Analysis Overview
SHA256
b5fc1ec3dc01c08d17e45016a75074b10a0ab5211d486d8a09f93ae87fb239b2
Threat Level: Shows suspicious behavior
The file b50d7cf6cf7c73d99c8d26805e770b79_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Loads dropped Dex/Jar
Requests dangerous framework permissions
Uses Crypto APIs (Might try to encrypt user data)
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-16 20:28
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. | android.permission.SYSTEM_ALERT_WINDOW | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-16 20:28
Reported
2024-06-16 20:32
Platform
android-x86-arm-20240611.1-en
Max time kernel
8s
Max time network
131s
Command Line
Signatures
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.qianz.magicgirl/app_payload_apk/classes.zip | N/A | N/A |
| N/A | /data/user/0/com.qianz.magicgirl/app_payload_apk/classes.zip | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
com.qianz.magicgirl
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.qianz.magicgirl/app_payload_apk/classes.zip --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/com.qianz.magicgirl/app_payload_apk/oat/x86/classes.odex --compiler-filter=quicken --class-loader-context=&
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.46:443 | android.apis.google.com | tcp |
| GB | 216.58.212.202:443 | tcp |
Files
/data/data/com.qianz.magicgirl/app_payload_apk/classes.zip
| MD5 | 1a4b3f98a73733181dc9667b9b51f20b |
| SHA1 | e5a4105f78e5b5f6f8382dde3cdc05c2e4c765cb |
| SHA256 | cbc412140284af8220559325d5820e208e084f327b31bf7d7ea5b90dde073f26 |
| SHA512 | 3dc0aaec049bbdf4b101ac41aa34a7bbd351c35bac7818298687d882134b736d0e74228e6d25bd838b210c2ac5d6ed1ff4d29d6b86bf3500c32de86ea23d08b1 |
/data/user/0/com.qianz.magicgirl/app_payload_apk/classes.zip
| MD5 | f78c6ef97d8da70a39aa8589c87c7da3 |
| SHA1 | 2ff113f38841a12e1fe0f47cc93155c298c5dab7 |
| SHA256 | adf3d6db960bc5eab88c1cc79e0bfa21484252dbc8ce481054818b2067e5b84d |
| SHA512 | 93d71e05333f6c593e6566c10af77ba5f848bc2bf1a3a4de398366305fa15949b89babc017ee1c942a265b675165b45d3b73aa4d850cec2cb08b2d1903a9cf9c |
/data/user/0/com.qianz.magicgirl/app_payload_apk/classes.zip
| MD5 | 8678474cc1023258b6009bf5a2fd2ca0 |
| SHA1 | 7d9985da7cf152aed9cf90de74d8f4ca90f8c809 |
| SHA256 | c86210c78fba2b990960d00a582cd0cc4d3cbf4097136b6efc8d55b8e48ec436 |
| SHA512 | 3408a246085e7bb0b1a61f1d73bc61c72b232bf80b85026935e64c3de93ea4ce464e157eee68be8d8a4975907c987d619cc887fcd5636cdca0aa2d85e3ee456a |
/data/data/com.qianz.magicgirl/files/libmegbpp_03.01.00_01.so
| MD5 | 9acc2a366fb8d0020e534d7f122250a1 |
| SHA1 | 88944f671633ca222ed9c30f6580895f47bbc4e3 |
| SHA256 | c389ea9640bf025e212484fc3b7c2ee7ef9c5de2cf3ebb731c86eb8e0c1e9372 |
| SHA512 | 0b54f3a19721ee611edee1de14b508d734053d588b7bfec0d0594e4f804b159d75bc8e6474ff1eabb96e89ffeace5d6bbe17ec2bc350d085f08e5f584e0f9105 |
/data/data/com.qianz.magicgirl/files/d_data_store.dat
| MD5 | f78bad637333e0c44b50e1337f5cdb58 |
| SHA1 | 224bde7cada6e85ba6c64da41cdcc5a67e319948 |
| SHA256 | 02e04bc50e3ff6352702fd508daefd0b22cfaa96e6bd2f20dc3515cb9fd63a66 |
| SHA512 | a6f9f12e8ebcd3325e841bd5ec5d7559b0aee8ab59bd90725384211ba61ba5f487493345f8591ece7adc0f2ac71cbdcad11fd831f0c4adca72a525a354d787f7 |
/data/data/com.qianz.magicgirl/files/iridver.dat
| MD5 | e15393fc9d8ffba7a31951984c4dbd03 |
| SHA1 | 204464094be0dce64ff1e39fab2c4af80a756c93 |
| SHA256 | 5512b2a96e37955a4ae15111813cd00488a4b3cf7b988a5865ed9338b7b31495 |
| SHA512 | 04bc780b126d08eadc23f9fd0f8e5fd8ff7af113f0633df17e4896faf3b89c2e70dc11f39b58e37a1e34d862660c97c4ef055c332c907e89dd2a93eb12fd8e70 |
/data/data/com.qianz.magicgirl/files/tmp/c_data_store.dat
| MD5 | 7be413727ba42fe841e934ea68d44d05 |
| SHA1 | 50e2ee4901d33e4f4369d338452604d8f5c3acb8 |
| SHA256 | 0ade6e0735943995e3d6d3f78fc7cf87903910712e562ee67f7cf86d0753fe6b |
| SHA512 | 4bb0178ad33a91bf5ead022015f563f19000aa3f5b69288bc38a19298973f69b72fe288f1f10eaa21667335d07887dc44df25e0e661fa7109c9660983adde47e |
/data/data/com.qianz.magicgirl/files/tmp/AndGame.Sdk.Lib_24143_BBFF94A6A56C9CFE022E2E8600417A57.dat
| MD5 | bbff94a6a56c9cfe022e2e8600417a57 |
| SHA1 | 85e91e4c5e91fd7897ffb9de788e1eb10d28172f |
| SHA256 | 5f473bf63702741457228d0be364547c025ce4b0f15563ee12581074e96c9e97 |
| SHA512 | 9628a05319f4b1b441529f5fe12dffd9cbc537b95d18813cee7c8db19ad4c2ae293398a9a83978e8558d35e98aeb9d08f98bed7e5a0773a0cee7511325a33834 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-16 20:28
Reported
2024-06-16 20:28
Platform
android-x86-arm-20240611.1-en
Max time network
4s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.180.14:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-16 20:28
Reported
2024-06-16 20:28
Platform
android-x64-20240611.1-en
Max time network
5s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral4
Detonation Overview
Submitted
2024-06-16 20:28
Reported
2024-06-16 20:28
Platform
android-x64-arm64-20240611.1-en
Max time network
6s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.187.206:443 | tcp | |
| GB | 142.250.187.206:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-06-16 20:28
Reported
2024-06-16 20:31
Platform
android-x86-arm-20240611.1-en
Max time network
131s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.204.78:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.179.238:443 | android.apis.google.com | tcp |
Files
Analysis: behavioral6
Detonation Overview
Submitted
2024-06-16 20:28
Reported
2024-06-16 20:31
Platform
android-x64-20240611.1-en
Max time network
132s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 172.217.16.234:443 | tcp | |
| GB | 142.250.200.8:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.46:443 | android.apis.google.com | tcp |
| GB | 142.250.178.14:443 | tcp | |
| GB | 142.250.187.226:443 | tcp | |
| GB | 142.250.179.228:443 | tcp | |
| GB | 142.250.179.228:443 | tcp | |
| GB | 216.58.204.78:443 | tcp |
Files
Analysis: behavioral7
Detonation Overview
Submitted
2024-06-16 20:28
Reported
2024-06-16 20:32
Platform
android-x64-arm64-20240611.1-en
Max time network
159s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.200.40:443 | ssl.google-analytics.com | tcp |
| GB | 172.217.16.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.46:443 | android.apis.google.com | tcp |
| GB | 216.58.201.100:443 | tcp | |
| GB | 216.58.201.100:443 | tcp | |
| GB | 216.58.201.100:443 | tcp | |
| GB | 216.58.201.100:443 | tcp | |
| BE | 64.233.167.188:5228 | tcp | |
| GB | 142.250.180.14:443 | tcp | |
| GB | 142.250.180.3:443 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 216.58.201.100:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | www.youtube.com | udp |
| GB | 216.58.212.238:443 | www.youtube.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.212.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 64.233.184.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | mdh-pa.googleapis.com | udp |
| GB | 172.217.169.10:443 | mdh-pa.googleapis.com | tcp |
| GB | 216.58.212.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 142.250.180.3:443 | update.googleapis.com | tcp |