Malware Analysis Report

2025-05-28 18:45

Sample ID 241103-npp6yatcll
Target 8b4733a23fbf49a0e2e51648df5f1fa1_JaffaCakes118
SHA256 c92777162d08e056f6f26c21334e123e9eed66e7d1093ec45a28ffb427655479
Tags
collection credential_access discovery evasion impact persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

c92777162d08e056f6f26c21334e123e9eed66e7d1093ec45a28ffb427655479

Threat Level: Shows suspicious behavior

The file 8b4733a23fbf49a0e2e51648df5f1fa1_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

collection credential_access discovery evasion impact persistence

Loads dropped Dex/Jar

Obtains sensitive information copied to the device clipboard

Reads information about phone network operator.

Looks up external IP address via web service

Requests dangerous framework permissions

Acquires the wake lock

Queries information about active data network

Queries information about the current Wi-Fi connection

Queries the mobile country code (MCC)

Queries the unique device ID (IMEI, MEID, IMSI)

Uses Crypto APIs (Might try to encrypt user data)

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks memory information

Checks CPU information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-03 11:34

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-11-03 11:34

Reported

2024-11-03 11:37

Platform

android-x64-arm64-20240624-en

Max time kernel

131s

Max time network

138s

Command Line

com.as.ytb.a7

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.as.ytb.a7/dexCache/classes.dex N/A N/A
N/A /data/user/0/com.as.ytb.a7/dexCache/classes.dex N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A ipinfo.io N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.as.ytb.a7

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.206:443 tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp
US 1.1.1.1:53 m.youtube.com udp
GB 142.250.200.46:80 m.youtube.com tcp
GB 142.250.200.46:443 m.youtube.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.180.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 s.adslinkup.com udp
US 172.98.192.36:80 s.adslinkup.com tcp
US 1.1.1.1:53 s1.deepcups.com udp
US 52.34.198.229:80 s1.deepcups.com tcp
US 1.1.1.1:53 accounts.google.com udp
BE 64.233.184.84:443 accounts.google.com tcp
US 1.1.1.1:53 www.google.com udp
GB 216.58.204.68:443 www.google.com tcp
US 1.1.1.1:53 ipinfo.io udp
US 172.98.192.36:80 s.adslinkup.com tcp
US 34.117.59.81:80 ipinfo.io tcp
US 1.1.1.1:53 www.youtube.com udp
US 52.34.198.229:80 s1.deepcups.com tcp
US 1.1.1.1:53 play.google.com udp
GB 172.217.16.238:443 play.google.com tcp
US 1.1.1.1:53 gstatic.com udp
US 1.1.1.1:53 googleads.g.doubleclick.net udp
US 1.1.1.1:53 s.psserviceonline.com udp
GB 142.250.180.3:443 gstatic.com tcp
GB 172.217.16.238:443 play.google.com tcp
US 172.232.4.213:80 s.psserviceonline.com tcp
US 1.1.1.1:53 jnn-pa.googleapis.com udp
US 1.1.1.1:53 static.doubleclick.net udp
GB 142.250.179.230:443 static.doubleclick.net tcp
GB 142.250.187.228:443 tcp
GB 142.250.187.228:443 tcp

Files

/data/user/0/com.as.ytb.a7/dexCache/clde.zip

MD5 c5e95f065006412e1fce4950534688ff
SHA1 3e63d3a91dc6d43b344130f5394d99c78f89e203
SHA256 e6b674fe6603d0b1027c0ac173f2d40771958386a3741ce0cdccf2cacc3a7eb6
SHA512 6e6f635e6eff50359a18b6a89e80bb258e7f644bded3c537f7a74ee87ba31db24ce296d565b78d33c91a8179230acd97d09a6b6c2a7b98471b89889c83bb92c6

/data/user/0/com.as.ytb.a7/dexCache/classes.dex

MD5 1d55cae517be1f69da2dec1347b21f20
SHA1 e75d4cbdf2608bae5ed34dfee93ca7b76e9e5b29
SHA256 fdb0ff8e617b44275d17d7198356363c499a10268d4208d6be01c7f9032353e9
SHA512 a6615c74345a2d33e261a631a96f7dff55cd3ab47a62990fc7177030fa4d3f28166ac65f3d0e781051af51979ae73e54eca2ad28af625c285890b2829e385e0c

/data/user/0/com.as.ytb.a7/dexCache/classes_dex_digest

MD5 36dee462c0ea21a278041691e272bb50
SHA1 32e5419759054b113ee6a8a93885693f148c0673
SHA256 7de597c28a059bcd6d1ebd980e80747a8c101db43399c5f32b52ad327ef023ab
SHA512 bf252ebf6c49f11451ff89ae07aa26cec1b61f3e7c87b21e25a4c23a86f7bb8163772a89cba5e94b5f73c45209b39c43ce44e492e357783d1cb36604516e36fd

/data/user/0/com.as.ytb.a7/databases/downloads.db-journal

MD5 ad47aa229e85e9ab50a4ae717a03f6cf
SHA1 860dc9bd00466ec460e553a0b7abfc85aac8f2d3
SHA256 e1333b143504eeaec64b53f3ce3eccc33806c953711b125664f366ab6e7658d9
SHA512 a25dda81cfc15d26c648d642701f8b09cdf700e70a05935ea648b3fd16ef2e3384e6786935f96b68a5eb235bf49aec7cc574dd76094d074ab004d9a9f472bc6d

/data/user/0/com.as.ytb.a7/databases/downloads.db

MD5 e95e76b9377b4bf34a9dc607e9472371
SHA1 76d88475825f7301dfc441e0345068578ba8921c
SHA256 f404112c264832c1a77b3c2d08733812fd5aea0db732bfba90ccd77cd7c3c0be
SHA512 c9bbf6d447e85d1d49b44cf71e63160ed278b4c4792f9b2897fce99ce654fe8028d47bbf3b805d6a49aa7714075c706dd6a509f5c9dbd74bc788bc710bac1563

/data/user/0/com.as.ytb.a7/databases/downloads.db-journal

MD5 47a00512cc05bdadcbdd482507603be0
SHA1 e9671f39994d2d5d4376b2dfa79ffb68e1eae165
SHA256 341d5be6814a0b96f5f09e409e0b51fe55ec87e410f124c37759a0bb7b308b20
SHA512 53393b80bf960811072b9dbc0e3fe0f44b874e098aa0bd7157ebd0e03d1aa911535f89b24303ee39918c72c14851d2cf63c21301d48eeedba645460b728bbe33

/data/user/0/com.as.ytb.a7/databases/downloads.db-journal

MD5 024c2de7da24eb0c702aa492d42efb98
SHA1 066fd422c33e5b2392d6cc3f7008125434db53e9
SHA256 eac3716201a3a980ab787980fd28e50ab48d1a92b32615b0d03e97fc3206eae5
SHA512 c5a1a7f8a2cb585ee39c0b8f57cfb8be35f8ab66fe48775e65591d3679139d6cf7ef081ee427fd3c15e4b7014d289b169cd38d3c35fcadc1fb5d6c960af62ade

/data/user/0/com.as.ytb.a7/databases/aqad.db-journal

MD5 ebef9a50188c38d960255cd24c73ad9a
SHA1 5122579226d2bab03c5ba3c03333f889056132b0
SHA256 54fd4ec09b4f535aaa418dbd0e371197269a1702595b59b131ff9304b95fb162
SHA512 a6258c447b3d24ae469be7b0179903b4b157228d5c05e66765b18198ae525ef038a6733cf212ce6888a43e8915452f34466ce59ea418cc1310b7694927a65351

/data/user/0/com.as.ytb.a7/databases/aqad.db

MD5 7372ad55fc3252d4dc0a8f99fb598af0
SHA1 7a06c99334c9edbba0dc796688c7c302a858c891
SHA256 08d6c6aa811c382d2cfb9adebf251af3c5743c93e327dc83426f16cbe963bcfd
SHA512 6abab36ae8206ce4268bc636f3e44ed6427ef7a0f06c4ab88b725b3506ec90ae4567bbddf60e16a3254d91afaadacc656f96af72d76bf1d892a0ee904409ef06

/data/user/0/com.as.ytb.a7/databases/aqad.db-journal

MD5 26337696f798f4128c366fea49a05867
SHA1 6c00850b6e68ee368f26660256f57fb712185451
SHA256 e771a5cffe88d481779f148e1f243e9979781c21f9863b4ad7784d420e5252c4
SHA512 7e5a197af649e688c6c117e26e0faece97a305c5056b6e0c2873e029f2892fa48adc322357abec59c4ef7d34dcb2852a497f0e7a07da7ed4c7a429cce0652baa

/data/user/0/com.as.ytb.a7/databases/aqad.db-journal

MD5 5ee825980d65404155bd2010a7cb018b
SHA1 4391836d3e22b3e6b54b1b46439f29398507f765
SHA256 96e397b55eeb3e213fe42d03136bc43ed237decc15e360ef37f4fa0f6feac05b
SHA512 b24a311a9dce335418f47e31fe890ed066413011d0182701a224da98a1526ef96a24061bafbd1ce36564ac279911f5e9c7c779fc721fc54ef56a751d66adc254

/data/user/0/com.as.ytb.a7/databases/aqplay_downloads.db-journal

MD5 501ccae3fe70483c424629af70d8d49f
SHA1 bc958e12ba3fd4940c9d330b8559a3c57d5b4dcb
SHA256 e5547981c75f76ad34643213e2857f51892bb74574562e97c437a417a7857360
SHA512 ea06b10cfbff101251fab2336ee2d2ce82000c736a9b506d8d919a2f795e8723818db38bec36344984145420f464e09c4fcd1444ea9b071495f784abdd57266f

/data/user/0/com.as.ytb.a7/databases/aqplay_downloads.db

MD5 861ac5e942dc0f8748a1da369b3e7802
SHA1 13f923369b16419d9068cab7891de59229b385f5
SHA256 a71e3ad99284b2ccee594b41ccacd3b43d5df19679973875e1194305f8ad56b4
SHA512 1b3e0ec99fd42398c55c14c84c181f16df1967a62c26895a411eda4481f11dd1c1d598d566084d3f241f26d561221a45c5ae96c812353141b7157e818ad8eab9

/data/user/0/com.as.ytb.a7/databases/aqplay_downloads.db-journal

MD5 30b245859a534368b6a97697c92971d6
SHA1 0d3ab202721f702928f4ae03ce5c56e0cc9886de
SHA256 b915fc256a89b50cc1700656b119967b0dabb049f8b81f590d70899209c09b6c
SHA512 c2532e6033939084d1c80542ef5487a64f64864635727a51c5be4673e6e449746576ea891cc066f7f6f9f9697fae0b51b7acb4accac33d6eb2030771b257b239

/data/user/0/com.as.ytb.a7/databases/aqplay_downloads.db-journal

MD5 b3bc4e6538ecaeae88464781a5cf2a89
SHA1 1f8a134ca218c1e398b7167fc1668997ae788a77
SHA256 d93eb5785a9648e0509f7b523e91e7fdea712777792c50f10943c7bae4f1e916
SHA512 7f54d1c88315a94a75e706644f59bb0b6f693c5f314b7c62fb9c7f9831f540532c0225782284c246e311b6084d5c95a8aa0e91ec44049db1009f89b37fafdc34

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-03 11:34

Reported

2024-11-03 11:37

Platform

android-x86-arm-20240624-en

Max time kernel

148s

Max time network

133s

Command Line

com.as.ytb.a7

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.as.ytb.a7/dexCache/classes.dex N/A N/A
N/A /data/user/0/com.as.ytb.a7/dexCache/classes.dex N/A N/A
N/A /data/user/0/com.as.ytb.a7/dexCache/classes.dex N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A ipinfo.io N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.as.ytb.a7

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.as.ytb.a7/dexCache/classes.dex --output-vdex-fd=133 --oat-fd=134 --oat-location=/data/user/0/com.as.ytb.a7/dexCache/oat/x86/classes.odex --compiler-filter=quicken --class-loader-context=&

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 m.youtube.com udp
GB 172.217.16.238:80 m.youtube.com tcp
GB 172.217.16.238:443 m.youtube.com tcp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 www.google.com udp
GB 64.233.166.84:443 accounts.google.com tcp
GB 216.58.212.196:443 www.google.com tcp
US 1.1.1.1:53 s.adslinkup.com udp
NL 95.211.75.10:80 s.adslinkup.com tcp
US 1.1.1.1:53 www.youtube.com udp
US 1.1.1.1:53 gstatic.com udp
GB 142.250.200.35:443 gstatic.com tcp
US 1.1.1.1:53 googleads.g.doubleclick.net udp
GB 216.58.212.226:443 googleads.g.doubleclick.net tcp
US 1.1.1.1:53 play.google.com udp
GB 216.58.201.110:443 play.google.com tcp
US 1.1.1.1:53 s1.deepcups.com udp
GB 216.58.201.110:443 play.google.com tcp
US 52.34.198.229:80 s1.deepcups.com tcp
US 1.1.1.1:53 jnn-pa.googleapis.com udp
US 1.1.1.1:53 static.doubleclick.net udp
GB 172.217.169.42:443 jnn-pa.googleapis.com tcp
GB 142.250.187.198:443 static.doubleclick.net tcp
US 1.1.1.1:53 ipinfo.io udp
NL 95.211.75.10:80 s.adslinkup.com tcp
US 34.117.59.81:80 ipinfo.io tcp
US 52.34.198.229:80 s1.deepcups.com tcp
US 1.1.1.1:53 s.psserviceonline.com udp
US 172.232.4.213:80 s.psserviceonline.com tcp
GB 216.58.204.78:443 www.youtube.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp
GB 142.250.179.234:443 jnn-pa.googleapis.com tcp

Files

/data/data/com.as.ytb.a7/dexCache/clde.zip

MD5 c5e95f065006412e1fce4950534688ff
SHA1 3e63d3a91dc6d43b344130f5394d99c78f89e203
SHA256 e6b674fe6603d0b1027c0ac173f2d40771958386a3741ce0cdccf2cacc3a7eb6
SHA512 6e6f635e6eff50359a18b6a89e80bb258e7f644bded3c537f7a74ee87ba31db24ce296d565b78d33c91a8179230acd97d09a6b6c2a7b98471b89889c83bb92c6

/data/data/com.as.ytb.a7/databases/downloads.db-journal

MD5 f745f2bc06aedda9fd2047022f94f659
SHA1 b5f86742e8950bfd98b5f8bb70af13cdfa759b71
SHA256 c04e32c33b44b26be74b2745da231be7a1eb4e4e7ba70829b77404810a7b23cb
SHA512 836147395be360c4dbb7541e0b144b5ae994ff5f9643b0f30b7327f7a142ab6e27e2fdea10f7d07b2f5acee039ecaeef2f307c77db2f1ed09652f7cd579354dc

/data/data/com.as.ytb.a7/databases/downloads.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.as.ytb.a7/databases/downloads.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.as.ytb.a7/databases/downloads.db-wal

MD5 d5fa18ed8fcc35f2d76d2f62094e2714
SHA1 643b5ca190c1407427b8aca0fa9ce6a89df0bb35
SHA256 4ff947fac7423c403f218cc43ffdb85b166dc24868cbf5599ef2158e156d64fb
SHA512 98d0feb629f5e072a78b5eccb4cbf66dad11e6dbe5fb9dcff0fd81defe626bebf8aa42ba4d84e4ac5988144c857d195383d19faa5461a304ec7c16855e6c207f

/data/data/com.as.ytb.a7/dexCache/classes.dex

MD5 1d55cae517be1f69da2dec1347b21f20
SHA1 e75d4cbdf2608bae5ed34dfee93ca7b76e9e5b29
SHA256 fdb0ff8e617b44275d17d7198356363c499a10268d4208d6be01c7f9032353e9
SHA512 a6615c74345a2d33e261a631a96f7dff55cd3ab47a62990fc7177030fa4d3f28166ac65f3d0e781051af51979ae73e54eca2ad28af625c285890b2829e385e0c

/data/data/com.as.ytb.a7/dexCache/classes_dex_digest

MD5 36dee462c0ea21a278041691e272bb50
SHA1 32e5419759054b113ee6a8a93885693f148c0673
SHA256 7de597c28a059bcd6d1ebd980e80747a8c101db43399c5f32b52ad327ef023ab
SHA512 bf252ebf6c49f11451ff89ae07aa26cec1b61f3e7c87b21e25a4c23a86f7bb8163772a89cba5e94b5f73c45209b39c43ce44e492e357783d1cb36604516e36fd

/data/data/com.as.ytb.a7/databases/aqad.db-journal

MD5 fe2cc2babb2bdd775f9c3f39726166d9
SHA1 937cbad9c7968ff8e671ff0663c731f966bdf853
SHA256 bbc11d3835215f0d2cd6b18e0eeeb05efe720635e650082f36c3610e9f1262f7
SHA512 c7a5d5a5f102045a395c998c1fc6c0e6a57522e48b88c37e25d454371ac38acc0829d9bf9cd601daaee01ab4f2c1f593e92a8d63ba5b450bff568d95ca878e5e

/data/data/com.as.ytb.a7/databases/aqad.db-wal

MD5 21591bab88a04dbebeb3f45dcb8ba36a
SHA1 25ef3eeb3c9bd4f1f574ad49316f3a6aacbc1b5e
SHA256 7bc52f93506a4a85aacaf5a59761c5508afc36549464ed56d801a15003634d93
SHA512 0423e916eedb36f81bc837407f2686d99e1e7ed7ff103b90ed4be4144f2a1f95a9b6b0078809391274519f6fbedcb3db5f5e748aec34ed683d483773997eadd7

/data/data/com.as.ytb.a7/databases/aqplay_downloads.db-journal

MD5 1fabe231b0b345ee1684ffcb8a1aa5da
SHA1 bc15cdc7e8b70ea364ae6ff3bdf633df50995f20
SHA256 58761165cc78067cbb4bb6b6377f504f2d9ae6ad36b88fc55cd0affd1cf154d0
SHA512 115ad745b16f040841e2f3f70b63bab931dcbdd0908a2d2f59eabce2beda789d76f9c8e812ed8c6628643337b2e20e9345caff0aa46820992b0a29388a2623c0

/data/data/com.as.ytb.a7/databases/aqplay_downloads.db-wal

MD5 b7899e65f55747b2417c250e511fbb44
SHA1 9d925334b4db405606cb04753438569d67e74423
SHA256 d13a1124c0523e40049f8a23cfeb78218811fd2b566f83ac0bdeb31c019219ed
SHA512 e738bc5591f331c2d0425403338deebcd2a36dac609e822a036b8db6dfbe2b4a01312a1913b31dae3462e4cb32fc9db1ae97ca507252da685345c6098e2558cf

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-03 11:34

Reported

2024-11-03 11:37

Platform

android-x64-20240624-en

Max time kernel

147s

Max time network

156s

Command Line

com.as.ytb.a7

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.as.ytb.a7/dexCache/classes.dex N/A N/A
N/A /data/user/0/com.as.ytb.a7/dexCache/classes.dex N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A ipinfo.io N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.as.ytb.a7

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 m.youtube.com udp
GB 142.250.178.14:80 m.youtube.com tcp
GB 142.250.178.14:443 m.youtube.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.178.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 safebrowsing.googleapis.com udp
GB 142.250.187.202:443 safebrowsing.googleapis.com tcp
US 1.1.1.1:53 s.adslinkup.com udp
NL 95.211.75.10:80 s.adslinkup.com tcp
US 1.1.1.1:53 accounts.google.com udp
GB 64.233.166.84:443 accounts.google.com tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
US 1.1.1.1:53 www.youtube.com udp
US 1.1.1.1:53 gstatic.com udp
US 1.1.1.1:53 googleads.g.doubleclick.net udp
GB 142.250.180.3:443 gstatic.com tcp
GB 142.250.178.2:443 googleads.g.doubleclick.net tcp
US 1.1.1.1:53 play.google.com udp
GB 216.58.204.78:443 play.google.com tcp
GB 216.58.204.78:443 play.google.com tcp
US 1.1.1.1:53 jnn-pa.googleapis.com udp
GB 172.217.16.234:443 jnn-pa.googleapis.com tcp
US 1.1.1.1:53 static.doubleclick.net udp
GB 142.250.179.230:443 static.doubleclick.net tcp
US 1.1.1.1:53 s1.deepcups.com udp
US 52.34.198.229:80 s1.deepcups.com tcp
US 1.1.1.1:53 ipinfo.io udp
NL 95.211.75.10:80 s.adslinkup.com tcp
US 34.117.59.81:80 ipinfo.io tcp
US 52.34.198.229:80 s1.deepcups.com tcp
US 1.1.1.1:53 s.psserviceonline.com udp
US 172.232.4.213:80 s.psserviceonline.com tcp
GB 142.250.200.46:443 www.youtube.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.169.46:443 android.apis.google.com tcp
GB 142.250.200.10:443 jnn-pa.googleapis.com tcp
GB 142.250.187.228:443 tcp
GB 142.250.187.228:443 tcp
GB 216.58.213.14:443 www.youtube.com tcp
GB 142.250.178.2:443 googleads.g.doubleclick.net tcp

Files

/data/data/com.as.ytb.a7/dexCache/clde.zip

MD5 c5e95f065006412e1fce4950534688ff
SHA1 3e63d3a91dc6d43b344130f5394d99c78f89e203
SHA256 e6b674fe6603d0b1027c0ac173f2d40771958386a3741ce0cdccf2cacc3a7eb6
SHA512 6e6f635e6eff50359a18b6a89e80bb258e7f644bded3c537f7a74ee87ba31db24ce296d565b78d33c91a8179230acd97d09a6b6c2a7b98471b89889c83bb92c6

/data/data/com.as.ytb.a7/dexCache/classes.dex

MD5 1d55cae517be1f69da2dec1347b21f20
SHA1 e75d4cbdf2608bae5ed34dfee93ca7b76e9e5b29
SHA256 fdb0ff8e617b44275d17d7198356363c499a10268d4208d6be01c7f9032353e9
SHA512 a6615c74345a2d33e261a631a96f7dff55cd3ab47a62990fc7177030fa4d3f28166ac65f3d0e781051af51979ae73e54eca2ad28af625c285890b2829e385e0c

/data/data/com.as.ytb.a7/dexCache/classes_dex_digest

MD5 36dee462c0ea21a278041691e272bb50
SHA1 32e5419759054b113ee6a8a93885693f148c0673
SHA256 7de597c28a059bcd6d1ebd980e80747a8c101db43399c5f32b52ad327ef023ab
SHA512 bf252ebf6c49f11451ff89ae07aa26cec1b61f3e7c87b21e25a4c23a86f7bb8163772a89cba5e94b5f73c45209b39c43ce44e492e357783d1cb36604516e36fd

/data/data/com.as.ytb.a7/databases/downloads.db-journal

MD5 d4b957c680846bd1b684e111a601afc1
SHA1 e34227fea6894c4f1346882b39da72c0cf303035
SHA256 f6c4870a9359c84523db11b1ae29c53bddf23aa93e5e6ee68ff960cf5987dd19
SHA512 d90e2a08d0e1b6ea80b6e9c0df6d0b54827040a48a80443a25c411be438407e673177504f022a33260033f74ff70dc6a27da4a86da31f53f6ba984577dfd2d5c

/data/data/com.as.ytb.a7/databases/downloads.db

MD5 08fc24ae27ee94c6f746b3178d9b6fb0
SHA1 ebd2129791479a48d1c9591c850f22ef940dbc7c
SHA256 3beada60bdd817274ec656692b9a8564957acfc3b92b5d3afaad873f80adcad2
SHA512 3ea6d418be35cb50916c08823d4183f1dbb16bb7c41706379e8d8fe877c10c74004dfdde7ed6393f50c253f7793e215f35a6f7d4104927416efc9190975e7d33

/data/data/com.as.ytb.a7/databases/downloads.db-journal

MD5 4c0eb0a9b3145cc51f6116e237f67d0e
SHA1 df6db421fc5d010401851b9145471608f1fcc88c
SHA256 73c0efbe9052baaabce472a1539d1ca69babe8f2e09fdfe472afa1b992a5b084
SHA512 c7d92c4f56278f4142f50cdbe84db1c29fe8d08c9254bfd7868cc0796d9f3da91475a503d3dd91dfc82990b470272485783176c2c88ad09f88fea457526c8ede

/data/data/com.as.ytb.a7/databases/downloads.db-journal

MD5 9c42c9333488d8d2eb236f8900ffeb74
SHA1 23f0bdfde977a607d5dee8bc9cd151e2741604a6
SHA256 5d79751bc55ac7b30b79a488173b23bbe32c30bde1571afd02ed7748c43bc13b
SHA512 9e8dcd5b84e943da694bd49b09d705e918475ab25fe7678991dd9affb461ed8fdf13eac3987a2635fa6872bebd7adf27ad033d9cec8ee8ca42e2f4d5441d4738

/data/data/com.as.ytb.a7/databases/aqad.db-journal

MD5 385e6dfee9cf0cb3979441e1346fba6e
SHA1 f8dc00e3c1719dcea65c2fdf8173fb128386e918
SHA256 692fa63e06a5ec15785fe3b3f08de410c96785e11f8914fc3362b11d9d2869b7
SHA512 a319288642857c20aaad4596282f46f132f28712f472cb138acb7d1c5835f865c032ace9ea5742f88aebb1d6213f3ee21ab29f4c81c3fb6a54f6c38e71c950f4

/data/data/com.as.ytb.a7/databases/aqad.db

MD5 042da595c1b281d8665efe7d8023c92d
SHA1 c3b3f6a9e1a8e07665bd2adc535d3b6049d535d7
SHA256 5e1adddc1a53b9e7458bff0207e3ad5e247d6e54415732fd36070859f748611d
SHA512 c0cf142e976f69c5d6a1c7cfb179ab8c01a123b6544c802dfdf9d053ff4153d317bf25c2a6f19244fbd452eafbad285a6e8c86bbc708f49ea7a9d3a346acb6c4

/data/data/com.as.ytb.a7/databases/aqad.db-journal

MD5 d3cd551a00fe6da9ead846c098af3fa4
SHA1 581eb6679134627ac607d05e21321c9b39f50251
SHA256 d7ca239236ed838426aea69f23210310e99d0d575adccac3a7e63e688ee91974
SHA512 e23bd38fedd200dbbf2d865395e23a3e20239e85fd321563111b528ccc37efb5296749861d89cd792890497773fd24137dc12a742a5148dd9d97deacf709fa33

/data/data/com.as.ytb.a7/databases/aqad.db-journal

MD5 cdcc62b884004d54fd5c3d753642355f
SHA1 4091ff307fc3f2a35c7c43bff39f055e266d8223
SHA256 9117782aad617003e2d3c8e05ffc6e77a6429027d44729aa1d4f6d24085270c0
SHA512 67bf3fc3695dd1483a5cebbe1eb24998a3ece155b84bfc664971886f1923d5fbccbd04e825d4564ecd4f8648288601e99e2a45412bde4ede56ffeb0c65186e4c

/data/data/com.as.ytb.a7/databases/aqplay_downloads.db-journal

MD5 bee4051f7cc273d1fbe34cfd45e80aa1
SHA1 e852b65aaf40d946d048b397c6f96598657026c7
SHA256 071c24d3f1e79550f832a7197ebf61b0edafb0b5d9a868675db8b70ebb4fcfd6
SHA512 509dd9c4aeabd0864c37fc8bd939f8bc93213c2058c689bad4827b32b9f81e3ea272efa23bfd1a49a136b6614e9351a92fc43c2d4b1652e3961c6b83bb2fc1f0

/data/data/com.as.ytb.a7/databases/aqplay_downloads.db

MD5 ddb602583fd836b25f26fbbe4188f4bd
SHA1 d7cdd3ec9f464313dabaa49da87715667a1d7b32
SHA256 536a89450c4de446cffa3c4ab0e72e85742fad3f18984c56da483bb63f1ead7a
SHA512 84af37540e36e56d0a32378de4c96dc1478aac4aaca668f295766d5d0d0fcb17ea216cdc3f97c98ac412cbac7a32575c5d0015ea345890d7bd85186a5cedd8f8

/data/data/com.as.ytb.a7/databases/aqplay_downloads.db-journal

MD5 52446dca45b001c5cdd4d51c63153a62
SHA1 bdfb64159cad3e006dbc2ec2b07b339b43f1c9bb
SHA256 f7babcaf388f6f9bc0ee6d0599fc7b5d34fa1cc367ed852be180451f61ce0a00
SHA512 1f43f9a5b64a4e9cffd9bdea50ecabcb8a3bc6c679673b1407f23550991cb5a7b9a1fe3fe94f553dcd11d2ec1b6e75116cb51f80b94137bf5f15458a072dbd07

/data/data/com.as.ytb.a7/databases/aqplay_downloads.db-journal

MD5 ced01da2363f2992dea7eb9eb7763e5c
SHA1 8a9c70157c59c7119aa2dad44761f82d45fc3041
SHA256 c9025138d3798e820acff54ba5a3d0a001d9be077fa085d9df1dd9e69ea6477f
SHA512 b56f957408594873b1988daf064ea9685ab3d6a5c4f20d79f6c15466119fc68e0f0ea225056f3477d8da7c2dfae70dc6c32a4898022dde128186280ec1ad53af