Analysis Overview
SHA256
1d5d6adad6260acfbdf62853dc69ee5f2f37030ec96741bd71675d90db8c146a
Threat Level: Shows suspicious behavior
The file 8529d06bceb4698e53788b840352137d_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Obtains sensitive information copied to the device clipboard
Loads dropped Dex/Jar
Queries the mobile country code (MCC)
Requests dangerous framework permissions
Acquires the wake lock
Queries information about active data network
Registers a broadcast receiver at runtime (usually for listening for system events)
Checks memory information
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-02 11:16
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-02 11:16
Reported
2024-11-02 11:18
Platform
android-x64-20240624-en
Max time kernel
149s
Max time network
156s
Command Line
Signatures
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/labs.hands.fighter.twoplayers/files/8859ce64.dex | N/A | N/A |
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
labs.hands.fighter.twoplayers
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | digitalassetlinks.googleapis.com | udp |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.46:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.200.8:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | one.cryptonomiconf.com | udp |
| DE | 165.22.74.138:80 | one.cryptonomiconf.com | tcp |
| GB | 142.250.180.4:443 | tcp | |
| GB | 142.250.180.4:443 | tcp | |
| GB | 172.217.16.238:443 | tcp | |
| GB | 142.250.179.226:443 | tcp |
Files
/data/data/labs.hands.fighter.twoplayers/files/8859ce64.dex
| MD5 | 0a5e2225a6428970a4098a52fa282935 |
| SHA1 | 6bbe63de4c745b36edf368f874005497a6ea4bec |
| SHA256 | 3423cca794e42d4daa815d066c3c795871acac7b460fda2d74012dd012af0a2f |
| SHA512 | 177abc6d51fa72a9dc1fc048405cd7d8ee3c125e74c85f17316f15ac8c865c604d03d5f560a2a8b844726d91bbef06304f6c9ccab11f94b59d715e338dc64af8 |
/data/user/0/labs.hands.fighter.twoplayers/files/8859ce64.dex
| MD5 | 7811081ed59f58e9488e0c4ca4de3a80 |
| SHA1 | 4172f3eca58f9b680cea6d58480f1248541a50d0 |
| SHA256 | 5eecd797092618e4a632c1bb074fe611a9a76f8ec0d3f3201d8d2d62c1ea4fcd |
| SHA512 | 77bee3f0ba12a1284fcbda37b741b0e1fd24d0f12ace2a95c7dac146034cd0a48ca5e4b2e497321b9de91242247de2c753fe135ae29980f4706cb741fe1ef340 |
/data/data/labs.hands.fighter.twoplayers/no_backup/com.google.InstanceId.properties
| MD5 | 761fa52a48339f2c74db48b68fc1241d |
| SHA1 | 143b8f446ec1ccc33a8112c6cadc8b9d5a86d8cc |
| SHA256 | 45d0a4a648ad27d20989c518b34b1c5be624a9010a8244ff87aecff65023eaeb |
| SHA512 | f846cc08efb3e06b08dbef2e1b5c99ad70f6f681d42c91aebbdf29b21d5c96a324f5ebb1f41b892df333462c7f5e95f5687ee740d2ac34340dbc167008ecc3bf |
/data/data/labs.hands.fighter.twoplayers/files/BGEaUZrY
| MD5 | 1bfe97d63e85c55cb7b28e1dd825331f |
| SHA1 | f7ee48881ab70e4d5a9f043fafa185f7b7a359c1 |
| SHA256 | eaf53ec42af418007cbb036be1752784ad94bf6fe4cd56310e7ec4e0a80fc997 |
| SHA512 | 85767faf90c273bc863f4895a68dd79b88d1ce3520d0e79768f890704ae03c113f73680413ba43a9b613cbc5d41ba12c4e5c748b2007ef27037cce46fdb4de6e |
/data/data/labs.hands.fighter.twoplayers/files/TrPJFdsN
| MD5 | 851be5bff6e667c21994e7819091727b |
| SHA1 | c5b170ba568a23219296dcb19fa6789b55605d2e |
| SHA256 | 25e9fb0efb1b5642f5f9d5283f2942ad6be583cb4192665397e09561a61d190a |
| SHA512 | 8c672fa466ee4bbf972c3e1c7505def5ece707d47aeff99d83bb35ec56110d367b4149a26ddc53a267c7bcca358b5ef0643ac82ee498917c076f00d707b78093 |
/data/data/labs.hands.fighter.twoplayers/files/TrPJFdsN
| MD5 | 9e615f5cb63fad41d26d2407bb9592ea |
| SHA1 | c36dbb740f867705a23f771f0dadc80e74896969 |
| SHA256 | 7f481c53b6d70d5ef95d1032006d6e9c820241b9039186b1fab18d260ba6fdad |
| SHA512 | 3d50d849afb238b6413e5f0418407f381fb3b541ac25113b922ad2ac6432296837a7340d64caba90a31a74a74dbb1aa64641ed8bb11f69af9e9d726869479e7a |
/data/data/labs.hands.fighter.twoplayers/files/BGEaUZrY
| MD5 | 01af51f10781bee11de89ddc64675e43 |
| SHA1 | a2b4c7033f90d1ccc11ef51b6fbbc140a3df05e6 |
| SHA256 | cfe6c80f9b4e9a0814923bf1020ade7c90cdd35044ab41e063e635dfafe33578 |
| SHA512 | 212b3369f5db64545db4d7271cb21fcf2efdf416fb9710216c0c0554c96bd7055d52eff9ac7b061db7f5a83648b2615a716084c92e24093f7165649d43ecc069 |
/data/data/labs.hands.fighter.twoplayers/files/TrPJFdsN
| MD5 | 63f4bae8102cecfd2b7a3b69d079f5ba |
| SHA1 | 52da32f6f7b80d5eea086f578a1a483896f7853c |
| SHA256 | 8501ad8c9ef3d9178d8e626e5d4b2794c7c792b91cf2cde3ac52a9c58b7b0544 |
| SHA512 | 01d98a244f7b16def3c318218db774dbd96ce46046536085a88debfcee9fe54e64456e5f900615087f43e317a6ba8f73137156f88bf3303cc1283b599e1c56b0 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-11-02 11:16
Reported
2024-11-02 11:18
Platform
android-x64-arm64-20240624-en
Max time kernel
146s
Max time network
133s
Command Line
Signatures
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/labs.hands.fighter.twoplayers/files/8859ce64.dex | N/A | N/A |
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
labs.hands.fighter.twoplayers
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 172.217.16.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.14:443 | android.apis.google.com | tcp |
| GB | 142.250.200.14:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | digitalassetlinks.googleapis.com | udp |
| GB | 172.217.169.74:443 | digitalassetlinks.googleapis.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.180.8:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | one.cryptonomiconf.com | udp |
| FR | 45.80.215.153:80 | one.cryptonomiconf.com | tcp |
| GB | 142.250.187.196:443 | tcp | |
| GB | 142.250.187.196:443 | tcp |
Files
/data/user/0/labs.hands.fighter.twoplayers/files/8859ce64.dex
| MD5 | 0a5e2225a6428970a4098a52fa282935 |
| SHA1 | 6bbe63de4c745b36edf368f874005497a6ea4bec |
| SHA256 | 3423cca794e42d4daa815d066c3c795871acac7b460fda2d74012dd012af0a2f |
| SHA512 | 177abc6d51fa72a9dc1fc048405cd7d8ee3c125e74c85f17316f15ac8c865c604d03d5f560a2a8b844726d91bbef06304f6c9ccab11f94b59d715e338dc64af8 |
/data/user/0/labs.hands.fighter.twoplayers/files/8859ce64.dex
| MD5 | 7811081ed59f58e9488e0c4ca4de3a80 |
| SHA1 | 4172f3eca58f9b680cea6d58480f1248541a50d0 |
| SHA256 | 5eecd797092618e4a632c1bb074fe611a9a76f8ec0d3f3201d8d2d62c1ea4fcd |
| SHA512 | 77bee3f0ba12a1284fcbda37b741b0e1fd24d0f12ace2a95c7dac146034cd0a48ca5e4b2e497321b9de91242247de2c753fe135ae29980f4706cb741fe1ef340 |
/data/user/0/labs.hands.fighter.twoplayers/no_backup/com.google.InstanceId.properties
| MD5 | 15fb71ad5edee8a4941089aa51122418 |
| SHA1 | 2f66cb7b614577aa98c8fbd51ac9aa43485b3055 |
| SHA256 | e3371bd9e7014a622de970dd30812bdd96099ce8b66ea191cc324dca2d8335f7 |
| SHA512 | d6a8ff31e0a8457043c43ae9187032299bfab61f196469f462fd721d92ac5dbaa7a15785bf7ef9f0f501680f3b07c71815440a6a127a1a80d3953cdef887811d |
/data/user/0/labs.hands.fighter.twoplayers/files/BGEaUZrY
| MD5 | c391d118f0d5fdd7c12be06c775cc8d4 |
| SHA1 | 089e23516555474ab5a5449cde39d348a7c0aaf5 |
| SHA256 | 96d7715045b5cabf20156fa310ecc9bfbc8df1ac3b2c8016fff86aa0e459deb6 |
| SHA512 | 26c9b3c3f71f5510dd55078c57e24dd24fd6cc90cca25c61b14c8e6e465dd5c2bdfbd15f569f7ae5a6401a21436c71511f6797384657c31f1884a38e0e0ccdbb |
/data/user/0/labs.hands.fighter.twoplayers/files/TrPJFdsN
| MD5 | b5e757695315ddcf961f59a925590340 |
| SHA1 | 8e6d21f22aa6d2c8711d15bac85bab8bc1ea3690 |
| SHA256 | f21589baa9a645e6d09ca71bc9af463c5b6d77f1f72e0112979c4edccbe85767 |
| SHA512 | e622567fb0ed8172f99a172a4eaaa36ee17315f4688fbf0d8160cfcb2363f6511cc51651ac93a1c9701a5f974055a3054ddb97b99fd437afa42de2dab0f1bcc9 |
/data/user/0/labs.hands.fighter.twoplayers/files/TrPJFdsN
| MD5 | 4a2e34c571181db0880371eac5cf1731 |
| SHA1 | 53cf814c3a5e24e42d5ab11c3893a16157b18b37 |
| SHA256 | fbb5e4ac5d86a3ba0e99a17d803bd35a8547421d11f6b9b5782bd52333a576b1 |
| SHA512 | 60b8a142276990cf1eae25ee1b0156cf5521e4d22f32758e651066f189e01f444b12f95088bd2d3ae6c1b3af7f45b7a8c6949e0f507d8b8a2cd6e0e70cbf73a4 |
/data/user/0/labs.hands.fighter.twoplayers/files/BGEaUZrY
| MD5 | 83d5d61cf876f33dcf71c5b127c84a8b |
| SHA1 | ac66d9e0b7771576abdb370229fc3b1c3dc43e43 |
| SHA256 | 31faa4ece02f6d19a204c2d7a3cc814b48717016bad2cacf60fd44d07d8c2805 |
| SHA512 | 93806bc9e82b784c6b5c9e8e1d25b7b567cb25c11b89f0d343bea40092f788dc4323c7c055fcb0c4aa79645b399acf6d71b56292c3a538114b28e04a24d5efcb |
/data/user/0/labs.hands.fighter.twoplayers/files/TrPJFdsN
| MD5 | d40f21ae25c98e3bfab978cbd6efa6ce |
| SHA1 | 67398cf14d78ba3116fe3c3ab148bc48fab7fb6d |
| SHA256 | 6f54ccfd9d4d0c3904b8a9f45e79dcca1af0bc6fb30b07adcd20a8b5d6a54103 |
| SHA512 | 04a11eaee1f340205edac2b02229bc2d9c9460648953ee4f18c56439957114a499797a7813dc034515e8a14770d6c7a2a55629fa491813eb0fa239406067cf99 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-02 11:16
Reported
2024-11-02 11:18
Platform
android-x86-arm-20240624-en
Max time kernel
145s
Max time network
131s
Command Line
Signatures
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/labs.hands.fighter.twoplayers/files/8859ce64.dex | N/A | N/A |
| N/A | /data/user/0/labs.hands.fighter.twoplayers/files/8859ce64.dex | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
labs.hands.fighter.twoplayers
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/labs.hands.fighter.twoplayers/files/8859ce64.dex --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/labs.hands.fighter.twoplayers/files/oat/x86/8859ce64.odex --compiler-filter=quicken --class-loader-context=&
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | digitalassetlinks.googleapis.com | udp |
| GB | 172.217.169.42:443 | digitalassetlinks.googleapis.com | tcp |
| GB | 216.58.204.78:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.179.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | one.cryptonomiconf.com | udp |
| FR | 45.80.215.153:80 | one.cryptonomiconf.com | tcp |
| GB | 142.250.179.234:443 | digitalassetlinks.googleapis.com | tcp |
Files
/data/data/labs.hands.fighter.twoplayers/files/8859ce64.dex
| MD5 | 0a5e2225a6428970a4098a52fa282935 |
| SHA1 | 6bbe63de4c745b36edf368f874005497a6ea4bec |
| SHA256 | 3423cca794e42d4daa815d066c3c795871acac7b460fda2d74012dd012af0a2f |
| SHA512 | 177abc6d51fa72a9dc1fc048405cd7d8ee3c125e74c85f17316f15ac8c865c604d03d5f560a2a8b844726d91bbef06304f6c9ccab11f94b59d715e338dc64af8 |
/data/user/0/labs.hands.fighter.twoplayers/files/8859ce64.dex
| MD5 | 7811081ed59f58e9488e0c4ca4de3a80 |
| SHA1 | 4172f3eca58f9b680cea6d58480f1248541a50d0 |
| SHA256 | 5eecd797092618e4a632c1bb074fe611a9a76f8ec0d3f3201d8d2d62c1ea4fcd |
| SHA512 | 77bee3f0ba12a1284fcbda37b741b0e1fd24d0f12ace2a95c7dac146034cd0a48ca5e4b2e497321b9de91242247de2c753fe135ae29980f4706cb741fe1ef340 |
/data/data/labs.hands.fighter.twoplayers/no_backup/com.google.InstanceId.properties
| MD5 | 2b23d8c63158f74269a55d5d60f37206 |
| SHA1 | 400f44ecbcb3a13be44b6a03b9ca6cf7bc0e1b54 |
| SHA256 | d7cde2dcd3c9d9424e63de725ef8c7d1e233813ec99717876ba82b5f8d8223bb |
| SHA512 | 170a5833a130ea4300b415f16fbe7876b9a7e17b9b51d6f6e804e890b3d89fd97b70528ae061cf1902cadc616ccd7a5d4280a13ef874357306571556edd5dbc0 |
/data/data/labs.hands.fighter.twoplayers/files/BGEaUZrY
| MD5 | 295ff2a17dd578f0adfe6eb4a8100c85 |
| SHA1 | 83edb276589b00b198cbfaca7150f5d13244edea |
| SHA256 | 41adccc39d8344e7e79fd06ff812174323f5462aa0d88faee8ad7de07165476c |
| SHA512 | e4d370272ab1a341fb3f6d9a7706a205298e1d1608c842958cd267ff148a4be7c0813ce611b6a8dafdf867009cc03fc8856b6b96babe98a41e6c976284e4685b |
/data/data/labs.hands.fighter.twoplayers/files/TrPJFdsN
| MD5 | 4df3245f9c9bd428119de0c311e97217 |
| SHA1 | 0bce3f4c893bf62f1e88eab8f874def82f24494d |
| SHA256 | 0eb8ac5837b3a0cdb72dd4b1364ecbab72fe4feac6135aedcab1c61ac33d812c |
| SHA512 | 8a6d7ae492cf14c3432146aeda6837c509a2d887463f20386ad60a64766c85efbf8712dd44d8eadb99d6bc59681da73b265be351cf9794e0ddc837f72c24a632 |
/data/data/labs.hands.fighter.twoplayers/files/TrPJFdsN
| MD5 | da387fc6e3f601f303c435181d153ba3 |
| SHA1 | 132e79f402ef0475f431711711b870bf9436153a |
| SHA256 | 3fbc8e7ffb763fb829517d0b33b7578d8e32c8fc6547ea15e29c621866ec30d3 |
| SHA512 | 1f83e85c47f620698cd75768a656824a053df38f5ac4bea89d0f227f973b3201a42b7cc349d1af1349691ae26cd6be935a8e8c6f4a2060041567072258c9fb46 |
/data/data/labs.hands.fighter.twoplayers/files/BGEaUZrY
| MD5 | 19d5877d4640dbc765be52de6f1b1a34 |
| SHA1 | c12225e5f530507a565405c73e83b4ca30a17bfd |
| SHA256 | 11861eda041ba8d4cdb2a397760007e3a2f7cf69865e1eab4e5261e529276f1e |
| SHA512 | 72a24b88ac698d96f52c83746d573bcbaf1fd01c8d309fee85985056f24dacf96fb9f01465862fd399cdbb901f5c3f94c6d7e55427e53bc49dcc7cb245489926 |
/data/data/labs.hands.fighter.twoplayers/files/TrPJFdsN
| MD5 | 0a73d887e963c5b5f1ff34e0cfa2cfb8 |
| SHA1 | dcf37ff05315f46673ee3a2f6ecbf664523ea32b |
| SHA256 | 3eee83d3284195a39ca84e44b01fc4c4845662cf854ea3657edef3c483b628cd |
| SHA512 | cbb009a2560312006f3c2c5153830df2ca827a55ca98b5551a86e12f5204b7996acfcd7c4dbd5337827d90321ac0f725e2c7e4c444ee8df73680f5034e04a109 |