Analysis Overview
SHA256
ab59bada13df46154a1037dd610d9306d70fc599731b0986b6d01f146a78c3f3
Threat Level: Shows suspicious behavior
The file bb07d855a3fcf8c736a5fda57b7348ee_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Queries information about running processes on the device
Queries information about the current nearby Wi-Fi networks
Reads the content of photos stored on the user's device.
Queries information about active data network
Queries information about the current Wi-Fi connection
Requests dangerous framework permissions
Registers a broadcast receiver at runtime (usually for listening for system events)
Uses Crypto APIs (Might try to encrypt user data)
Checks CPU information
Checks memory information
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-18 06:02
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Required to be able to access the camera device. | android.permission.CAMERA | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. | android.permission.SYSTEM_ALERT_WINDOW | N/A | N/A |
| Allows an application to read or write the system settings. | android.permission.WRITE_SETTINGS | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to record audio. | android.permission.RECORD_AUDIO | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-18 06:02
Reported
2024-06-18 06:05
Platform
android-x64-arm64-20240611.1-en
Max time kernel
125s
Max time network
132s
Command Line
Signatures
Queries information about running processes on the device
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
Reads the content of photos stored on the user's device.
| Description | Indicator | Process | Target |
| URI accessed for read | content://media/external/images/media | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.skyworth.skyclientcenter
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.187.206:443 | tcp | |
| GB | 142.250.187.206:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 172.217.16.234:443 | tcp | |
| GB | 172.217.16.234:443 | tcp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 216.58.201.104:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | video.tc.skysrt.com | udp |
| CN | 111.230.188.72:80 | video.tc.skysrt.com | tcp |
| US | 1.1.1.1:53 | config.inmobi.com | udp |
| US | 20.39.59.188:80 | config.inmobi.com | tcp |
| CN | 111.230.188.72:80 | video.tc.skysrt.com | tcp |
| US | 1.1.1.1:53 | video.tc.skysrt.com | udp |
| CN | 111.230.188.72:80 | video.tc.skysrt.com | tcp |
| GB | 142.250.179.228:443 | tcp | |
| GB | 142.250.179.228:443 | tcp | |
| US | 1.1.1.1:53 | video.tc.skysrt.com | udp |
| CN | 111.230.188.72:80 | video.tc.skysrt.com | tcp |
Files
/data/user/0/com.skyworth.skyclientcenter/databases/com.im.db-journal
| MD5 | c8d51e3db1c2b8ca78be21a11bb30d2e |
| SHA1 | 504d6e09a35a5b2472fea961dad838a92637fade |
| SHA256 | 77422b87be2e18364ca37f9a65ded504fceb69eabc4c600af538e374bee8ea56 |
| SHA512 | e5defde51c2f0c055c7a28a481e7bcb96da284a8ae7429f47eb60e670036bd6b4008406adc6851dfbc2c79d2885426f207ad48e49610ee1475dd9f958e629cf4 |
/data/user/0/com.skyworth.skyclientcenter/databases/com.im.db
| MD5 | 283220cbe5e9b6e475e93ebba11ef75f |
| SHA1 | ea77df71f4e4c2ba960947e192e0ddeda5a48b84 |
| SHA256 | c01f6ccb167217afe0b8fb282bb78c8c8980a75f758bcd55edc5d2cf7658ac5b |
| SHA512 | e8277914047d050d7813368d72a3a7b800920b5b1ce2d28071a1ea37691ea55c259ffcad9419efbae26989956ce1df0840895640a44d357563f5210d3cc134a1 |
/data/user/0/com.skyworth.skyclientcenter/databases/com.im.db-journal
| MD5 | 4b08457ebc61e417a4957981f72acce8 |
| SHA1 | c8a72a0da45d65fbb274bd146e4bb6bdafb4c4a4 |
| SHA256 | 457a8db6b0d8deaaf67c18665598ce94f8d61773dd07aaa58000b53c2b05a6e7 |
| SHA512 | 589eb8044a1543423066275e4aee8bb06634b211a6cf818fc8c0b50af736ed6552f61a8bdc97b26287526147edfc8d51d7846da7775ba7c5bd6c69bd951a830c |
/data/user/0/com.skyworth.skyclientcenter/databases/com.im.db-journal
| MD5 | 56bd1d7023c1bc0752630730c0feaf12 |
| SHA1 | 5f45ca104aa74a6dc61c62fa7dee893c105b52d0 |
| SHA256 | 99dddfec408843660e67114a265fa25800281da8603d7d0b1f540b665c85a3ce |
| SHA512 | 8d16dd69b009181222811c8abd7a5c56cbfd85df7d9ad3e1e6c35dbce8ad28db9dce027bf99bd330c0f3f1b5638253ba614db130499fbc0d7b55e432baad65c9 |
/data/user/0/com.skyworth.skyclientcenter/databases/com.im.db-journal
| MD5 | c4090bcac2f9b70da84639e807259b6e |
| SHA1 | fc26dc7471216578228b7b7b8a73138602567820 |
| SHA256 | 0144a49fc3bd7ed098f75f9e86687b26f5c4ae97b80ce737374f60fc8e9ecad2 |
| SHA512 | cf6a386cbdbc8468870ddd2e97b59d91411ac11c91ef4753e3c332b21cb4f1913f5f247f4158a8d3b4f69ff91abb6e806330ae19d4f6a388caadbc61133a489d |
/data/user/0/com.skyworth.skyclientcenter/databases/com.im.db-journal
| MD5 | cbe1a8b96a29f890ac05de4da400aa71 |
| SHA1 | 7273c4fe3143a93bb1d83896768a477fe93999a3 |
| SHA256 | e17bf288a583e2740d440522f1863e59dbb98303eecb671bfbd6321bf3a0e25b |
| SHA512 | a26cac29bac1dad4ad3ec3bfd03a5741ac4d8780e873f29a75ae444456092e8d5f63ee3f5b1fb18f8dd810eaae83f29d7f8b3511b5fa6b6653a45064c602a6b0 |
/data/user/0/com.skyworth.skyclientcenter/databases/com.im.db
| MD5 | 876f86564ca48477d3bd0ca28de63986 |
| SHA1 | 1e841c92cd948c397cb29ee0746d694eac3cc7a3 |
| SHA256 | f55a71938a6d87d8318bf94207cbb04fdd3ac9fc9d9de70851cfbff946eacc76 |
| SHA512 | 3eee47221a49c609e2a9566625faf309e3ba5ca434d554808498f146e166ac0fa3972464492037a684ec6d51c90aadbd0820f93119cc1a7c1793ba9a2a95ebaf |
/data/user/0/com.skyworth.skyclientcenter/databases/com.im.db-journal
| MD5 | 253db17697108e9b8af0bcd2eef66434 |
| SHA1 | 941d0352a06d5a812888ca9696f06a3340fb652f |
| SHA256 | 6ef6f87259527993064f535622e1c6817f6371eb78b2532330e77ad1e1931f66 |
| SHA512 | 6fbe69ef388628a029766b6a6ed262dfb03a4b0d7bba6f7c486b3598e38395c594b38a6e2baa14ff9f6d5425809f2c7aa196f2c7361bd2c4d50b832b88f1c1c4 |
/data/data/com.skyworth.skyclientcenter/databases/cc/cc.db-journal
| MD5 | bcf538b56ba561685444a1e6883d8675 |
| SHA1 | c0b0668dc29788d16af2bd2abc049df5313e5dce |
| SHA256 | 5a1dd4ce7ee05fadb04a6f7c12d64c1f1f8f66ff569d7991bee4880fb7f7e165 |
| SHA512 | 5e92392debbe820878c19be3b317569eed150dab3b3515009ea20d6715b018bd2e2875b4f930ecaa03d09f7eab257c9bc7d089685f8a68d3ed356ed88639d02d |
/data/data/com.skyworth.skyclientcenter/databases/cc/cc.db
| MD5 | 4cfe777c9f6e7859f5efe2197401d8e5 |
| SHA1 | bb3774e8879ad5f6db0c37f151c3d6bc7b4b207a |
| SHA256 | c422190539b6414072fc3950da19a17985c0c4c2172740b2f74682b520af5231 |
| SHA512 | 6be469864edaf8eaa110f618f8abd27962da92e20945dcd38073ade2b60b10f00552d54d5db9d9f75ca133213031030e71e2e30113ff033e5ef507a28fe0b1de |
/data/data/com.skyworth.skyclientcenter/databases/cc/cc.db-journal
| MD5 | 1e4b50fd761543da1e8939abddeaa3f4 |
| SHA1 | ce05326baa678a4cd68a0bf76b3414f956b6ac34 |
| SHA256 | a20a2b0dc08c820b4260133bdbbb5fd3537c2f693a8cfdb3f2da2400741bf56a |
| SHA512 | 0f253296ed8049488c63dfc31d1585335492bbfd52c407283da973c71de487602dff40c331e367a26d50c556a50b4f62329e828e172244c40ca39272d9d3ae3e |
/data/data/com.skyworth.skyclientcenter/databases/cc/cc.db-journal
| MD5 | 41f512f08c743caf3c010f6d1ae7551e |
| SHA1 | e23d2e50cae950ac0cad054507bcfa0262d39310 |
| SHA256 | 73d1269f093c80cf7b7ebf358c3999f6db1dabf0dae00afe6ac8b53fbd4c449a |
| SHA512 | dc961f67c8059439fbaf76e2f113ef127cfca9ebac713ed4e2cb9f07dd968700685fb2c05b4f512ffd1dd0b1324a24930e433f79a2737209bf93bf4188471ba2 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-18 06:02
Reported
2024-06-18 06:05
Platform
android-x86-arm-20240611.1-en
Max time kernel
125s
Max time network
137s
Command Line
Signatures
Queries information about running processes on the device
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
Queries information about the current nearby Wi-Fi networks
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getScanResults | N/A | N/A |
Reads the content of photos stored on the user's device.
| Description | Indicator | Process | Target |
| URI accessed for read | content://media/external/images/media | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.skyworth.skyclientcenter
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | video.tc.skysrt.com | udp |
| CN | 111.230.188.72:80 | video.tc.skysrt.com | tcp |
| N/A | 239.253.0.1:1980 | udp | |
| N/A | 255.255.255.255:1980 | udp | |
| N/A | 239.253.0.1:1980 | udp | |
| N/A | 255.255.255.255:1980 | udp | |
| N/A | 239.253.0.1:1979 | udp | |
| US | 1.1.1.1:53 | config.inmobi.com | udp |
| US | 20.39.59.188:80 | config.inmobi.com | tcp |
| CN | 111.230.188.72:80 | video.tc.skysrt.com | tcp |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | video.tc.skysrt.com | udp |
| CN | 111.230.188.72:80 | video.tc.skysrt.com | tcp |
| GB | 216.58.212.202:443 | tcp | |
| US | 1.1.1.1:53 | video.tc.skysrt.com | udp |
| CN | 111.230.188.72:80 | video.tc.skysrt.com | tcp |
Files
/data/data/com.skyworth.skyclientcenter/databases/com.im.db-journal
| MD5 | ca2c9d84f673dd38add8bc6d746ea45d |
| SHA1 | ce7ec3147c8b75e9ad53a76146ce658e0332549f |
| SHA256 | fdf68de4eac69c9ddd7da612d7c1db806b778ee04c9ea11f14e4c8c5c58b7b42 |
| SHA512 | 2bd3b021b39c7b7e1e8ab317056e06391464fc6410b97a7b5a5f3a63068ae43e6ac1bedda825394381e9d3ae57a05b55aa6b3f9b986819d3f37f12edbce12193 |
/data/data/com.skyworth.skyclientcenter/databases/com.im.db
| MD5 | 7f5f65fac24b5af49ea53b4016f4b35d |
| SHA1 | 73b3dad6abcea6585bbcd50e038a33e16f95fd32 |
| SHA256 | 4240342b0052edd3fe45948dc511246295dc7b3291848d2dcfc7952d8ffa9eb3 |
| SHA512 | e5de3d2ef8d446c4087bd36dbe4d0007303bf20d5a37c0951addf456d22cbf4f6c9b0014a0212dbd85c18597e693ed2cc734cd4b9fa7fed7d5a86ba395ccc500 |
/data/data/com.skyworth.skyclientcenter/databases/com.im.db-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/com.skyworth.skyclientcenter/databases/com.im.db-wal
| MD5 | 215dee0db61647ca1a30da1c7e9ec611 |
| SHA1 | 8bffdb3fe1606e3c9dfe1d84d71cc38aec714193 |
| SHA256 | 75e2ac24550b8cb17670577f776c0a9740c8e78e83b45df93d69258c34beaa53 |
| SHA512 | 81c53c7ffe84cdc14fccc1eb5b5a1132143e6b6935b1cb7b1a7a55ececd74f4af9f2b2500b7b5a0dfbbc59be6e25c16e2c897d68b50c07e1c199545c7c4d6618 |
/data/data/com.skyworth.skyclientcenter/databases/com.im.db-wal
| MD5 | 6512e6bed5a3d1255ac0ca9a25636750 |
| SHA1 | d778f4c4fc4f51a4626cab6c86c895dea7feed89 |
| SHA256 | 1156a36b33c004d89d3a1ad6c34bd9f5c17e08855c25d0c82ec14df1d9af6ee5 |
| SHA512 | 400487c5350d71d38ab0d763e5eb454ed6d854851ddc7f8d0811c81cb92199c1ee7f3be5c585c3bbe56cc54ba18542c415e451b2b57bcc2cf377acf48d7cf250 |
/data/data/com.skyworth.skyclientcenter/databases/cc/cc.db-journal
| MD5 | 124e0512aed64b8a130b537e9bfdc63d |
| SHA1 | 78d1cc1c826184e1b7bd216cbcc60b592376967b |
| SHA256 | 79f402a3723609edb3ae9a37746fcdd32518b25cc28cbbbaaa10be43e447e3ad |
| SHA512 | 74402f45ff88aafeaf39d63e492532faa3050eb87d6118cc934bef555203f878522c9962f019caf41bbd99b667bb10d63495b6fc7bf871c5cba317906d189b8e |
/data/data/com.skyworth.skyclientcenter/databases/cc/cc.db
| MD5 | 5d7ea1a23af19b4340cc8d90f28297d5 |
| SHA1 | 4cfe95b23a9e98378d69c4290af81b51fbe76aea |
| SHA256 | 474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da |
| SHA512 | 33071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b |
/data/data/com.skyworth.skyclientcenter/databases/cc/cc.db-wal
| MD5 | 461d6341a22c5de8dfbba65a796dbb61 |
| SHA1 | 22d8ecea8e1dbbb3b13af6d3fdc24f7300092508 |
| SHA256 | d950fec25d1e56c9013bbb3928b4a703cef6e8878e21f414ed02558e0565a187 |
| SHA512 | 1ee758810a077966594dc90f1d482c3c6c6cf963fb79e93f27eb3199b6aa25224a83ee0328561e24e24785e19250dc6f6d1c4a3c103990dd79e84ab3a0d85701 |