Malware Analysis Report

2025-01-19 04:52

Sample ID 240618-k2he3s1bjj
Target baec21961cb9615b546498b6ae9a8acd_JaffaCakes118
SHA256 b7aeb85b33e3977256829f7b7ffb180b758ac7a50051b210a862f3b7ffbbf2d1
Tags
collection discovery persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

b7aeb85b33e3977256829f7b7ffb180b758ac7a50051b210a862f3b7ffbbf2d1

Threat Level: Shows suspicious behavior

The file baec21961cb9615b546498b6ae9a8acd_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

collection discovery persistence

Queries information about running processes on the device

Reads the contacts stored on the device.

Queries information about active data network

Requests dangerous framework permissions

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks CPU information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-18 09:05

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to write and read the user's call log data. android.permission.WRITE_CALL_LOG N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-06-18 09:05

Reported

2024-06-18 09:05

Platform

android-x86-arm-20240611.1-en

Max time network

7s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-06-18 09:05

Reported

2024-06-18 09:05

Platform

android-x64-20240611.1-en

Max time network

6s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2024-06-18 09:05

Reported

2024-06-18 09:05

Platform

android-x64-arm64-20240611.1-en

Max time network

7s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 142.250.187.206:443 tcp
GB 142.250.187.206:443 tcp
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-18 09:05

Reported

2024-06-18 09:08

Platform

android-x64-arm64-20240611.1-en

Max time kernel

10s

Max time network

134s

Command Line

com.listencp.client

Signatures

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Reads the contacts stored on the device.

collection
Description Indicator Process Target
URI accessed for read content://com.android.contacts/contacts N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Processes

com.listencp.client

Network

Country Destination Domain Proto
GB 142.250.187.206:443 tcp
GB 142.250.187.206:443 tcp
N/A 224.0.0.251:5353 udp
GB 172.217.16.234:443 tcp
GB 172.217.16.234:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.200:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 hxqd.openspeech.cn udp
US 1.1.1.1:53 data.openspeech.cn udp
CN 114.118.64.119:80 hxqd.openspeech.cn tcp
CN 117.48.148.47:80 data.openspeech.cn tcp
CN 114.118.64.119:80 hxqd.openspeech.cn tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp

Files

/data/data/com.listencp.client/framework.dat

MD5 9bc3a84c2e2e9ba0a37d7737a5abd0b2
SHA1 ecd83d5788c86487da2bdb8eaef1de080a164cc8
SHA256 8237992a1cb1d1f02965a8d57d361f31850d2ec1e591698a12db0305f6c4d837
SHA512 cbecebd1fd7c107e56fcd712815683b7ab252e6e3eb970b35177e3618ac29b60f902748c0a0f35cde76363584703ec085ba792169df87eb0547ba2e591ba9409

/data/data/com.listencp.client/lib2/libapi.so

MD5 658690917f8b717b917793de30a34f43
SHA1 56019eac6c739f2415ae0668e6510d6a5d3870b6
SHA256 18c928cfcf60a4e422ec292974170d63ee2d2abd425c02366ea01653476ced51
SHA512 d85e2a8dfa525690b57ea22ee69ace99a4ce42b5b94703c7c7d36eede5688c9e2ed49bc31d0e426fe0a1561c8b0cfb7e0926982464410b56a7646b99b267c75b

/data/data/com.listencp.client/module/comrepository.xml

MD5 093603dc3e09d097f223c47b4606cd6a
SHA1 be1e852cf09e66516d8ca3161e31caf225ec3cc8
SHA256 c2a550b239550896b800991af55a68bf5eee4bf4f2c6a5706063fb8e6c2105b2
SHA512 c8e479e420dee79a30f90efe6a7755df3bd464b497b6b173c1745cec27e0e29185babbc7120b37147d8960dd21347f8f7939e85395fd5d733502f4995f343e9e

/data/data/com.listencp.client/module/com_listencp_client.zip

MD5 0caff2f1e2489e8149094288d6c24219
SHA1 923e8ad3bafdc7bdd42a48d59c4e8dbffc1890ad
SHA256 3c4099ae484d63ac8359bdc937c46eaca65cc687614ab735744a4a6e98b436de
SHA512 de9241a97c3dfd3ddeb4ba93ce3105b5d4e638a6819b224f9176a5e5b9caaa7a9dc882f766b3f1b1beb041e329610511ae0e5113fe4fccd16226e3412ff8f03a

/data/data/com.listencp.client/module/icon.png

MD5 2045246c78360bbe4cc69aaa7d4c7bcc
SHA1 80ee7b42d694016ffd494c2273540df1c1767422
SHA256 92989a926a3161b835c5fd7379fb3c40a264258bff8a46189c6698c42cc31af7
SHA512 a62f75e220fdb843d22c3e9d71443bebe5703af61dee08b143bfa92f847351df1a55bbb6ab5cd77cbfd3875a4479fcfdceee30e3d135ba7b67644834cf662232

/data/data/com.listencp.client/msc/res/ifp/common.jet

MD5 fc242b05ff6ac02f341e9dc2f04030b2
SHA1 ae602293be8e5e9a3ba716383f3b4c62b995f8dd
SHA256 f2a484ff039d7b932f24687d036d11b4c2d02aca742104a1f83afd6a9a7bf7e1
SHA512 83dcd85ca6f27515f5d18c308cc643514b3941b65778df916766cc5c86a164e2bf1be0d61c01bebcddf9da5feaaaa730e58d385e35f5771b331c9ef3be37a905

/data/data/com.listencp.client/module/cid_L0040007

MD5 f33b9044fdf2fe7a34981300d37c3d0f
SHA1 ffe705fed7b3b824b7bf8a615349065a580a012b
SHA256 f3a56692cb633777c8a1ead1ba00759c9964358b32795f73194b65c4d7dec737
SHA512 6df6b312980a9bd2dcfd80ab3c6a4fd65e1f65351bb2922ddf4f472912c40729b6b0a1e6ee2ff17f36481f8e8e8e930ca14303f7a2782259eae5fb4b3c1c985c

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-18 09:05

Reported

2024-06-18 09:05

Platform

android-x86-arm-20240611.1-en

Max time network

6s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-06-18 09:05

Reported

2024-06-18 09:05

Platform

android-x64-arm64-20240611.1-en

Max time network

8s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-18 09:05

Reported

2024-06-18 09:08

Platform

android-x86-arm-20240611.1-en

Max time kernel

8s

Max time network

139s

Command Line

com.listencp.client

Signatures

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Reads the contacts stored on the device.

collection
Description Indicator Process Target
URI accessed for read content://com.android.contacts/contacts N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A
File opened for read /proc/cpuinfo N/A N/A

Processes

com.listencp.client

cat /proc/cpuinfo

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 hxqd.openspeech.cn udp
US 1.1.1.1:53 data.openspeech.cn udp
CN 114.118.64.119:80 hxqd.openspeech.cn tcp
CN 117.48.148.47:80 data.openspeech.cn tcp
CN 114.118.64.119:80 hxqd.openspeech.cn tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp

Files

/data/data/com.listencp.client/framework.dat

MD5 9bc3a84c2e2e9ba0a37d7737a5abd0b2
SHA1 ecd83d5788c86487da2bdb8eaef1de080a164cc8
SHA256 8237992a1cb1d1f02965a8d57d361f31850d2ec1e591698a12db0305f6c4d837
SHA512 cbecebd1fd7c107e56fcd712815683b7ab252e6e3eb970b35177e3618ac29b60f902748c0a0f35cde76363584703ec085ba792169df87eb0547ba2e591ba9409

/data/data/com.listencp.client/lib2/libapi.so

MD5 658690917f8b717b917793de30a34f43
SHA1 56019eac6c739f2415ae0668e6510d6a5d3870b6
SHA256 18c928cfcf60a4e422ec292974170d63ee2d2abd425c02366ea01653476ced51
SHA512 d85e2a8dfa525690b57ea22ee69ace99a4ce42b5b94703c7c7d36eede5688c9e2ed49bc31d0e426fe0a1561c8b0cfb7e0926982464410b56a7646b99b267c75b

/data/data/com.listencp.client/module/comrepository.xml

MD5 093603dc3e09d097f223c47b4606cd6a
SHA1 be1e852cf09e66516d8ca3161e31caf225ec3cc8
SHA256 c2a550b239550896b800991af55a68bf5eee4bf4f2c6a5706063fb8e6c2105b2
SHA512 c8e479e420dee79a30f90efe6a7755df3bd464b497b6b173c1745cec27e0e29185babbc7120b37147d8960dd21347f8f7939e85395fd5d733502f4995f343e9e

/data/data/com.listencp.client/module/com_listencp_client.zip

MD5 0caff2f1e2489e8149094288d6c24219
SHA1 923e8ad3bafdc7bdd42a48d59c4e8dbffc1890ad
SHA256 3c4099ae484d63ac8359bdc937c46eaca65cc687614ab735744a4a6e98b436de
SHA512 de9241a97c3dfd3ddeb4ba93ce3105b5d4e638a6819b224f9176a5e5b9caaa7a9dc882f766b3f1b1beb041e329610511ae0e5113fe4fccd16226e3412ff8f03a

/data/data/com.listencp.client/module/icon.png

MD5 2045246c78360bbe4cc69aaa7d4c7bcc
SHA1 80ee7b42d694016ffd494c2273540df1c1767422
SHA256 92989a926a3161b835c5fd7379fb3c40a264258bff8a46189c6698c42cc31af7
SHA512 a62f75e220fdb843d22c3e9d71443bebe5703af61dee08b143bfa92f847351df1a55bbb6ab5cd77cbfd3875a4479fcfdceee30e3d135ba7b67644834cf662232

/data/data/com.listencp.client/msc/res/ifp/common.jet

MD5 fc242b05ff6ac02f341e9dc2f04030b2
SHA1 ae602293be8e5e9a3ba716383f3b4c62b995f8dd
SHA256 f2a484ff039d7b932f24687d036d11b4c2d02aca742104a1f83afd6a9a7bf7e1
SHA512 83dcd85ca6f27515f5d18c308cc643514b3941b65778df916766cc5c86a164e2bf1be0d61c01bebcddf9da5feaaaa730e58d385e35f5771b331c9ef3be37a905

/data/data/com.listencp.client/module/cid_L0040007

MD5 f33b9044fdf2fe7a34981300d37c3d0f
SHA1 ffe705fed7b3b824b7bf8a615349065a580a012b
SHA256 f3a56692cb633777c8a1ead1ba00759c9964358b32795f73194b65c4d7dec737
SHA512 6df6b312980a9bd2dcfd80ab3c6a4fd65e1f65351bb2922ddf4f472912c40729b6b0a1e6ee2ff17f36481f8e8e8e930ca14303f7a2782259eae5fb4b3c1c985c

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-18 09:05

Reported

2024-06-18 09:05

Platform

android-x64-20240611.1-en

Max time network

6s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A