Analysis Overview
SHA256
1cc96f7d5cd62fb138aedd9266ac9f58e12852df0d439a4c9e49c4446fc0011c
Threat Level: Shows suspicious behavior
The file 8d001248c61ba5e22f6bb73769db95c5_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Reads the content of SMS inbox messages.
Requests dangerous framework permissions
Queries information about active data network
Registers a broadcast receiver at runtime (usually for listening for system events)
Uses Crypto APIs (Might try to encrypt user data)
Checks CPU information
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-03 18:57
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-03 18:57
Reported
2024-11-03 19:00
Platform
android-x86-arm-20240624-en
Max time kernel
12s
Max time network
127s
Command Line
Signatures
Reads the content of SMS inbox messages.
| Description | Indicator | Process | Target |
| URI accessed for read | content://sms/inbox | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Processes
com.txy.wzd
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | mmys-cps.ywpod.com | udp |
| US | 1.1.1.1:53 | dynamic.ywlto.com | udp |
| GB | 216.58.201.110:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.46:443 | android.apis.google.com | tcp |
Files
/data/data/com.txy.wzd/databases/sy_video-journal
| MD5 | 5fdb3ed671155af1fb0903b88c737d27 |
| SHA1 | 317b765c6d763f092d5be99fea6ef1896d4f3614 |
| SHA256 | bf02bf2ee383bd7e9d2816fc0274bd47d80d02a09c947d308c31cf786612f8ee |
| SHA512 | 54fb42a5fd171b684cbf0ef767402c21a6c4df9e4a3466e9909750e30d350ea724a199176ca18555a7268b6dc2e4112883177da6e22cd826f34aafe299f71124 |
/data/data/com.txy.wzd/databases/sy_video
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/com.txy.wzd/databases/sy_video-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/com.txy.wzd/databases/sy_video-wal
| MD5 | 8fc2b0972e5ec286759e084ea0037d07 |
| SHA1 | e236d8e075c7e600044a1ef1bca949a3c2bc4b30 |
| SHA256 | b625e641f5c406902dbef0e22223b510f85cc2b992c5fc8e299443068ca64cc0 |
| SHA512 | 99862713aec735042ff1a95cca85aead8b7b0cd8e4a7cbcd79e7d7320007a6de8f56d5b5dd7e51e9f946f57149933603e09c5c9a85231fc897188149bea17bd2 |
/data/data/com.txy.wzd/databases/sy_video_data_cache-journal
| MD5 | 5cd1ff508442e01dbbb631bfb6e95fa3 |
| SHA1 | bf1eef4361b28c7ad59f740ddf0d556de81f7013 |
| SHA256 | 97e86d9611c33cf6a8ddd10b8b6f8c4c13a8d0ad3c8504068cafe0ba57c00106 |
| SHA512 | 87db18d1c6832ccec3e733ea511b6e360bd727e8808a58ff082b9b806325767186f51562f8be9963ea5cca628abf8c696aaf3082100fbf28e14e739f6eb842e3 |
/data/data/com.txy.wzd/databases/sy_video_data_cache-wal
| MD5 | 9f1ffb4af3fed4c05e29d3832a96b96f |
| SHA1 | a51eb131241b82e9671545325b9413c7488f9d11 |
| SHA256 | 312583651e12bcd999bacdef6d4c421958dfdcc7e15a14b334d381a7b42819b6 |
| SHA512 | 8bcec405c1a8278f284b1a4f75f487c43ae26526fa172d1bc781cab5b2cbac469228405aa517421eba9a387d69307de89861873c1d7fb490edfad2e80d8aa840 |
/data/data/com.txy.wzd/databases/sy_pay_record-journal
| MD5 | 32a5bbd4e4317c4a7df26579e4453f15 |
| SHA1 | 7392da0a2c902e05e9c91df48d1b085d0c40beba |
| SHA256 | ec85c3baf0c5bb9aaa0655ccd28a3bfbce4530fd3dde354c7e6ac9d496d029d3 |
| SHA512 | 3c8385b94e565a37a2748685a0a1e6929d1a3b23a3243f0b2f9bd3e42a9fa4196ec9f820016ded77464477df09c6deb98d97381c50ad0d61698da00cb99b4c47 |
/data/data/com.txy.wzd/databases/sy_pay_record
| MD5 | 67e66fe8d345887182882b21bf41cdab |
| SHA1 | a29d5e34b2fccbdb9b2fe2b2c1fc885b93f97682 |
| SHA256 | 6d5234cc20aeaed7da9bd6a78c9e8df32c09c7f6f30eb453ffffbf8c36e8b3e3 |
| SHA512 | d654c7cef20826e4aff855c9373fd0f7f0815370a0b8c69ab561186b0b6e0df1aa459b421d13ee815b9178b8639b1ee68dbf67a9f7d6c57ef69964fb3c4a420d |
/data/data/com.txy.wzd/databases/sy_pay_record-wal
| MD5 | eb11c233de92bc55ce53d6805ed66a49 |
| SHA1 | 415cd277561b80b4eb350c4c28410ffdb1c83413 |
| SHA256 | 1e5592549ded513e883fcf62eddcb7d03a19c98aac486f91cb2956c7e35ed246 |
| SHA512 | 4f6e23c1158ca7f53fe487e5ce368b9cb7f3cc3cdf68433e397eadc75f2a98b768e31e171a06f241dc92531f8fe4f6d0d507f41ed39b4e76209892e11219400c |