Malware Analysis Report

2025-01-19 04:55

Sample ID 240617-x8jypsvglp
Target b9a63cd1ff98abfb75e0efdb9d6dbc04_JaffaCakes118
SHA256 0ff9837e7023d0bd31d4b715fd93720d5f5ede2a1fe6bbe31b19afa76419674d
Tags
collection discovery evasion
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

0ff9837e7023d0bd31d4b715fd93720d5f5ede2a1fe6bbe31b19afa76419674d

Threat Level: Shows suspicious behavior

The file b9a63cd1ff98abfb75e0efdb9d6dbc04_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

collection discovery evasion

Requests cell location

Queries information about active data network

Queries information about the current Wi-Fi connection

Requests dangerous framework permissions

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-17 19:31

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-17 19:31

Reported

2024-06-17 19:34

Platform

android-x86-arm-20240611.1-en

Max time kernel

2s

Max time network

130s

Command Line

com.mafia.mota

Signatures

N/A

Processes

com.mafia.mota

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.206:443 android.apis.google.com tcp
GB 216.58.212.202:443 tcp

Files

/data/data/com.mafia.mota/.sec_version

MD5 883ac94fa34e7e1539885bad2e5260e1
SHA1 03af4d80f9eb6e214b074c3e89e7a98e77e8bf1f
SHA256 c12c1d802eafe19f0d80c41029eded5d35a5b3a3375e3a72718559d1521da07a
SHA512 dc7dd4798206b75023629e93ef2c98e57f236e6f9c667c3de68d9dc745d04bd00537c3e1be7404d77f6acde361f94ba9bdce14a84599921204b560ac0f84c258

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-17 19:31

Reported

2024-06-17 19:34

Platform

android-x86-arm-20240611.1-en

Max time kernel

2s

Max time network

166s

Command Line

com.alipay.android.app

Signatures

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Processes

com.alipay.android.app

Network

Country Destination Domain Proto
GB 172.217.169.74:443 tcp
N/A 224.0.0.251:5353 udp
GB 142.250.187.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp

Files

N/A