Malware Analysis Report

2025-01-19 08:00

Sample ID 240616-y9bjdszgmk
Target b50d7cf6cf7c73d99c8d26805e770b79_JaffaCakes118
SHA256 b5fc1ec3dc01c08d17e45016a75074b10a0ab5211d486d8a09f93ae87fb239b2
Tags
evasion impact
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

b5fc1ec3dc01c08d17e45016a75074b10a0ab5211d486d8a09f93ae87fb239b2

Threat Level: Shows suspicious behavior

The file b50d7cf6cf7c73d99c8d26805e770b79_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

evasion impact

Loads dropped Dex/Jar

Requests dangerous framework permissions

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-16 20:28

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-16 20:28

Reported

2024-06-16 20:32

Platform

android-x86-arm-20240611.1-en

Max time kernel

8s

Max time network

131s

Command Line

com.qianz.magicgirl

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.qianz.magicgirl/app_payload_apk/classes.zip N/A N/A
N/A /data/user/0/com.qianz.magicgirl/app_payload_apk/classes.zip N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.qianz.magicgirl

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.qianz.magicgirl/app_payload_apk/classes.zip --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/com.qianz.magicgirl/app_payload_apk/oat/x86/classes.odex --compiler-filter=quicken --class-loader-context=&

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
GB 216.58.212.202:443 tcp

Files

/data/data/com.qianz.magicgirl/app_payload_apk/classes.zip

MD5 1a4b3f98a73733181dc9667b9b51f20b
SHA1 e5a4105f78e5b5f6f8382dde3cdc05c2e4c765cb
SHA256 cbc412140284af8220559325d5820e208e084f327b31bf7d7ea5b90dde073f26
SHA512 3dc0aaec049bbdf4b101ac41aa34a7bbd351c35bac7818298687d882134b736d0e74228e6d25bd838b210c2ac5d6ed1ff4d29d6b86bf3500c32de86ea23d08b1

/data/user/0/com.qianz.magicgirl/app_payload_apk/classes.zip

MD5 f78c6ef97d8da70a39aa8589c87c7da3
SHA1 2ff113f38841a12e1fe0f47cc93155c298c5dab7
SHA256 adf3d6db960bc5eab88c1cc79e0bfa21484252dbc8ce481054818b2067e5b84d
SHA512 93d71e05333f6c593e6566c10af77ba5f848bc2bf1a3a4de398366305fa15949b89babc017ee1c942a265b675165b45d3b73aa4d850cec2cb08b2d1903a9cf9c

/data/user/0/com.qianz.magicgirl/app_payload_apk/classes.zip

MD5 8678474cc1023258b6009bf5a2fd2ca0
SHA1 7d9985da7cf152aed9cf90de74d8f4ca90f8c809
SHA256 c86210c78fba2b990960d00a582cd0cc4d3cbf4097136b6efc8d55b8e48ec436
SHA512 3408a246085e7bb0b1a61f1d73bc61c72b232bf80b85026935e64c3de93ea4ce464e157eee68be8d8a4975907c987d619cc887fcd5636cdca0aa2d85e3ee456a

/data/data/com.qianz.magicgirl/files/libmegbpp_03.01.00_01.so

MD5 9acc2a366fb8d0020e534d7f122250a1
SHA1 88944f671633ca222ed9c30f6580895f47bbc4e3
SHA256 c389ea9640bf025e212484fc3b7c2ee7ef9c5de2cf3ebb731c86eb8e0c1e9372
SHA512 0b54f3a19721ee611edee1de14b508d734053d588b7bfec0d0594e4f804b159d75bc8e6474ff1eabb96e89ffeace5d6bbe17ec2bc350d085f08e5f584e0f9105

/data/data/com.qianz.magicgirl/files/d_data_store.dat

MD5 f78bad637333e0c44b50e1337f5cdb58
SHA1 224bde7cada6e85ba6c64da41cdcc5a67e319948
SHA256 02e04bc50e3ff6352702fd508daefd0b22cfaa96e6bd2f20dc3515cb9fd63a66
SHA512 a6f9f12e8ebcd3325e841bd5ec5d7559b0aee8ab59bd90725384211ba61ba5f487493345f8591ece7adc0f2ac71cbdcad11fd831f0c4adca72a525a354d787f7

/data/data/com.qianz.magicgirl/files/iridver.dat

MD5 e15393fc9d8ffba7a31951984c4dbd03
SHA1 204464094be0dce64ff1e39fab2c4af80a756c93
SHA256 5512b2a96e37955a4ae15111813cd00488a4b3cf7b988a5865ed9338b7b31495
SHA512 04bc780b126d08eadc23f9fd0f8e5fd8ff7af113f0633df17e4896faf3b89c2e70dc11f39b58e37a1e34d862660c97c4ef055c332c907e89dd2a93eb12fd8e70

/data/data/com.qianz.magicgirl/files/tmp/c_data_store.dat

MD5 7be413727ba42fe841e934ea68d44d05
SHA1 50e2ee4901d33e4f4369d338452604d8f5c3acb8
SHA256 0ade6e0735943995e3d6d3f78fc7cf87903910712e562ee67f7cf86d0753fe6b
SHA512 4bb0178ad33a91bf5ead022015f563f19000aa3f5b69288bc38a19298973f69b72fe288f1f10eaa21667335d07887dc44df25e0e661fa7109c9660983adde47e

/data/data/com.qianz.magicgirl/files/tmp/AndGame.Sdk.Lib_24143_BBFF94A6A56C9CFE022E2E8600417A57.dat

MD5 bbff94a6a56c9cfe022e2e8600417a57
SHA1 85e91e4c5e91fd7897ffb9de788e1eb10d28172f
SHA256 5f473bf63702741457228d0be364547c025ce4b0f15563ee12581074e96c9e97
SHA512 9628a05319f4b1b441529f5fe12dffd9cbc537b95d18813cee7c8db19ad4c2ae293398a9a83978e8558d35e98aeb9d08f98bed7e5a0773a0cee7511325a33834

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-16 20:28

Reported

2024-06-16 20:28

Platform

android-x86-arm-20240611.1-en

Max time network

4s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 142.250.180.14:443 tcp
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-16 20:28

Reported

2024-06-16 20:28

Platform

android-x64-20240611.1-en

Max time network

5s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-16 20:28

Reported

2024-06-16 20:28

Platform

android-x64-arm64-20240611.1-en

Max time network

6s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 142.250.187.206:443 tcp
GB 142.250.187.206:443 tcp
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-06-16 20:28

Reported

2024-06-16 20:31

Platform

android-x86-arm-20240611.1-en

Max time network

131s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 android.apis.google.com tcp

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-06-16 20:28

Reported

2024-06-16 20:31

Platform

android-x64-20240611.1-en

Max time network

132s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.16.234:443 tcp
GB 142.250.200.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
GB 142.250.178.14:443 tcp
GB 142.250.187.226:443 tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp
GB 216.58.204.78:443 tcp

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-06-16 20:28

Reported

2024-06-16 20:32

Platform

android-x64-arm64-20240611.1-en

Max time network

159s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.40:443 ssl.google-analytics.com tcp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp
BE 64.233.167.188:5228 tcp
GB 142.250.180.14:443 tcp
GB 142.250.180.3:443 tcp
US 1.1.1.1:53 www.google.com udp
GB 216.58.201.100:443 www.google.com tcp
US 1.1.1.1:53 www.youtube.com udp
GB 216.58.212.238:443 www.youtube.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.238:443 android.apis.google.com tcp
US 1.1.1.1:53 accounts.google.com udp
BE 64.233.184.84:443 accounts.google.com tcp
US 1.1.1.1:53 mdh-pa.googleapis.com udp
GB 172.217.169.10:443 mdh-pa.googleapis.com tcp
GB 216.58.212.238:443 android.apis.google.com tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.179.228:443 www.google.com tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 142.250.180.3:443 update.googleapis.com tcp

Files

N/A