Analysis Overview
SHA256
e5fe8436ba552efc5624313afbac9ec1833651d9fddda9945428667db5eac2ff
Threat Level: Shows suspicious behavior
The file b9d0de0efe5f6915f19945835e7d1931_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Requests cell location
Queries information about running processes on the device
Queries information about the current nearby Wi-Fi networks
Acquires the wake lock
Queries information about the current Wi-Fi connection
Queries information about active data network
Queries the mobile country code (MCC)
Reads information about phone network operator.
Requests dangerous framework permissions
Registers a broadcast receiver at runtime (usually for listening for system events)
Uses Crypto APIs (Might try to encrypt user data)
Checks memory information
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-17 20:10
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
| Required to be able to access the camera device. | android.permission.CAMERA | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows an application to read or write the system settings. | android.permission.WRITE_SETTINGS | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to record audio. | android.permission.RECORD_AUDIO | N/A | N/A |
| Allows access to the list of accounts in the Accounts Service. | android.permission.GET_ACCOUNTS | N/A | N/A |
| Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. | android.permission.PROCESS_OUTGOING_CALLS | N/A | N/A |
| Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. | android.permission.SYSTEM_ALERT_WINDOW | N/A | N/A |
Analysis: behavioral4
Detonation Overview
Submitted
2024-06-17 20:10
Reported
2024-06-17 20:10
Platform
android-x64-arm64-20240611.1-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-17 20:10
Reported
2024-06-17 20:13
Platform
android-x86-arm-20240611.1-en
Max time kernel
175s
Max time network
141s
Command Line
Signatures
Queries information about running processes on the device
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
Queries information about the current nearby Wi-Fi networks
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getScanResults | N/A | N/A |
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Reads information about phone network operator.
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
cn.com.autoclub.android.browser
cn.com.autoclub.android.browser:pushservice
cn.com.autoclub.android.browser:remote
cn.com.autoclub.android.browser:push
Network
| Country | Destination | Domain | Proto |
| GB | 172.217.169.74:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | api.weibo.com | udp |
| HK | 36.51.224.49:443 | api.weibo.com | tcp |
| US | 1.1.1.1:53 | mrobot.pcauto.com.cn | udp |
| US | 1.1.1.1:53 | mrobot.pconline.com.cn | udp |
| US | 1.1.1.1:53 | wxzs.pcauto.com.cn | udp |
| CN | 119.23.70.98:443 | mrobot.pcauto.com.cn | tcp |
| CN | 119.23.70.98:443 | mrobot.pcauto.com.cn | tcp |
| CN | 119.23.70.98:443 | mrobot.pcauto.com.cn | tcp |
| CN | 14.29.101.160:443 | mrobot.pconline.com.cn | tcp |
| CN | 183.61.120.105:443 | wxzs.pcauto.com.cn | tcp |
| GB | 142.250.187.238:443 | tcp | |
| US | 1.1.1.1:53 | loc.map.baidu.com | udp |
| GB | 216.58.212.234:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| HK | 103.235.47.89:80 | loc.map.baidu.com | tcp |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| GB | 142.250.187.238:443 | android.apis.google.com | tcp |
| HK | 103.235.47.89:80 | loc.map.baidu.com | tcp |
| US | 1.1.1.1:53 | api.skyhookwireless.com | udp |
| FR | 35.181.105.100:443 | api.skyhookwireless.com | tcp |
| US | 1.1.1.1:53 | my.pcauto.com.cn | udp |
| CN | 119.23.70.98:443 | mrobot.pcauto.com.cn | tcp |
| CN | 119.23.70.98:443 | mrobot.pcauto.com.cn | tcp |
| CN | 183.61.120.90:443 | my.pcauto.com.cn | tcp |
| US | 1.1.1.1:53 | m.imofan.com | udp |
| US | 1.1.1.1:53 | whois.pconline.com.cn | udp |
| CN | 14.29.101.169:443 | whois.pconline.com.cn | tcp |
| CN | 183.61.120.130:443 | m.imofan.com | tcp |
| US | 1.1.1.1:53 | nav.cn.ronghub.com | udp |
| GB | 8.208.102.120:80 | nav.cn.ronghub.com | tcp |
| GB | 8.208.102.120:80 | nav.cn.ronghub.com | tcp |
| GB | 216.58.201.106:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 172.217.169.74:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 172.217.169.74:443 | semanticlocation-pa.googleapis.com | tcp |
| CN | 119.23.70.98:443 | mrobot.pcauto.com.cn | tcp |
| CN | 119.23.70.98:443 | mrobot.pcauto.com.cn | tcp |
| CN | 119.23.70.98:443 | mrobot.pcauto.com.cn | tcp |
| CN | 14.29.101.169:443 | whois.pconline.com.cn | tcp |
| CN | 119.23.70.98:443 | mrobot.pcauto.com.cn | tcp |
| CN | 119.23.70.98:443 | mrobot.pcauto.com.cn | tcp |
| CN | 183.61.120.90:443 | my.pcauto.com.cn | tcp |
| CN | 14.29.101.160:443 | whois.pconline.com.cn | tcp |
| CN | 119.23.70.98:443 | mrobot.pcauto.com.cn | tcp |
| CN | 119.23.70.98:443 | mrobot.pcauto.com.cn | tcp |
| CN | 119.23.70.98:443 | mrobot.pcauto.com.cn | tcp |
| CN | 14.29.101.168:443 | whois.pconline.com.cn | tcp |
| CN | 119.23.70.98:443 | mrobot.pcauto.com.cn | tcp |
| CN | 119.23.70.98:443 | mrobot.pcauto.com.cn | tcp |
| CN | 14.29.101.168:443 | whois.pconline.com.cn | tcp |
Files
/data/data/cn.com.autoclub.android.browser/databases/autoclub.db-journal
| MD5 | c6ec029cee4a66535d8a34bda711f7c3 |
| SHA1 | 7c553e2025ad091bbca7ed8273f0a117a6c5b2c8 |
| SHA256 | 60306907a2b85ae0f0892b2431cb24b2406d555381c0b171523dba306a537f7a |
| SHA512 | 99602106f45d24805c315bc55c539f46a2fa26bb0318efaaf4b107107b1ab4e982c02c5b53063d188ca3419b6a16c81ee440df173515049dd5db19b9bb81b8f5 |
/data/data/cn.com.autoclub.android.browser/databases/autoclub.db
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/cn.com.autoclub.android.browser/databases/autoclub.db-shm
| MD5 | 0123add419c6e76e07f985d8525d2d88 |
| SHA1 | 308b7fa78f888f51185526b27b649b74f4e60374 |
| SHA256 | a929c41e993b9ac9dc69ce39e70ec4806c72f3661b2e9400a69c92fd8aed9319 |
| SHA512 | eadd6e797a353403c73335fbe27ef6e0d5acc077000985f1028b6e537fe0b3dc4d74a2c7e5b767cb2d6fd2d43c315e684de2df1f262b5604f9da3daee1d0a6c6 |
/data/data/cn.com.autoclub.android.browser/databases/autoclub.db-wal
| MD5 | 99c600ce3f44b7393dfc91feb709757e |
| SHA1 | 07ac28d30243097d134d7481942e8f753f5ea673 |
| SHA256 | 7f2dcf34bc707373dfdbf4b9811a209e2d06f7fa0f714d8c91ddedf5497dd64a |
| SHA512 | 04f413df0f7b0c602f14170746e6ac0736b3cda1a971091cc5a519cd72cb51f3e271e69e276c365def2b00d7c1e8c85c4ae2638aa1bb73c70572a505c6ace892 |
/data/data/cn.com.autoclub.android.browser/databases/mofang_data_analysis.db-journal
| MD5 | 4439ed8a8efbca04b731fedebb15be4d |
| SHA1 | 2d8f3a5af35567daf32226ad7cc1ffa9f8ac26f9 |
| SHA256 | 254ffc8486bf3194802329f99fdde0bc04f799e251015766d719b3fa935be074 |
| SHA512 | 1499db5da5bfb0a35a1330236867521966864a2d155b9ed502a46f2fd1e2bd80bf295899f25cc465a6462da3dc2a7d1890db10a216fced71d62fc295e8779f60 |
/data/data/cn.com.autoclub.android.browser/databases/mofang_data_analysis.db-shm
| MD5 | f0da05760f9568472d3a3b68dbf7f4c4 |
| SHA1 | 3639de8fbc5a732c9454caafc0d987a35b330f43 |
| SHA256 | cd48ca389fa225c69fc21a11a5beedc0aa2bbe5969b7c2f909f0c6e1f7285e0e |
| SHA512 | 4aaa75acf5c1af456c8d76cf4c072dc47bcc2f495ba32d7b9bb7dddaf6d570b03a5b7e42a5e22a898fa4223caf23c0696dc9832e72b2888d672c760638adca45 |
/data/data/cn.com.autoclub.android.browser/databases/mofang_data_analysis.db-wal
| MD5 | 67ba790b2a30c5d29726317b29c1c89b |
| SHA1 | 4b8c89cfff6b8b8b225228c8ca7b7f6c77436ae6 |
| SHA256 | e3bb8fd0112a525b3ea15210d6195d16aa7f3a68164c4fa7a54c3ad3d3ffae6e |
| SHA512 | 924cc6684e06c9cc706b7dc8d069896fb2cbc12b08c2b2c1c5e1771a75f25c8790b78333108810bbf28ccbb5b641edda95e659ecdba92b666ef695576334126f |
/data/data/cn.com.autoclub.android.browser/databases/rong_version-journal
| MD5 | d7b09ec9bcaa8dbdc4f1f896ae558420 |
| SHA1 | ff3f4da806a6d47c2704653164cc015dd2d8f4a2 |
| SHA256 | 4f10ed86ecdf3f0da53ec2595e2d571bf4e1486473c8fdd154f8b8498a2f6a6e |
| SHA512 | 77afe05fba2040b9bd4390f003680415941acbad20334760922025ede675c86e2e60f7ed469d716cb057dad931f2106b5850716eb0432f49609ec58f9ed7ee49 |
/data/data/cn.com.autoclub.android.browser/databases/rong_version
| MD5 | 1c4274aa7a9a5cac8c6d1df71e4588c6 |
| SHA1 | abaecd685e01cc68801292e3dc7085654a22feba |
| SHA256 | 3f6cd5f480ae69859b7841450f3d032c528ba385ebf9f371b9c8fdc6eb4231be |
| SHA512 | 1adb95935798607bd36cedcd183924d3068f50097d017b278da7caee7771532b61ec3606f6189b6dec8426eb038fe40be75079ce35894b1a8e0d1d815261150c |
/data/data/cn.com.autoclub.android.browser/databases/rong_version-shm
| MD5 | 813ae01d309ffa7232853e52737526a0 |
| SHA1 | ec6b947e393acba90c16d263fa45700681dad302 |
| SHA256 | cbdbb3d4995fd559fd72a2c6b6dd2fcc7a043843b130311e809ff317c9891db9 |
| SHA512 | a9de6b1a2c6cd46cf64738bf3c8cae2d7d20ec6dedf6f24e90b396c3a0ea1bc4d583660411df830996e73e880d33e6b30b74323badf6b4fcc31ff565baed82aa |
/data/data/cn.com.autoclub.android.browser/databases/rong_version-wal
| MD5 | 31be61f134d20a0b890277fbf36d65a2 |
| SHA1 | b20f31f974c3824ab5f2dc7590e83b9c55163cce |
| SHA256 | ca40e3e98da3e3dae89a5a5d548e79c87bc0d06637538b07aa4e40e1fdba682a |
| SHA512 | f9d04fa805b2e0712a5c15f209d34083b6644c8e6fbf4a83cc132b9af3b5bdaa6578ed70fae379d8868ad96d22e2a51bcfbe2261b5f6aa01431448c0bfc2ee13 |
/storage/emulated/0/Android/data/cn.com.autoclub.android.browser/files/RongCloud/cache/journal.tmp
| MD5 | 96e7da65043020b19cb0f5255fbea1a7 |
| SHA1 | b6299131791e83ead0fc48b4c5dc26f58ce936a3 |
| SHA256 | 771b0a54f31d0535ba2c64b0a2f8df0276fc4ab40fa1052ac63eb5d9aaab9576 |
| SHA512 | c56a5235141907cb642be12a7e75c55e461a01fb0f26c2053abf41359cf8bdc0a3be9b4f1d7f162d7602c042adbc133d9b72c5e74a8f150dd77b33ad1fadc4e0 |
/data/data/cn.com.autoclub.android.browser/databases/cdn.db-journal
| MD5 | 40e889123fe9c1371cc9db8ac743cd91 |
| SHA1 | 026b8996fac1b8e24f5a8af2397efe5ac409a39c |
| SHA256 | 276f0a2a61489fc2b2c2f5f2fd1a845cc36713e76830ec4d7b3b8d57d5f5df8f |
| SHA512 | 7a16624c54305c0ea207350a03c079cf238b4ad162647780e4dd10598ead1f8722fb3dec5c008253fdc3370cf0f5a36d5cca7374b07b1ee5760f518ae260b012 |
/data/data/cn.com.autoclub.android.browser/databases/cdn.db-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/cn.com.autoclub.android.browser/databases/cdn.db-wal
| MD5 | c6558e05655655d4c8f9f3f54d29c87b |
| SHA1 | 19ce96d65783373add5cdce229adba3de2069ef7 |
| SHA256 | cfec9bd43007246e2d8414900bb35661949ddee4d926b26f0d0ca0e6981344fe |
| SHA512 | fca822efecc2d650b522a134b1a134c27be646709a71e3d31bf40c953d3b6bcd4ab4f6cc637e60161b741d43dac47e3e9f0e97cd978bdf21d1726950b923f008 |
/storage/emulated/0/Android/data/cn.com.autoclub.android.browser/cache/okCache/journal.tmp
| MD5 | 37e8e716e0e2f4a0b05cd9571d95b84d |
| SHA1 | f8d068f6931707bddb8cd69f706f2224ad1fea3c |
| SHA256 | 7080cb592d5149c858b206d3fd0d5e3e7d601f120af00b2616bee928ee1291ca |
| SHA512 | e62b850901835fdb73fa6224618422f721dd765861d42f6bc2dd013413e96bd910ac5313afd9b4f63da74beb12a15fac81b5157456c9caa3031862dab84423f6 |
/data/data/cn.com.autoclub.android.browser/databases/HttpLogDB.db-journal
| MD5 | 04d9afd2ea5eae0e38182c770010e0cd |
| SHA1 | 38dcf125b6b0f61e0db39ccb83c0cc4cb98bc3c7 |
| SHA256 | 6a22516df3d6edfa118a85f67aeaf81fef86609c5ad0b81a0935d81135439ba0 |
| SHA512 | 225d8f9a82dc9fea271037a57b677f5eb50bb4a081c6a0fd08d19b35308254ed1bc0233fdd14c8d7e909411a9b71c6f57beec369f9e3e0907487fdf5626a9dab |
/data/data/cn.com.autoclub.android.browser/databases/HttpLogDB.db-wal
| MD5 | e17c62fa2cb04bc0a655a97597ce0db6 |
| SHA1 | 31134ef7eb0b20b61903f39a2bcb83e95e6405a3 |
| SHA256 | 7ae8f3f697460690c30a9729525f521847bdbfbeba288fd83cb7c8370c61ff62 |
| SHA512 | eb5cf120ad9ef9db4d46f6e330199552b93079d6533f01889e167bcc48082ab3c1500a3c6a4c8badde23bb2d49866a0e8060b1c87d6cb0faeb804570393634e4 |
/data/data/cn.com.autoclub.android.browser/files/weibo_sdk_aid1
| MD5 | 4028c8b91f544d6bd51a266683ff791e |
| SHA1 | d8bacd93b5724c8500f66cc46632704115635afd |
| SHA256 | 7cda4149bb95d3c082f01b19b365228fd339ce4fcfa02969294e13bdae41270b |
| SHA512 | a8fdcbe785c7f9eabff76f227db4e8c1d099dc8adc81a41283f8fbf118fd0fbff93be1aaacd3c966888f30f247215125317efa56495f022486f5262cd2cc3831 |
/storage/emulated/0/baidu/tempdata/conlts.dat
| MD5 | 8d80bc8ea90e9cac010d3ddf97bda5f5 |
| SHA1 | f063bc0d356e6ba9ab1eb9a851131ffbefd8fa07 |
| SHA256 | f52db31332534833414abd5e870f78c810b8ebbe5b134bbf599506beecfd1b93 |
| SHA512 | 9ea732dd572a9a4ba91b70891972230a09576687ca1bc19e62d5a98b5b84e0f2ae11985108008bc9fbccf357219b8bd3dbf146bb70752f618f70dc5d0c46a7c7 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-17 20:10
Reported
2024-06-17 20:10
Platform
android-x86-arm-20240611.1-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-17 20:10
Reported
2024-06-17 20:10
Platform
android-x64-20240611.1-en