data/com.cognitievedroid.ikvg/databases/requests.db-journal
| MD5 | bea4d22d37740ec948157b41d8d0419d |
| SHA1 | 3842a1e38bab6eabec518823f762d8a12f693fa7 |
| SHA256 | 7d5dd534f9d4eccb7ae59d4d0761b8bb479671d765423142c0594662138893c0 |
| SHA512 | 2c32241930d85926e6d93cc9a6b107fe5c3c274c3df87ff75e543d9c9ff86d374e25875eda56a8d6f035bab97a6a9b5213e35af1018877e9734b1c8a5435cbd1 |
/data/data/com.cognitievedroid.ikvg/databases/analytics.db-journal
| MD5 | 1fde1d1413e9afc4522196ded7bd57dc |
| SHA1 | dc6ee497d5cd977495e9c52cc386ee54c05176c6 |
| SHA256 | d944dd71a3f438484a7058c8c54f8d8362d012ddaec1b7ffb2e7cea9e2f461ae |
| SHA512 | bb0e49e3d120d990666ee2ac3038b3c89a94a425f7c165a988dae994294f2a2371e9569d4058667768db682f7a59914832ad8c37114017d3133e1eaaa1b0b964 |
/data/data/com.cognitievedroid.ikvg/databases/analytics.db
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-16 14:56
Reported
2024-06-16 15:00
Platform
android-33-x64-arm64-20240611.1-en
Max time kernel
3s
Max time network
132s
Command Line
Signatures
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.cognitievedroid.ikvg/app_AdServer/AdServer_asset.apk | N/A | N/A |
| N/A | /data/user/0/com.cognitievedroid.ikvg/app_analytics/analytics_asset.apk | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
com.cognitievedroid.ikvg
Network
| Country | Destination | Domain | Proto |
| GB | 172.217.16.228:443 | udp | |
| GB | 172.217.16.228:443 | udp | |
| GB | 216.58.212.196:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ask.starreq.cn | udp |
| US | 1.1.1.1:53 | remoteprovisioning.googleapis.com | udp |
| US | 162.159.61.3:443 | tcp | |
| US | 162.159.61.3:443 | tcp | |
| US | 162.159.61.3:443 | tcp | |
| GB | 216.58.212.227:443 | tcp | |
| US | 162.159.61.3:443 | udp | |
| GB | 216.58.212.227:443 | udp | |
| GB | 172.217.16.228:443 | udp | |
| GB | 142.250.179.228:443 | udp | |
| GB | 142.250.179.228:443 | tcp | |
| GB | 142.250.179.228:443 | tcp |
Files
/data/user/0/com.cognitievedroid.ikvg/app_AdServer/AdServer_asset.apk
| MD5 | 73c2ac27961b9db4274ca13a178c0fa2 |
| SHA1 | 3d1b1a8f6c9bc63fc88068c71e98bbe70797d03e |
| SHA256 | 751012d560a3c16a6f377f403ea12b9c6805a279d84c08210f9a5543c5bef42e |
| SHA512 | 591bf3bd1316189616aed273c5bdcb49ed1c46fc7bdf6ee1db9ce11b317dbfda5477989cc3ceafaa2e02dc6555afa1ac4ba872ea27d9a8ae9b5a9ac3abadcef8 |
/data/user/0/com.cognitievedroid.ikvg/app_AdServer/AdServer_asset.apk
| MD5 | e865fc4fa68968e2f5375e94d8b9a9ed |
| SHA1 | ba765ce01cb46ddd73de57ee5035e39133840d1b |
| SHA256 | b1fff92a015efe5fbe4c4dc2c23fbeb7b10682dee887d91e80d7db939ae91e5c |
| SHA512 | cf5ea475bd4e5edb0e6e1a5e30e979edb49e6d683370fa05e410635c1251e5293ab59e830e5840556b0721e22b954b2c50341f26eae4a3e71ce5280246259b94 |
/data/user/0/com.cognitievedroid.ikvg/app_analytics/analytics_asset.apk
| MD5 | d2e90bb505f20fc73baf25805b0273aa |
| SHA1 | 240fbbfda194a65761baed6f3546bc4c744a1850 |
| SHA256 | 77060ad812f5e6e9e896c39bc548f8295238eaa9941e1986e8e024e7d2114309 |
| SHA512 | c2ef3f79b6cfb171b0904ff8138238cbf985344d91d6d9ec35472d14233d1b108cc0234259e8286cbb099747cc8d9d2f74c8c7394ab3a6dcfc2cc95e168c8c85 |
/data/user/0/com.cognitievedroid.ikvg/app_analytics/asset_lib/libanalytics.so
| MD5 | cd1cdef06a5e2a33c5c9e7d4a6cb915f |
| SHA1 | 8df09fd32c4fa6b821d9dee89a4fcbf7d32b9b02 |
| SHA256 | 929c2b04d1495dd1a8b8b72552daedb5d8c385526fac224f5e3c466f748467bf |
| SHA512 | 8518002482356e5caad64d33f74172f13fdf3150a05d3dd20662bac8e3ff3e95986a5a7331fc60753d6db8eb5aa3e0779127946505d1fbd03e197359203f88f1 |
/data/user/0/com.cognitievedroid.ikvg/app_analytics/analytics_asset.apk
| MD5 | 6d363f8778efe0e54f37ccce23d16fbc |
| SHA1 | 11d186169520c633d09a1a775747ed0fe5181c55 |
| SHA256 | b1b9b928f020d1ecd232211f2733dd1fc640f5101db35794ef43dca96766aa55 |
| SHA512 | e375c9d975e4c44d7424c43f7c01cdb5db474a71c4658ca1a021a5cd3265a8e5027f671f3d04ddee962a34f65ae4eeba5c45c36c286a8016277993a1d6931cb9 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-16 14:56
Reported
2024-06-16 14:57
Platform
android-x86-arm-20240611.1-en
Max time network
5s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.180.14:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral4
Detonation Overview
Submitted
2024-06-16 14:56
Reported
2024-06-16 15:00
Platform
android-x86-arm-20240611.1-en
Max time network
131s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.178.3:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.204.78:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.46:443 | android.apis.google.com | tcp |