Malware Analysis Report

2025-05-06 01:31

Sample ID 241103-xmb1zazrfy
Target 8d001248c61ba5e22f6bb73769db95c5_JaffaCakes118
SHA256 1cc96f7d5cd62fb138aedd9266ac9f58e12852df0d439a4c9e49c4446fc0011c
Tags
collection discovery impact persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

1cc96f7d5cd62fb138aedd9266ac9f58e12852df0d439a4c9e49c4446fc0011c

Threat Level: Shows suspicious behavior

The file 8d001248c61ba5e22f6bb73769db95c5_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

collection discovery impact persistence

Reads the content of SMS inbox messages.

Requests dangerous framework permissions

Queries information about active data network

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

Checks CPU information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-03 18:57

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-03 18:57

Reported

2024-11-03 19:00

Platform

android-x86-arm-20240624-en

Max time kernel

12s

Max time network

127s

Command Line

com.txy.wzd

Signatures

Reads the content of SMS inbox messages.

collection
Description Indicator Process Target
URI accessed for read content://sms/inbox N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Processes

com.txy.wzd

Network

Country Destination Domain Proto
US 1.1.1.1:53 mmys-cps.ywpod.com udp
US 1.1.1.1:53 dynamic.ywlto.com udp
GB 216.58.201.110:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp

Files

/data/data/com.txy.wzd/databases/sy_video-journal

MD5 5fdb3ed671155af1fb0903b88c737d27
SHA1 317b765c6d763f092d5be99fea6ef1896d4f3614
SHA256 bf02bf2ee383bd7e9d2816fc0274bd47d80d02a09c947d308c31cf786612f8ee
SHA512 54fb42a5fd171b684cbf0ef767402c21a6c4df9e4a3466e9909750e30d350ea724a199176ca18555a7268b6dc2e4112883177da6e22cd826f34aafe299f71124

/data/data/com.txy.wzd/databases/sy_video

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.txy.wzd/databases/sy_video-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.txy.wzd/databases/sy_video-wal

MD5 8fc2b0972e5ec286759e084ea0037d07
SHA1 e236d8e075c7e600044a1ef1bca949a3c2bc4b30
SHA256 b625e641f5c406902dbef0e22223b510f85cc2b992c5fc8e299443068ca64cc0
SHA512 99862713aec735042ff1a95cca85aead8b7b0cd8e4a7cbcd79e7d7320007a6de8f56d5b5dd7e51e9f946f57149933603e09c5c9a85231fc897188149bea17bd2

/data/data/com.txy.wzd/databases/sy_video_data_cache-journal

MD5 5cd1ff508442e01dbbb631bfb6e95fa3
SHA1 bf1eef4361b28c7ad59f740ddf0d556de81f7013
SHA256 97e86d9611c33cf6a8ddd10b8b6f8c4c13a8d0ad3c8504068cafe0ba57c00106
SHA512 87db18d1c6832ccec3e733ea511b6e360bd727e8808a58ff082b9b806325767186f51562f8be9963ea5cca628abf8c696aaf3082100fbf28e14e739f6eb842e3

/data/data/com.txy.wzd/databases/sy_video_data_cache-wal

MD5 9f1ffb4af3fed4c05e29d3832a96b96f
SHA1 a51eb131241b82e9671545325b9413c7488f9d11
SHA256 312583651e12bcd999bacdef6d4c421958dfdcc7e15a14b334d381a7b42819b6
SHA512 8bcec405c1a8278f284b1a4f75f487c43ae26526fa172d1bc781cab5b2cbac469228405aa517421eba9a387d69307de89861873c1d7fb490edfad2e80d8aa840

/data/data/com.txy.wzd/databases/sy_pay_record-journal

MD5 32a5bbd4e4317c4a7df26579e4453f15
SHA1 7392da0a2c902e05e9c91df48d1b085d0c40beba
SHA256 ec85c3baf0c5bb9aaa0655ccd28a3bfbce4530fd3dde354c7e6ac9d496d029d3
SHA512 3c8385b94e565a37a2748685a0a1e6929d1a3b23a3243f0b2f9bd3e42a9fa4196ec9f820016ded77464477df09c6deb98d97381c50ad0d61698da00cb99b4c47

/data/data/com.txy.wzd/databases/sy_pay_record

MD5 67e66fe8d345887182882b21bf41cdab
SHA1 a29d5e34b2fccbdb9b2fe2b2c1fc885b93f97682
SHA256 6d5234cc20aeaed7da9bd6a78c9e8df32c09c7f6f30eb453ffffbf8c36e8b3e3
SHA512 d654c7cef20826e4aff855c9373fd0f7f0815370a0b8c69ab561186b0b6e0df1aa459b421d13ee815b9178b8639b1ee68dbf67a9f7d6c57ef69964fb3c4a420d

/data/data/com.txy.wzd/databases/sy_pay_record-wal

MD5 eb11c233de92bc55ce53d6805ed66a49
SHA1 415cd277561b80b4eb350c4c28410ffdb1c83413
SHA256 1e5592549ded513e883fcf62eddcb7d03a19c98aac486f91cb2956c7e35ed246
SHA512 4f6e23c1158ca7f53fe487e5ce368b9cb7f3cc3cdf68433e397eadc75f2a98b768e31e171a06f241dc92531f8fe4f6d0d507f41ed39b4e76209892e11219400c