Analysis Overview
SHA256
892091d0aabd459e51ad041c44c3b24b595307041222aa09621d9deca033bb6f
Threat Level: Shows suspicious behavior
The file ba17dd1ecc2680c19481056e6a5bdec7_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Queries information about the current nearby Wi-Fi networks
Queries the phone number (MSISDN for GSM devices)
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Loads dropped Dex/Jar
Requests cell location
Queries information about running processes on the device
Queries the mobile country code (MCC)
Queries information about the current Wi-Fi connection
Acquires the wake lock
Queries information about active data network
Requests dangerous framework permissions
Uses Crypto APIs (Might try to encrypt user data)
Registers a broadcast receiver at runtime (usually for listening for system events)
Checks CPU information
Checks memory information
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-17 23:16
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read or write the system settings. | android.permission.WRITE_SETTINGS | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
Analysis: behavioral4
Detonation Overview
Submitted
2024-06-17 23:16
Reported
2024-06-17 23:16
Platform
android-x64-arm64-20240611.1-en
Max time network
6s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-17 23:16
Reported
2024-06-17 23:19
Platform
android-x86-arm-20240611.1-en
Max time kernel
160s
Max time network
158s
Command Line
Signatures
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /storage/emulated/0/bianfeng/sdk/plgs/baseSdk/baseSdk_8.jar | N/A | N/A |
| N/A | /storage/emulated/0/bianfeng/sdk/plgs/baseSdk/baseSdk_8.jar | N/A | N/A |
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Queries information about running processes on the device
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
Queries information about the current nearby Wi-Fi networks
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getScanResults | N/A | N/A |
Queries the phone number (MSISDN for GSM devices)
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.BF.TVGame.DuelOfSheep
/system/bin/dex2oat --debuggable --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --debuggable --generate-mini-debug-info --dex-file=/storage/emulated/0/bianfeng/sdk/plgs/baseSdk/baseSdk_8.jar --output-vdex-fd=105 --oat-fd=110 --oat-location=/storage/emulated/0/bianfeng/sdk/plgs/baseSdk/oat/x86/baseSdk_8.odex --compiler-filter=quicken --class-loader-context=&
/system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | bfas.bianfeng.com | udp |
| CN | 42.121.236.133:8080 | tcp | |
| CN | 112.124.29.85:5004 | tcp | |
| US | 1.1.1.1:53 | gaandroid.talkingdata.net | udp |
| CN | 8.136.189.76:80 | bfas.bianfeng.com | tcp |
| CN | 8.136.189.76:80 | bfas.bianfeng.com | tcp |
| US | 1.1.1.1:53 | mobile.bianfeng.com | udp |
| US | 1.1.1.1:53 | guest2user.qpdiy.com | udp |
| CN | 114.55.235.147:80 | guest2user.qpdiy.com | tcp |
| GB | 216.58.201.110:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.212.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | mobile-info-interface-01.bfun.cn | udp |
| CN | 42.120.19.26:5002 | mobile-info-interface-01.bfun.cn | tcp |
| GB | 216.58.212.202:443 | tcp | |
| GB | 216.58.212.202:443 | tcp | |
| US | 1.1.1.1:53 | mapi.bianfeng.com | udp |
| CN | 112.124.16.18:443 | mapi.bianfeng.com | tcp |
Files
/storage/emulated/0/bianfeng/DuelOfSheep_channel.dat
| MD5 | 1148ae3d8462cddf5099b0abe482eaa2 |
| SHA1 | 36c76b81f7faeb09dc6603c58d0b1317a64ed832 |
| SHA256 | dc58858a614ab3d8e686e7ef574cd375c689a96246728532bf1ca4ce45b5b1c6 |
| SHA512 | 49f2c31755873ae09b91f55c21ce1150b45eeee379d2190e7de2e2cb6f7f54f04f274d5addf22e78dc74e6ed1fdc8b035bb1e780b8638a137d9c8933c0bc22d0 |
/storage/emulated/0/bianfeng/sdk/plgs/baseSdk/baseSdk_8.jar
| MD5 | cd19ff340657417836328804b4dff06b |
| SHA1 | 99bd579a4e42c84c7a7afd056b80d0bfa2e02860 |
| SHA256 | c7791c1f07ed6241c69f29f8fa73a0632f809a1fad2d5d0f813f4786500e6318 |
| SHA512 | e6a3caf7ef059daa8536c69285045eb1b76754d36488aa2fce0eb2104d28eb84c66a71129f17ce8d57151b6f9ac3c27357c0c295003f76deb31d8c45c4a2946f |
/storage/emulated/0/bianfeng/sdk/plgs/baseSdk/baseSdk_8.jar
| MD5 | 56924d654419d58e0b526090bfdcd788 |
| SHA1 | 729bdbc4300b6486dd5037142a68fefeb711c4f2 |
| SHA256 | bf6b4993519b9fd8a7e3087948bdfb58db6ad6a0cb413233697f785c01262192 |
| SHA512 | 1200b1d4ab180c6442c9b6c053459464e4c11e6a0d5e7cf66de9c0cc8d72acb36ffa32772bcc71bf6e01623dc5e3c3c64e554db8e509238c04a408f0141aa124 |
/data/data/com.BF.TVGame.DuelOfSheep/databases/collect_data.db-journal
| MD5 | b21ad255405c55ee7961984816a0feb8 |
| SHA1 | 2e94d2cea5ea491c665023f68ad5d63b81c9bd00 |
| SHA256 | 358f084d03131e99ebb57fc69bc70425ac708d7423feb9e0bfd28f2fafd71c2f |
| SHA512 | ce67e53a237fb857e925961149eacdafe53268972adc48d5913d25b0be9a6ed84c61d6c00af4a4228a0cb5423dc12f5bb81a369a09921aced7cef993f41c2306 |
/data/data/com.BF.TVGame.DuelOfSheep/databases/collect_data.db
| MD5 | 89ca9df528d5521d02579c1298c05ec1 |
| SHA1 | dc16d9094c494d16e77b67495a3c3a3ecab600a1 |
| SHA256 | 61dbb0abd30b06fdd704187f04015d61167ede3d366e57b7afac3c0a2273b478 |
| SHA512 | 578c77baaa4cf94838c8fdadd68e06957f420a2a8b730d0f6280b35da8b071ee9a70d9f9a309a17a5b8db9f6c2c731ddd39d95e1786a3fce456446527bef02e0 |
/data/data/com.BF.TVGame.DuelOfSheep/databases/collect_data.db-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/com.BF.TVGame.DuelOfSheep/databases/collect_data.db-wal
| MD5 | 2be009933946008d12da4328b1c75284 |
| SHA1 | f994b31f3b4e4a6651718756c2a57aa1aa7f4718 |
| SHA256 | a95db3030d6123d5e4a94d7848707cb102e5934fb815a51a10f21b0676e8e192 |
| SHA512 | 69e17108a0b34a4b25b050c46cd6789814af8bed04d103fbd15415e2b52b7e8d0b1dacfd8b830a171d69ac84d12695adc61bce7d80ea5da6e0333ba8f9873fce |
/storage/emulated/0/.tidbf
| MD5 | 748d9beeaa1899252a7365b780b95fb0 |
| SHA1 | 2158cbe9044f2b138df0094615afe6616e526c9d |
| SHA256 | 59290d2d5a77605f8140feb82e44e8438115fb2f93dc56ed4c225b88c21baaa8 |
| SHA512 | cdeb0c4cebf1cc96ebda6940763a940df76120ee991bc7f003480caf055a970f16e4a19ef2ba2c56fa056d539b981e16542ec7239a7b91dd3828585bc2d1e440 |
/data/data/com.BF.TVGame.DuelOfSheep/databases/TDGAtcagentgame.db-journal
| MD5 | 17427f96c600a832c44017c9c2b24bab |
| SHA1 | e5802fa2d4825e2047626e9a06e34cdbb888f119 |
| SHA256 | de8453a0547501783d6cd22c89365d615906d92ff0b4da9e399cc75a5864dbf3 |
| SHA512 | 47243cd1d5a3d4eec22441194b4248050ed41318c1541e5729a34c9e80e19d30de851b386063dade6a47caddcbe23972e690f979941746cacc196897c18ff5ec |
/data/data/com.BF.TVGame.DuelOfSheep/databases/TDGAtcagentgame.db
| MD5 | e6a2035e22d6150aea0280cc764ae4bf |
| SHA1 | 269ce5752b49dacfe51597230d0bc94771e901c6 |
| SHA256 | 1c1c15f96e3ebbde4e83a4ee9e6a2ecd29f6872deaa5e81ede142440f8520ce3 |
| SHA512 | 69dc2e84405d3f8bbee0ff022b12763a1a8b45907fccfc80cae59dea6f064fb023e3acb502830646df912260883a1a06700d2cc70e4ace4828516e0659515ded |
/data/data/com.BF.TVGame.DuelOfSheep/databases/TDGAtcagentgame.db-wal
| MD5 | a6b62baa084f0c7536030c24cfd2c436 |
| SHA1 | 66211e6738701c82e2c42afe6934c3b74ccb284d |
| SHA256 | 9be766bc0303d9783af888b65a2c8c91c26f7e17d65f74bd4ef0582ca45bee5b |
| SHA512 | f1972cb35d8f3fcb5b446c839b206cc68ef380238c5dd49fe3539b38265d92926d47ab60dbb4472daa1c025cc722494bb7c032b40885cde713ad018cec236b36 |
/data/data/com.BF.TVGame.DuelOfSheep/databases/TDGAtcagentgame.db-wal
| MD5 | 9f4be68305c33a4ef7e148f9469fa7f8 |
| SHA1 | c3a10a6a9b060dd1ba56e7a5e03f3f96041bf1fe |
| SHA256 | 846b626ff8b8ea13401833e6d2c660059cb5bd6ed8d625c1828085f1b65cb6a5 |
| SHA512 | 615e48bda5a0bba08ef1bd361a6b843d39a36c2bd466d50753ebe7718e16e07a3e57a28a1b88ea858aef50dee6ae2f00bef1b233a27de5f8fcbbc5b7b4b3d0cf |
/data/data/com.BF.TVGame.DuelOfSheep/databases/TDGAtcagentgame.db
| MD5 | ea3607d99ce28598e4953571e426f2a9 |
| SHA1 | 98eb5c56e17626b58e5b4390b3d4637aa74a8dac |
| SHA256 | e731f2aecb3955743ddbe2095ccef8652d1605a71a91275c208a91931c7e9a87 |
| SHA512 | b08b62eb4d0a948b29c0109964b571f6cd050848471d524872133a4d3f1ce3dbbc2ebd49d5271761cbb10728b29e880e332b33e381f921f2437744ad61ecd838 |
/data/data/com.BF.TVGame.DuelOfSheep/databases/collect_data.db-wal
| MD5 | 240b0aa15d70b09f6e4ccdfd2d45d6c0 |
| SHA1 | 5122a31efdaba9933cef8012f6295b680211d436 |
| SHA256 | eb80b375834bcbe6dd5fbf350d42552bd76372c9b790dcd5e971a934ba9b2891 |
| SHA512 | 054c09b9b9a75eef48cc72157e4460c106894282d7d336c17de02f7ec7880773f56bf69dc115e8df0b657d0776272eb7064d72f8b0bdcff52eedfb8f8bbee6ee |
/data/data/com.BF.TVGame.DuelOfSheep/databases/collect_data.db
| MD5 | 47c89b1e9caa9769e8a81c42ab6fb36d |
| SHA1 | 6cf2128f85a20e25a8aa068ceeef4a825a550307 |
| SHA256 | bc42dce75e202b9e0ae704d0bcde13fc0f5ca3a6b77a69e8074bce6b9a7cbb4a |
| SHA512 | f83ee6aea7029635de415de304bbd523c3aab81d8181f4b75f65359428e80e502eb718bdc3f74a8493548b4a27d1b2f4c2fbbd31751835c86e02c150dcb870a2 |
/data/data/com.BF.TVGame.DuelOfSheep/databases/collect_data.db-wal
| MD5 | 9514e34f31b0197d913371036c7263f9 |
| SHA1 | ac3b2af0fc35269d135b7f030285b2a3315cf786 |
| SHA256 | e48d526f4bcd46439fa6ddddba8d22686feb804e31497cc83e0c2247bacb6a5d |
| SHA512 | ed6b73e89ae9948905182d33da9f9c2f860f34b1c55be89d69e4d857d7361deb47041cbea4c96d380d0c099f27d5010dc2962f86de9631d6c0f2a8c366cc862e |
/data/data/com.BF.TVGame.DuelOfSheep/databases/collect_data.db
| MD5 | 8d8ae617f156dca447389c549554747b |
| SHA1 | 0052f682c08b36a4978bd0e66b9f48f4cb093485 |
| SHA256 | 25d3ec923e594b0cbdeba5f1457da6fd39c8a1619c8fbce6326de510da96c2c7 |
| SHA512 | 7bd3c1ba070b0c93e50004323195b75438a5950db5aae5ec8e43ad704983c296adcd9f78fdb63a62b0ecbfd5b23c0a95e5074fc5af544c2474b114bb755a817e |
/data/data/com.BF.TVGame.DuelOfSheep/databases/collect_data.db-wal
| MD5 | 18585dbed45068a9d7f55160e6addae6 |
| SHA1 | c6b5d1610b56f68e32f804e80fe78a15a499ccb3 |
| SHA256 | 102f44db7adcab8515ca875ca95b5f4e8fe0c50e0db89652716332ca7a8e6c1d |
| SHA512 | de82d944299194a3805dc31edc2d4f21387f7ec961a8ec976b9f78810694cc84201f386cbfd66fd0516e822af93b9341b395104257bd3abf36a0421b6d078538 |
/data/data/com.BF.TVGame.DuelOfSheep/databases/collect_data.db
| MD5 | 05575280211a320fcf71cd5aef49008b |
| SHA1 | 2a750b6937413edc7a9fa569cdc83c852d94c4b2 |
| SHA256 | 6acc2ff5eab7d7afa8c6f27d6f13f764e563dbcf8aa7c84479daacd7a3619da8 |
| SHA512 | fb3c54f28077d7afaaa760c20b4fbb0ff0d88a968e6477bd2fa31da0bb5a7a774e0713dce5d670fbd686b689c6a1f3cb8951d196c040253705a0ed1cb547f93d |
/data/data/com.BF.TVGame.DuelOfSheep/databases/TDGAtcagentgame.db-wal
| MD5 | 38e8bbbc71b7ff84f0a2aa28bc11763a |
| SHA1 | eba7942fef250f1abe570ed1a2542154bdc00405 |
| SHA256 | 0dfa6654af9c1f60599ce5cb192f05df600555794b984d56ea7f7f39c0765a37 |
| SHA512 | a0a36c7c71d4818074afb1e470b2b22236df1eefe2f459381222f80d4d1f4d43299d7707784d037d48fe7824ac0753f2d41a0c17b37480290d36e90893c4f33f |
/data/data/com.BF.TVGame.DuelOfSheep/databases/TDGAtcagentgame.db
| MD5 | a4421db25c65746cc3cad5acd1658610 |
| SHA1 | a35e45e782277869eaf7a2e4f66ab784dc51d14a |
| SHA256 | 0d63746b3a19b6083e3f32ce0ec3d909141023daa34f0b377a6adfb11327ff84 |
| SHA512 | efb89f007604ed9a2b7de4a7f621e715d46b3d4d8387abfd5dd678f31331634ac8ccd90d4b9aca6b9d6215bdafe49a20117b991920fb1d77c1b4cefcf0d36133 |
/data/data/com.BF.TVGame.DuelOfSheep/databases/collect_data.db-wal
| MD5 | d018baa8552b70f61e71e50619653847 |
| SHA1 | b80f15bbb9c8831c798ffe942d3c159df114cc31 |
| SHA256 | 1ea7532d8cdf1453951c54728e9396cae155f7a0b86a57c681038d2c241172d8 |
| SHA512 | 54bd8d0c8b731d93b9d75b38c8a435d59d2c4d4236aae442c92d19f1d86b594609c6ee61d5828056b2110c95d517a89cdc4c3fe8b2f7e85e23e260a8b270fb3a |
/data/data/com.BF.TVGame.DuelOfSheep/databases/collect_data.db
| MD5 | 71a616f75d23bfb43b5422826d4cd505 |
| SHA1 | e00fec0c998cf7fcf79ce5502aaf2512bb7b837e |
| SHA256 | 6bb9f27a80c78e616865467f214c40eccfcb49427aa9c5862bdc7d86e6381b30 |
| SHA512 | 50534baf436bf746fe94aa76ceba67ef0bdd0838003c5400ed64e01250b4d1d6d2eb6e8dbcc881a445cc87694746cc17ccd163ffc0f1db692def2e5ea92ab17c |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-17 23:16
Reported
2024-06-17 23:16
Platform
android-x86-arm-20240611.1-en
Max time network
4s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-17 23:16
Reported
2024-06-17 23:16
Platform
android-x64-20240611.1-en
Max time network
5s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |