Analysis Overview
SHA256
3463f2bf09900e924cd2dc0acb1a4ca89e37c74122425c43526dce9aa7a53b6a
Threat Level: Known bad
The file 139469bc35124b11ea955c4fcd577013_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
Irata family
Irata payload
Obtains sensitive information copied to the device clipboard
Queries the mobile country code (MCC)
Requests dangerous framework permissions
HTTP links in PDF interactive object
Registers a broadcast receiver at runtime (usually for listening for system events)
Checks CPU information
Checks memory information
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-07-28 09:54
Signatures
Irata family
Irata payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
HTTP links in PDF interactive object
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral9
Detonation Overview
Submitted
2024-07-28 09:54
Reported
2024-07-28 09:57
Platform
android-x64-arm64-20240624-en
Max time kernel
23s
Max time network
138s
Command Line
Signatures
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.appmaker.testpdf
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.206:443 | tcp | |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.179.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.179.232:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.187.228:443 | tcp | |
| GB | 142.250.187.228:443 | tcp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-07-28 09:54
Reported
2024-07-28 09:57
Platform
android-x64-arm64-20240624-en
Max time kernel
124s
Max time network
138s
Command Line
Signatures
Processes
com.appmaker.appmaker
Network
| Country | Destination | Domain | Proto |
| GB | 216.58.212.238:443 | tcp | |
| GB | 216.58.212.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.178.14:443 | android.apis.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.180.8:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.187.228:443 | tcp | |
| GB | 142.250.187.228:443 | tcp |
Files
/data/user/0/com.appmaker.appmaker/files/apps.db
| MD5 | c2a1f88133779c380ff4af26d8fc3487 |
| SHA1 | 4473bf8ac5691a8444f6044b89e38c106262e895 |
| SHA256 | b1664dca893df407378fedd3ce41f0f72a353d0080b5b0e37c1a7b69708a5d2e |
| SHA512 | 32ed897c268115a8632ef8c8da7328b2ee0b14ab065ecfe61192dc65f5a64ce375aa8ae3eb2ea5ced07b588ffa0d505d2c6cd1c68d14306b9a826553a58cb2fd |
Analysis: behavioral7
Detonation Overview
Submitted
2024-07-28 09:54
Reported
2024-07-28 09:57
Platform
android-x86-arm-20240624-en
Max time kernel
48s
Max time network
136s
Command Line
Signatures
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.appmaker.testpdf
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.200.46:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.204.78:443 | android.apis.google.com | tcp |
Files
Analysis: behavioral10
Detonation Overview
Submitted
2024-07-28 09:54
Reported
2024-07-28 09:57
Platform
android-x86-arm-20240624-en
Max time kernel
31s
Max time network
136s
Command Line
Signatures
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.appmaker.testappsx
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.200.46:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.169.46:443 | android.apis.google.com | tcp |
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-07-28 09:54
Reported
2024-07-28 09:57
Platform
android-x86-arm-20240624-en
Max time kernel
123s
Max time network
131s
Command Line
Signatures
Processes
com.appmaker.appmaker
Network
| Country | Destination | Domain | Proto |
| GB | 216.58.201.110:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |
Files
/data/data/com.appmaker.appmaker/files/apps.db
| MD5 | c2a1f88133779c380ff4af26d8fc3487 |
| SHA1 | 4473bf8ac5691a8444f6044b89e38c106262e895 |
| SHA256 | b1664dca893df407378fedd3ce41f0f72a353d0080b5b0e37c1a7b69708a5d2e |
| SHA512 | 32ed897c268115a8632ef8c8da7328b2ee0b14ab065ecfe61192dc65f5a64ce375aa8ae3eb2ea5ced07b588ffa0d505d2c6cd1c68d14306b9a826553a58cb2fd |
/data/data/com.appmaker.appmaker/files/apps.db-journal
| MD5 | bf54b1af49dff36aae4ed1df70dee551 |
| SHA1 | 8419dc1e02890127da192bc414e8a260b2ec9c2d |
| SHA256 | 873610fef046aca1e3d640bfd367d1c5605f15cba8fd1e4b4a3f5a2ebba38bf1 |
| SHA512 | 468c424148eef8f3d5e644e401df70b1bf25a81fdc3c390c53b8efb3e08556170d53d4fc2f97bc1fb0a06fce8dfce5c58d3105a1a0624d1f6e6da067883ae089 |
/data/data/com.appmaker.appmaker/files/apps.db
| MD5 | 62a4d9612947a6efb4dbc5d05a0c0feb |
| SHA1 | 67514e7ddc9b4b638c6bfb011973f96b6f3ae914 |
| SHA256 | 51d4ce3345eabb9f2ae966d6e1c1ee9934e37e3840d77ff02bd724dd7a940258 |
| SHA512 | d2cf9c2339c855d4a6caf5e620d27f0cfa661a70d0f7dc2e6c4839479858da44cbd06148f0683806817d02108a968dc8433ccb471946cc5f7a740ba8008b1df3 |
Analysis: behavioral5
Detonation Overview
Submitted
2024-07-28 09:54
Reported
2024-07-28 09:57
Platform
android-x64-20240624-en
Max time kernel
22s
Max time network
169s
Command Line
Signatures
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.myapp.exs
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 172.217.169.72:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.179.238:443 | android.apis.google.com | tcp |
| GB | 142.250.180.4:443 | tcp | |
| GB | 142.250.180.4:443 | tcp |
Files
Analysis: behavioral6
Detonation Overview
Submitted
2024-07-28 09:54
Reported
2024-07-28 09:57
Platform
android-x64-arm64-20240624-en
Max time kernel
22s
Max time network
137s
Command Line
Signatures
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.myapp.exs
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.180.14:443 | tcp | |
| GB | 142.250.180.14:443 | tcp | |
| GB | 142.250.180.14:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.204.78:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 172.217.16.232:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.200.36:443 | tcp | |
| GB | 142.250.200.36:443 | tcp |
Files
Analysis: behavioral8
Detonation Overview
Submitted
2024-07-28 09:54
Reported
2024-07-28 09:57
Platform
android-x64-20240624-en
Max time kernel
42s
Max time network
170s
Command Line
Signatures
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.appmaker.testpdf
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 172.217.169.72:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.180.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.204.78:443 | android.apis.google.com | tcp |
| GB | 172.217.16.228:443 | tcp | |
| GB | 172.217.16.228:443 | tcp | |
| GB | 142.250.179.238:443 | tcp | |
| GB | 142.250.200.34:443 | tcp |
Files
Analysis: behavioral12
Detonation Overview
Submitted
2024-07-28 09:54
Reported
2024-07-28 09:57
Platform
android-x64-arm64-20240624-en
Max time kernel
149s
Max time network
138s
Command Line
Signatures
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.appmaker.testappsx
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.187.238:443 | tcp | |
| GB | 142.250.187.238:443 | tcp | |
| GB | 142.250.187.238:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 216.58.204.72:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.200.36:443 | tcp | |
| GB | 142.250.200.36:443 | tcp |
Files
Analysis: behavioral4
Detonation Overview
Submitted
2024-07-28 09:54
Reported
2024-07-28 09:57
Platform
android-x86-arm-20240624-en
Max time kernel
21s
Max time network
140s
Command Line
Signatures
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.myapp.exs
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-07-28 09:54
Reported
2024-07-28 09:57
Platform
android-x64-20240624-en
Max time kernel
124s
Max time network
166s
Command Line
Signatures
Processes
com.appmaker.appmaker
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 172.217.16.232:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.179.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.169.14:443 | android.apis.google.com | tcp |
| GB | 142.250.180.4:443 | tcp | |
| GB | 142.250.180.4:443 | tcp | |
| GB | 216.58.201.98:443 | tcp | |
| GB | 172.217.169.46:443 | tcp |
Files
/data/data/com.appmaker.appmaker/files/apps.db
| MD5 | c2a1f88133779c380ff4af26d8fc3487 |
| SHA1 | 4473bf8ac5691a8444f6044b89e38c106262e895 |
| SHA256 | b1664dca893df407378fedd3ce41f0f72a353d0080b5b0e37c1a7b69708a5d2e |
| SHA512 | 32ed897c268115a8632ef8c8da7328b2ee0b14ab065ecfe61192dc65f5a64ce375aa8ae3eb2ea5ced07b588ffa0d505d2c6cd1c68d14306b9a826553a58cb2fd |
Analysis: behavioral11
Detonation Overview
Submitted
2024-07-28 09:54
Reported
2024-07-28 09:57
Platform
android-x64-20240624-en
Max time kernel
30s
Max time network
169s
Command Line
Signatures
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.appmaker.testappsx
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.179.232:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.187.228:80 | www.google.com | tcp |
| GB | 142.250.187.228:443 | www.google.com | tcp |
| GB | 142.250.179.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| GB | 142.250.179.228:443 | tcp | |
| GB | 142.250.179.228:443 | tcp | |
| GB | 142.250.200.34:443 | tcp | |
| GB | 216.58.204.78:443 | tcp |