Malware Analysis Report

2025-06-15 22:31

Sample ID 241102-nc7kfsslas
Target 8529d06bceb4698e53788b840352137d_JaffaCakes118
SHA256 1d5d6adad6260acfbdf62853dc69ee5f2f37030ec96741bd71675d90db8c146a
Tags
collection credential_access discovery evasion impact persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

1d5d6adad6260acfbdf62853dc69ee5f2f37030ec96741bd71675d90db8c146a

Threat Level: Shows suspicious behavior

The file 8529d06bceb4698e53788b840352137d_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

collection credential_access discovery evasion impact persistence

Obtains sensitive information copied to the device clipboard

Loads dropped Dex/Jar

Queries the mobile country code (MCC)

Requests dangerous framework permissions

Acquires the wake lock

Queries information about active data network

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks memory information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-02 11:16

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-02 11:16

Reported

2024-11-02 11:18

Platform

android-x64-20240624-en

Max time kernel

149s

Max time network

156s

Command Line

labs.hands.fighter.twoplayers

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/labs.hands.fighter.twoplayers/files/8859ce64.dex N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

labs.hands.fighter.twoplayers

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 digitalassetlinks.googleapis.com udp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 one.cryptonomiconf.com udp
DE 165.22.74.138:80 one.cryptonomiconf.com tcp
GB 142.250.180.4:443 tcp
GB 142.250.180.4:443 tcp
GB 172.217.16.238:443 tcp
GB 142.250.179.226:443 tcp

Files

/data/data/labs.hands.fighter.twoplayers/files/8859ce64.dex

MD5 0a5e2225a6428970a4098a52fa282935
SHA1 6bbe63de4c745b36edf368f874005497a6ea4bec
SHA256 3423cca794e42d4daa815d066c3c795871acac7b460fda2d74012dd012af0a2f
SHA512 177abc6d51fa72a9dc1fc048405cd7d8ee3c125e74c85f17316f15ac8c865c604d03d5f560a2a8b844726d91bbef06304f6c9ccab11f94b59d715e338dc64af8

/data/user/0/labs.hands.fighter.twoplayers/files/8859ce64.dex

MD5 7811081ed59f58e9488e0c4ca4de3a80
SHA1 4172f3eca58f9b680cea6d58480f1248541a50d0
SHA256 5eecd797092618e4a632c1bb074fe611a9a76f8ec0d3f3201d8d2d62c1ea4fcd
SHA512 77bee3f0ba12a1284fcbda37b741b0e1fd24d0f12ace2a95c7dac146034cd0a48ca5e4b2e497321b9de91242247de2c753fe135ae29980f4706cb741fe1ef340

/data/data/labs.hands.fighter.twoplayers/no_backup/com.google.InstanceId.properties

MD5 761fa52a48339f2c74db48b68fc1241d
SHA1 143b8f446ec1ccc33a8112c6cadc8b9d5a86d8cc
SHA256 45d0a4a648ad27d20989c518b34b1c5be624a9010a8244ff87aecff65023eaeb
SHA512 f846cc08efb3e06b08dbef2e1b5c99ad70f6f681d42c91aebbdf29b21d5c96a324f5ebb1f41b892df333462c7f5e95f5687ee740d2ac34340dbc167008ecc3bf

/data/data/labs.hands.fighter.twoplayers/files/BGEaUZrY

MD5 1bfe97d63e85c55cb7b28e1dd825331f
SHA1 f7ee48881ab70e4d5a9f043fafa185f7b7a359c1
SHA256 eaf53ec42af418007cbb036be1752784ad94bf6fe4cd56310e7ec4e0a80fc997
SHA512 85767faf90c273bc863f4895a68dd79b88d1ce3520d0e79768f890704ae03c113f73680413ba43a9b613cbc5d41ba12c4e5c748b2007ef27037cce46fdb4de6e

/data/data/labs.hands.fighter.twoplayers/files/TrPJFdsN

MD5 851be5bff6e667c21994e7819091727b
SHA1 c5b170ba568a23219296dcb19fa6789b55605d2e
SHA256 25e9fb0efb1b5642f5f9d5283f2942ad6be583cb4192665397e09561a61d190a
SHA512 8c672fa466ee4bbf972c3e1c7505def5ece707d47aeff99d83bb35ec56110d367b4149a26ddc53a267c7bcca358b5ef0643ac82ee498917c076f00d707b78093

/data/data/labs.hands.fighter.twoplayers/files/TrPJFdsN

MD5 9e615f5cb63fad41d26d2407bb9592ea
SHA1 c36dbb740f867705a23f771f0dadc80e74896969
SHA256 7f481c53b6d70d5ef95d1032006d6e9c820241b9039186b1fab18d260ba6fdad
SHA512 3d50d849afb238b6413e5f0418407f381fb3b541ac25113b922ad2ac6432296837a7340d64caba90a31a74a74dbb1aa64641ed8bb11f69af9e9d726869479e7a

/data/data/labs.hands.fighter.twoplayers/files/BGEaUZrY

MD5 01af51f10781bee11de89ddc64675e43
SHA1 a2b4c7033f90d1ccc11ef51b6fbbc140a3df05e6
SHA256 cfe6c80f9b4e9a0814923bf1020ade7c90cdd35044ab41e063e635dfafe33578
SHA512 212b3369f5db64545db4d7271cb21fcf2efdf416fb9710216c0c0554c96bd7055d52eff9ac7b061db7f5a83648b2615a716084c92e24093f7165649d43ecc069

/data/data/labs.hands.fighter.twoplayers/files/TrPJFdsN

MD5 63f4bae8102cecfd2b7a3b69d079f5ba
SHA1 52da32f6f7b80d5eea086f578a1a483896f7853c
SHA256 8501ad8c9ef3d9178d8e626e5d4b2794c7c792b91cf2cde3ac52a9c58b7b0544
SHA512 01d98a244f7b16def3c318218db774dbd96ce46046536085a88debfcee9fe54e64456e5f900615087f43e317a6ba8f73137156f88bf3303cc1283b599e1c56b0

Analysis: behavioral3

Detonation Overview

Submitted

2024-11-02 11:16

Reported

2024-11-02 11:18

Platform

android-x64-arm64-20240624-en

Max time kernel

146s

Max time network

133s

Command Line

labs.hands.fighter.twoplayers

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/labs.hands.fighter.twoplayers/files/8859ce64.dex N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

labs.hands.fighter.twoplayers

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.14:443 android.apis.google.com tcp
GB 142.250.200.14:443 android.apis.google.com tcp
US 1.1.1.1:53 digitalassetlinks.googleapis.com udp
GB 172.217.169.74:443 digitalassetlinks.googleapis.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.180.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 one.cryptonomiconf.com udp
FR 45.80.215.153:80 one.cryptonomiconf.com tcp
GB 142.250.187.196:443 tcp
GB 142.250.187.196:443 tcp

Files

/data/user/0/labs.hands.fighter.twoplayers/files/8859ce64.dex

MD5 0a5e2225a6428970a4098a52fa282935
SHA1 6bbe63de4c745b36edf368f874005497a6ea4bec
SHA256 3423cca794e42d4daa815d066c3c795871acac7b460fda2d74012dd012af0a2f
SHA512 177abc6d51fa72a9dc1fc048405cd7d8ee3c125e74c85f17316f15ac8c865c604d03d5f560a2a8b844726d91bbef06304f6c9ccab11f94b59d715e338dc64af8

/data/user/0/labs.hands.fighter.twoplayers/files/8859ce64.dex

MD5 7811081ed59f58e9488e0c4ca4de3a80
SHA1 4172f3eca58f9b680cea6d58480f1248541a50d0
SHA256 5eecd797092618e4a632c1bb074fe611a9a76f8ec0d3f3201d8d2d62c1ea4fcd
SHA512 77bee3f0ba12a1284fcbda37b741b0e1fd24d0f12ace2a95c7dac146034cd0a48ca5e4b2e497321b9de91242247de2c753fe135ae29980f4706cb741fe1ef340

/data/user/0/labs.hands.fighter.twoplayers/no_backup/com.google.InstanceId.properties

MD5 15fb71ad5edee8a4941089aa51122418
SHA1 2f66cb7b614577aa98c8fbd51ac9aa43485b3055
SHA256 e3371bd9e7014a622de970dd30812bdd96099ce8b66ea191cc324dca2d8335f7
SHA512 d6a8ff31e0a8457043c43ae9187032299bfab61f196469f462fd721d92ac5dbaa7a15785bf7ef9f0f501680f3b07c71815440a6a127a1a80d3953cdef887811d

/data/user/0/labs.hands.fighter.twoplayers/files/BGEaUZrY

MD5 c391d118f0d5fdd7c12be06c775cc8d4
SHA1 089e23516555474ab5a5449cde39d348a7c0aaf5
SHA256 96d7715045b5cabf20156fa310ecc9bfbc8df1ac3b2c8016fff86aa0e459deb6
SHA512 26c9b3c3f71f5510dd55078c57e24dd24fd6cc90cca25c61b14c8e6e465dd5c2bdfbd15f569f7ae5a6401a21436c71511f6797384657c31f1884a38e0e0ccdbb

/data/user/0/labs.hands.fighter.twoplayers/files/TrPJFdsN

MD5 b5e757695315ddcf961f59a925590340
SHA1 8e6d21f22aa6d2c8711d15bac85bab8bc1ea3690
SHA256 f21589baa9a645e6d09ca71bc9af463c5b6d77f1f72e0112979c4edccbe85767
SHA512 e622567fb0ed8172f99a172a4eaaa36ee17315f4688fbf0d8160cfcb2363f6511cc51651ac93a1c9701a5f974055a3054ddb97b99fd437afa42de2dab0f1bcc9

/data/user/0/labs.hands.fighter.twoplayers/files/TrPJFdsN

MD5 4a2e34c571181db0880371eac5cf1731
SHA1 53cf814c3a5e24e42d5ab11c3893a16157b18b37
SHA256 fbb5e4ac5d86a3ba0e99a17d803bd35a8547421d11f6b9b5782bd52333a576b1
SHA512 60b8a142276990cf1eae25ee1b0156cf5521e4d22f32758e651066f189e01f444b12f95088bd2d3ae6c1b3af7f45b7a8c6949e0f507d8b8a2cd6e0e70cbf73a4

/data/user/0/labs.hands.fighter.twoplayers/files/BGEaUZrY

MD5 83d5d61cf876f33dcf71c5b127c84a8b
SHA1 ac66d9e0b7771576abdb370229fc3b1c3dc43e43
SHA256 31faa4ece02f6d19a204c2d7a3cc814b48717016bad2cacf60fd44d07d8c2805
SHA512 93806bc9e82b784c6b5c9e8e1d25b7b567cb25c11b89f0d343bea40092f788dc4323c7c055fcb0c4aa79645b399acf6d71b56292c3a538114b28e04a24d5efcb

/data/user/0/labs.hands.fighter.twoplayers/files/TrPJFdsN

MD5 d40f21ae25c98e3bfab978cbd6efa6ce
SHA1 67398cf14d78ba3116fe3c3ab148bc48fab7fb6d
SHA256 6f54ccfd9d4d0c3904b8a9f45e79dcca1af0bc6fb30b07adcd20a8b5d6a54103
SHA512 04a11eaee1f340205edac2b02229bc2d9c9460648953ee4f18c56439957114a499797a7813dc034515e8a14770d6c7a2a55629fa491813eb0fa239406067cf99

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-02 11:16

Reported

2024-11-02 11:18

Platform

android-x86-arm-20240624-en

Max time kernel

145s

Max time network

131s

Command Line

labs.hands.fighter.twoplayers

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/labs.hands.fighter.twoplayers/files/8859ce64.dex N/A N/A
N/A /data/user/0/labs.hands.fighter.twoplayers/files/8859ce64.dex N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

labs.hands.fighter.twoplayers

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/labs.hands.fighter.twoplayers/files/8859ce64.dex --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/labs.hands.fighter.twoplayers/files/oat/x86/8859ce64.odex --compiler-filter=quicken --class-loader-context=&

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 digitalassetlinks.googleapis.com udp
GB 172.217.169.42:443 digitalassetlinks.googleapis.com tcp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 android.apis.google.com tcp
US 1.1.1.1:53 one.cryptonomiconf.com udp
FR 45.80.215.153:80 one.cryptonomiconf.com tcp
GB 142.250.179.234:443 digitalassetlinks.googleapis.com tcp

Files

/data/data/labs.hands.fighter.twoplayers/files/8859ce64.dex

MD5 0a5e2225a6428970a4098a52fa282935
SHA1 6bbe63de4c745b36edf368f874005497a6ea4bec
SHA256 3423cca794e42d4daa815d066c3c795871acac7b460fda2d74012dd012af0a2f
SHA512 177abc6d51fa72a9dc1fc048405cd7d8ee3c125e74c85f17316f15ac8c865c604d03d5f560a2a8b844726d91bbef06304f6c9ccab11f94b59d715e338dc64af8

/data/user/0/labs.hands.fighter.twoplayers/files/8859ce64.dex

MD5 7811081ed59f58e9488e0c4ca4de3a80
SHA1 4172f3eca58f9b680cea6d58480f1248541a50d0
SHA256 5eecd797092618e4a632c1bb074fe611a9a76f8ec0d3f3201d8d2d62c1ea4fcd
SHA512 77bee3f0ba12a1284fcbda37b741b0e1fd24d0f12ace2a95c7dac146034cd0a48ca5e4b2e497321b9de91242247de2c753fe135ae29980f4706cb741fe1ef340

/data/data/labs.hands.fighter.twoplayers/no_backup/com.google.InstanceId.properties

MD5 2b23d8c63158f74269a55d5d60f37206
SHA1 400f44ecbcb3a13be44b6a03b9ca6cf7bc0e1b54
SHA256 d7cde2dcd3c9d9424e63de725ef8c7d1e233813ec99717876ba82b5f8d8223bb
SHA512 170a5833a130ea4300b415f16fbe7876b9a7e17b9b51d6f6e804e890b3d89fd97b70528ae061cf1902cadc616ccd7a5d4280a13ef874357306571556edd5dbc0

/data/data/labs.hands.fighter.twoplayers/files/BGEaUZrY

MD5 295ff2a17dd578f0adfe6eb4a8100c85
SHA1 83edb276589b00b198cbfaca7150f5d13244edea
SHA256 41adccc39d8344e7e79fd06ff812174323f5462aa0d88faee8ad7de07165476c
SHA512 e4d370272ab1a341fb3f6d9a7706a205298e1d1608c842958cd267ff148a4be7c0813ce611b6a8dafdf867009cc03fc8856b6b96babe98a41e6c976284e4685b

/data/data/labs.hands.fighter.twoplayers/files/TrPJFdsN

MD5 4df3245f9c9bd428119de0c311e97217
SHA1 0bce3f4c893bf62f1e88eab8f874def82f24494d
SHA256 0eb8ac5837b3a0cdb72dd4b1364ecbab72fe4feac6135aedcab1c61ac33d812c
SHA512 8a6d7ae492cf14c3432146aeda6837c509a2d887463f20386ad60a64766c85efbf8712dd44d8eadb99d6bc59681da73b265be351cf9794e0ddc837f72c24a632

/data/data/labs.hands.fighter.twoplayers/files/TrPJFdsN

MD5 da387fc6e3f601f303c435181d153ba3
SHA1 132e79f402ef0475f431711711b870bf9436153a
SHA256 3fbc8e7ffb763fb829517d0b33b7578d8e32c8fc6547ea15e29c621866ec30d3
SHA512 1f83e85c47f620698cd75768a656824a053df38f5ac4bea89d0f227f973b3201a42b7cc349d1af1349691ae26cd6be935a8e8c6f4a2060041567072258c9fb46

/data/data/labs.hands.fighter.twoplayers/files/BGEaUZrY

MD5 19d5877d4640dbc765be52de6f1b1a34
SHA1 c12225e5f530507a565405c73e83b4ca30a17bfd
SHA256 11861eda041ba8d4cdb2a397760007e3a2f7cf69865e1eab4e5261e529276f1e
SHA512 72a24b88ac698d96f52c83746d573bcbaf1fd01c8d309fee85985056f24dacf96fb9f01465862fd399cdbb901f5c3f94c6d7e55427e53bc49dcc7cb245489926

/data/data/labs.hands.fighter.twoplayers/files/TrPJFdsN

MD5 0a73d887e963c5b5f1ff34e0cfa2cfb8
SHA1 dcf37ff05315f46673ee3a2f6ecbf664523ea32b
SHA256 3eee83d3284195a39ca84e44b01fc4c4845662cf854ea3657edef3c483b628cd
SHA512 cbb009a2560312006f3c2c5153830df2ca827a55ca98b5551a86e12f5204b7996acfcd7c4dbd5337827d90321ac0f725e2c7e4c444ee8df73680f5034e04a109