Analysis Overview
SHA256
ba5c9d617592455473082601d6157ef8e92267c85bbab7bab79eeaeeba236a3a
Threat Level: Shows suspicious behavior
The file b46e9749a4bf64f9ead9a80228379726_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Acquires the wake lock
Queries information about active data network
Uses Crypto APIs (Might try to encrypt user data)
Registers a broadcast receiver at runtime (usually for listening for system events)
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-16 17:53
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-16 17:53
Reported
2024-06-16 17:57
Platform
android-x86-arm-20240611.1-en
Max time kernel
92s
Max time network
138s
Command Line
Signatures
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
com.spcomes.stormdefense
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | sdk.byfen.com | udp |
| GB | 216.58.212.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| GB | 163.171.130.139:443 | sdk.byfen.com | tcp |
| US | 1.1.1.1:53 | gameboost.cafe24.com | udp |
| US | 1.1.1.1:53 | gameboost.cafe24.com | udp |
| KR | 183.111.182.210:80 | gameboost.cafe24.com | tcp |
| US | 1.1.1.1:53 | gbimagecdn.cafe24.com | udp |
| US | 1.1.1.1:53 | gbimagecdn.cafe24.com | udp |
| KR | 114.207.244.246:443 | gbimagecdn.cafe24.com | tcp |
| KR | 114.207.244.246:80 | gbimagecdn.cafe24.com | tcp |
| US | 1.1.1.1:53 | imgcdn.poxo.com | udp |
| US | 1.1.1.1:53 | imgcdn.poxo.com | udp |
| KR | 183.110.225.188:80 | imgcdn.poxo.com | tcp |
| US | 1.1.1.1:53 | amazon.poxo.com | udp |
| US | 1.1.1.1:53 | amazon.poxo.com | udp |
| GB | 143.204.68.55:80 | amazon.poxo.com | tcp |
| KR | 114.207.244.246:443 | gbimagecdn.cafe24.com | tcp |
Files
/data/data/com.spcomes.stormdefense/no_backup/com.google.InstanceId.properties
| MD5 | 94d3d18d7d6bc9b58462bb9cc3ccc184 |
| SHA1 | a7304b5093c5fe4b605946e8f62b7c6dff44d7ee |
| SHA256 | e79ce853e343badb86ce471d865ee3a995fc392d7f9bc0dc5f9d5cac203ba0f0 |
| SHA512 | 3fd5bae44560ec7dc78429b27fbce03d3688737efa1c99e0b34af0cccc456cfdc17ad03fcc0e4776004e22028ae4c7a9840890ca607eee6821aebce54dffa799 |
/data/data/com.spcomes.stormdefense/databases/google_app_measurement_local.db-journal
| MD5 | 1ac82907aaf74a089dfd2a4d807c6c02 |
| SHA1 | d4a1a89c3a70786ba69720f7859b3292c66fd22f |
| SHA256 | 3aaf716431bf950fe023b8994532f848544d6d0f9b2837ccf2186927ee75e0cd |
| SHA512 | d811c65d51f4d8826e2ac990f8b80d89508cc87208144aa1ab9b382c2717182167f3e0ab7119e00e787ebb067d3b308bf3bce10d334c1218f0ef3c9f1b01ef15 |
/data/data/com.spcomes.stormdefense/databases/google_app_measurement_local.db
| MD5 | 81992b1a319ed58b5a28c952f5ee366f |
| SHA1 | bd9b90ecaebe0841d3f2104ec179b955aa833c6e |
| SHA256 | d7302c4db0afc9bd8137956d0009779238b52d18a1a4d818498e279fdd26d3bb |
| SHA512 | 0b65af70542a32bce3e9143906a99f9d3e340c7b7e596243794c068211d3c010b4d9fb9550b20b52267517782cbdc16785c061f8e3a2dbcd38214113f279052a |
/data/data/com.spcomes.stormdefense/databases/google_app_measurement_local.db-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/com.spcomes.stormdefense/databases/google_app_measurement_local.db-wal
| MD5 | 5cd437c83294c7d6050eb8725fa62ac2 |
| SHA1 | 770c46361dc7794757165b54322a838de81f55e4 |
| SHA256 | 50fbdbcb44eb7ea0862744f92df5666c8ab949c80d79107f3fb0bfa8f445d8f7 |
| SHA512 | 9e5741678f4d11cb5d89e0c90d8e9a02f86496238641abac0c65b4a1c3615f6fe705af80113d0cdab1be68e1f7fc1853342383fd3e0127f3420c211dbe7855fe |
/data/data/com.spcomes.stormdefense/databases/google_app_measurement_local.db-wal
| MD5 | fc68324d2bfb2a65c24cfd6c9391dfe8 |
| SHA1 | 6ddff7202602063fb4927e25bc8e3fadb46b8404 |
| SHA256 | 5c7eeb79814ff5ed0f908c6ddf713db0a73d917638402e9504df48a536dbb8b5 |
| SHA512 | bbe8e536a2486cbf5c0669224f91a8c1cb437a3bf1dd97952375ba7dd91d6cb5c88e811185651f10de4d9fe6371f2dce2078d2f442c52a8e5c6983fd82dc970d |
/data/data/com.spcomes.stormdefense/databases/google_app_measurement_local.db
| MD5 | 6b63b92f6d4ec960961ab1deba76d015 |
| SHA1 | bf6ffccf76f70b897c1a6cb46d129418190f509d |
| SHA256 | a16377ad9b4b59218937f24a93699b9a7cc2409814ad71504ffb45c59fc699c9 |
| SHA512 | 43e6e2290c76065c77021b625e5f31d41df9f98b2efec0db7e363c7b34bbbeccff92699465c899a34400ddd1195d67f580e4f0eb92479defdaebe4ea24fd9e21 |
/data/data/com.spcomes.stormdefense/databases/google_app_measurement_local.db-wal
| MD5 | 8542313945cd9adc612d1a24b61fc012 |
| SHA1 | 19e23a504363c13c75c9b3aa1d3deecbbf90530e |
| SHA256 | ac17fcd4c8d0e52c9b9dfc0ccedb4082a4027866906bd3d90caf2dd952ee48ea |
| SHA512 | 4c2b676f46ea86b95177d009e289bc9a697f30ef046204a18c9a022d2b50aabd3161d83430cf5656124fa2ab97845459363f40409a246504ca0f94adb98fe15a |
/data/data/com.spcomes.stormdefense/databases/google_app_measurement_local.db
| MD5 | 85023bb3e6e5224d9b5a9bf983da102c |
| SHA1 | 8edabcdccb0666c084f7acd91e0557215e3223ce |
| SHA256 | c2239298546bcafb82c3a05405ad6bf84e8f2fb42b7d05a490007808b0734fbb |
| SHA512 | f6112eb1221dd5a2e89a55559d5b3d4330af93f44517780ef5fde48be511118f69c7cf83c549585fa8e7560ee166ef5d54d892657c6273fcacdfea179a3e2161 |
/data/data/com.spcomes.stormdefense/databases/google_app_measurement_local.db-wal
| MD5 | f120ff5de6a06241b25f2095f377f789 |
| SHA1 | 66610d793e77a4f966ab32e1d46479da0a086a14 |
| SHA256 | ef645139dbfa7d93f93283fc091dd2c6733a67018e9187ca08f072194fc68f75 |
| SHA512 | b1f89adf87649854ff10305b896a39dfd1ce8078c87d4d3384925184ef4f92fcdcd0241c26658cb2a5a0ee4fb64faf22962bf0b50f5409d20df9207d16cb9c36 |
/data/data/com.spcomes.stormdefense/files/7fed342b68.png
| MD5 | 7711d409a26d55a2e0e4d7615e64e10f |
| SHA1 | 2122709b7923d58c25e22ed3aa501a3a1adee9ed |
| SHA256 | daad108662f6b501a77234d7bf993963a98f3fdd9b69785837b89452d94b5f54 |
| SHA512 | bee8796e0f1459dc5cdffc18729e52f8285eae01224d19b0140b6eb68c0ee6cf80f20fcb9644831fb9f22118b9672c9f1bca273ec7b5c9431a1dc9a2b111a3d7 |
/data/data/com.spcomes.stormdefense/files/6e999257858.jpg
| MD5 | 3dc82d2dce524a2e3f31923ebac12772 |
| SHA1 | 49ca2304004421f5de2ad277475653eca8900249 |
| SHA256 | 7180b5676cc1c4cabc6726eb3abf58f6530e2b6f3f35cbc6d46c709d8b60bfc0 |
| SHA512 | 63f68599847d072f6362b0d2f75747bba01da83b4eb34cb5607e71caaf09553f0783739862abaa876968f784195903d7e52b13aafb63f635594ea97e42a1bffd |
/data/data/com.spcomes.stormdefense/files/95ed342af42.png
| MD5 | 34d044195f8801c89ed8abfdaca02e74 |
| SHA1 | f9ba459d022958fcff265463ebcd07ee52768590 |
| SHA256 | 6f0b324b1e71450e8ccdd103ce0e8715591547a0185f356525d0a21bdd422c2d |
| SHA512 | 78a49c4535127b2aa354d224757c9a05027c9d823284cee36793d840623c5617821607384eaf43f9df3a6a998849272d67fb330fb18b6b7b06e7d85a31ee824d |