Overview

overview

8

Static

static

6

63b63ee21d...18.apk

android-9-x86

8

63b63ee21d...18.apk

android-10-x64

8

63b63ee21d...18.apk

android-11-x64

8

mimo_asset.apk

android-9-x86

1

mimo_asset.apk

android-10-x64

1

mimo_asset.apk

android-11-x64

1

Analysis

  • max time kernel
    14s
  • max time network
    130s
  • platform
    android_x86
  • resource
    android-x86-arm-20240514-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
  • submitted
    21-05-2024 15:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    63b63ee21d966bc71663fbea3aa118c2_JaffaCakes118.apk

  • Size

    11.8MB

  • MD5

    63b63ee21d966bc71663fbea3aa118c2

  • SHA1

    e98ebfd5ca33f46e43666d57ccfdf35c51f88618

  • SHA256

    8cdcf3004d53aabc3e7ba23b2d4cab986328bff234471886953702656ca6a80b

  • SHA512

    0c7e73c52bc2f65dd3d818fddfca5f6125601912d69c2d6c478fc3c2d5f348016d3bbab00d33f574e524d7db88b36a3ab3908a06f6f9b31058c0ef346b0f2bfe

  • SSDEEP

    196608:oHFHWH8c8wfpznpzuM+IjkpHVL8A74W39zgbf0KJ9wqnP4FgoT7/EwsM46kfAy:CB86wfpznpzPNkpHV5cWtzuzGqnjoMMa

Score
8/10
discoveryevasionimpactpersistence

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 1 IoCs
    evasion
  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

    evasiondiscovery
  • Loads dropped Dex/Jar 1 TTPs 5 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Acquires the wake lock 1 IoCs
  • Checks if the internet connection is available 1 TTPs 1 IoCs
    discovery
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
    discovery
  • Requests dangerous framework permissions 1 IoCs
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
    evasion
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact

Processes

  • net.playtouch.ballwall.xsl
    1⤵
    • Checks if the Android device is rooted.
    • Checks CPU information
    • Loads dropped Dex/Jar
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Acquires the wake lock
    • Checks if the internet connection is available
    • Listens for changes in the sensor environment (might be used to detect emulation)
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4299
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/net.playtouch.ballwall.xsl/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/net.playtouch.ballwall.xsl/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4332

Network

MITRE ATT&CK Enterprise v15

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/net.playtouch.ballwall.xsl/.jiagu/classes.dex
    Filesize

    6.0MB

    MD5

    9f88e36fb11c389a67adc59c0a109532

    SHA1

    7cd88d6af1398c40f6ccd0a0e406775dd39f4fa9

    SHA256

    315a8692ef6b7fc989a617487d58b820a6217d6d1294cfbd123f9ee9a2e7306c

    SHA512

    c7a9f75cc3f694a6068ea44fdc1b5b40f6919067ef7f50889971e531ad5f7f33262f4234d324fa49445818111252bb3e6a2060778fd4612ce34e77ee69712795

    Download Submit

  • /data/data/net.playtouch.ballwall.xsl/.jiagu/classes.dex!classes2.dex
    Filesize

    4.1MB

    MD5

    aae041a0578ca88874d897346dac0f6b

    SHA1

    30a4622c3b45b31a9c63af143e5813e892dfb68b

    SHA256

    24c7fdf0d4cd551f931a03513b8ad578d492dc415ce346f034cf37a2076c71b0

    SHA512

    cb6e4b3bab864c84b31222eb2ad6c89b6b7d4cdb679c1b67f574e3a0105131f302d46c1bd48b4344d896283740f09d42b7fdf628fa4769213ba8f9890cfbb2e4

    Download Submit

  • /data/data/net.playtouch.ballwall.xsl/.jiagu/libjiagu.so
    Filesize

    487KB

    MD5

    610a895c4a71bbeeaea16eddb1422bbf

    SHA1

    9f919de42ed1e80bfadfef48f8202b202166f869

    SHA256

    baa349e9b5a47be21b6ea00ef2e0c0c5dc203c0e4c391dac46df07ca9d333217

    SHA512

    ef4173ba32309ef1257b75bcff28fd44ab14398577b4fb3b6b95323035c964201ed39546cda3b7115ba5025781f3b9c018443e7932edd50a25b1be60359f80f2

    Download Submit

  • /data/data/net.playtouch.ballwall.xsl/.jiagu/tmp.dex
    Filesize

    284B

    MD5

    f1771b68f5f9b168b79ff59ae2daabe4

    SHA1

    0df6a835559f5c99670214a12700e7d8c28e5a42

    SHA256

    9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

    SHA512

    dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

    Download Submit

  • /data/data/net.playtouch.ballwall.xsl/app_mimo/mimo_asset.apk
    Filesize

    397KB

    MD5

    015b93140e10348bac8bbe9c1cd26e55

    SHA1

    96f545739c8ae213c5afbc97e1bca4ef0346a100

    SHA256

    1891f588d5d58f90ce8ee77afc968279aef9011470ac5a172ae3066093e4a0ba

    SHA512

    351b4fdac4cd30a81c5ae593583c7412aa931632e3fcc20062fb13c8d06c3e286bc8e8468d6d2fb753b0cf12d21e3614db38ddbc502cf0c8de1b1abfd4f6a055

    Download Submit

  • /data/data/net.playtouch.ballwall.xsl/databases/ua.db
    Filesize

    36KB

    MD5

    0adda9c85a5e4808f5b1b74c0a8591a5

    SHA1

    5048107883ab1e345af9cf2e6849ce46e0e612bf

    SHA256

    1e17860bba2bb4e3e92df3890aa6dddc973d6602c71519a15556d37bb69de2a1

    SHA512

    646061d3d5849772511bd94e36ca2d775a9a672851629d1812942ec0f0f925714eb7d4ebac44889911320cb6710a2f586014f6b1e126739cab653c4f8deef2d1

    Download Submit

  • /data/data/net.playtouch.ballwall.xsl/databases/ua.db
    Filesize

    24KB

    MD5

    11b47faff84afe700b96da10f066d4c5

    SHA1

    f73c9bd9d842bbca80424575b7c1b213efd829c5

    SHA256

    a48b389ea2eecd9a504b09373800a9f56fdb2560918262a94bae4dbfdf81ade5

    SHA512

    e683ecc81e88cc27bad5a73f0746da27ef2118f32bfb168e078e672e810df6cea7d386582716a0c7e0fcc0be83674dc38f0d69bd71816e01c6a644d2069678e8

    Download Submit

  • /data/data/net.playtouch.ballwall.xsl/databases/ua.db-journal
    Filesize

    512B

    MD5

    768e82ded66277dff45da4f546efb861

    SHA1

    2f53074eb3781ed13f554e4dc05b4a45de9284d3

    SHA256

    7501a0f9ac84bd25a97be5f4c24ee26a3151d989d9bc75e38e8b1b8bf517e00c

    SHA512

    898b29abdfc0797e210584ded9e5724ca19833c408f2b730cb7825938072c613218c09b86dbc916e4bb79923e0db088ae14ae56be5a9a75a29af0c7d16fc0e80

    Download Submit

  • /data/data/net.playtouch.ballwall.xsl/databases/ua.db-shm
    Filesize

    28KB

    MD5

    cf845a781c107ec1346e849c9dd1b7e8

    SHA1

    b44ccc7f7d519352422e59ee8b0bdbac881768a7

    SHA256

    18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

    SHA512

    4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

    Download Submit

  • /data/data/net.playtouch.ballwall.xsl/databases/ua.db-wal
    Filesize

    48KB

    MD5

    bf725d9838f639bed978b21a55811720

    SHA1

    36314a59712a85288c70de721188546fb37c3018

    SHA256

    2697b775ec4e0efeb7b2b0682a9b3f8572cd3ed23e57742291603938a5b7b73c

    SHA512

    611cd8c9ecddbe3fa3c709d94e28e11ed482bb0044b8d4866fee6961e228a78e7eb6e540b2b69f64181ab0b963c083b8bf7551c594b264d1e81de8e466a85eca

    Download Submit

  • /data/data/net.playtouch.ballwall.xsl/databases/ua.db-wal
    Filesize

    12KB

    MD5

    9023b4dad859c9637040ef47265d98a6

    SHA1

    62928477622538d15b8496656251da6de9190219

    SHA256

    265e9f1a3719677bd75dfc0cf7ad32e62db5922b3a1d33642bd244bd9b798471

    SHA512

    1d9200434620ee08d8a1c071b7110a09eb87c0705ee182452518f44fa095fcaebff408c5c3308c6e697585c5d237d512eca33c170e6fb68afd0bf32c21d3f2b5

    Download Submit

  • /data/data/net.playtouch.ballwall.xsl/files/.envelope/a==7.5.3&&2_1716303783077_envelope.log
    Filesize

    1KB

    MD5

    9130e2e12336f7688061e011c1c34180

    SHA1

    6aa1107e5c326aa64b8b356d97d6860c895ff255

    SHA256

    df5cbd4b3583e8d430e780ba7f06383c4fa33c2b8a477d6cbc98f0afb7dcf636

    SHA512

    6999287f76c410d365b450734a59e48b08cc3300d8c70956b8ee1d56e66616e40e8826b036926efdcf00e5b2ec6403308c6f1302dc11c86cbf12ea32bcbb8030

    Download Submit

  • /data/data/net.playtouch.ballwall.xsl/files/.jglogs/.jg.ac
    Filesize

    40B

    MD5

    612cdccd3f37caebd6080e923243975e

    SHA1

    2be65605d009dbcac245635497e2e5b884442250

    SHA256

    843bfe97864ca5958e6ee703adf7a2b6f1c8c4dbe1ea97c788b7a8e59b2404a4

    SHA512

    769d58f949b131e142874f6fb2beb8eb70be8ec0f7de30f8b571914cfdf229fe8c49307387381efa6f108d605c70a7e7e09632305b71d57fc3e1fcab7f4e6761

    Download Submit

  • /data/data/net.playtouch.ballwall.xsl/files/.jglogs/.jg.ri
    Filesize

    307B

    MD5

    f42f9d4518178877237ee51317c6bc07

    SHA1

    18a7dd876443fca8883087a1bb33bacf0595d45a

    SHA256

    8e05751f6e04c313a3d70e0fdde31caadff441ee63d15fe8df4f7c4b2017cd7f

    SHA512

    fb92dff1482a4efbdced3cb7ab214da47525b445c1320e71dce63b4c0810944e8a14d3db24c9f8b9308a22e7fd8e78273495293ce2d34aed37aa27751028d8f1

    Download Submit

  • /data/data/net.playtouch.ballwall.xsl/files/.jglogs/.jg.store.report_cf
    Filesize

    32B

    MD5

    bcfdf07e96a3eea4466e54677ab3e889

    SHA1

    78f70c653aabd31bdc0e98bf416d725510d7446a

    SHA256

    11f6809bf3d8e0e8a5b6aa8832cca4c77b620e7435a297ea5e580fab843dffc0

    SHA512

    b77e9b6d1044292f8d1c7620cd5e740f03fdd6c717de1bab4b94aa9e8898072e95b7b501ea43daf254447262fc44fd88467f6e47c39682dc97bc19ce99b16b41

    Download Submit

  • /data/data/net.playtouch.ballwall.xsl/files/.jglogs/.jg.store.report_pid
    Filesize

    32B

    MD5

    e5d6f7972c53ab0e5492bc3272f10d55

    SHA1

    c28b3afebf0a0eaa2ef42a9ffb0e49b190da9507

    SHA256

    2fa9b6ec04aed2f09d6bfe3bf1c600e68753efc6aa3428d40222a2eff998118a

    SHA512

    60c2c1de1c8b67a31f95e6a17917b3df58a38e204b646e8af900fa5d7ec07e4fc7907411d3824fd34d8a962c52eee75d643db9ef12f8824d2b1384a6f93704d8

    Download Submit

  • /data/data/net.playtouch.ballwall.xsl/files/.umeng/exchangeIdentity.json
    Filesize

    162B

    MD5

    26036fe995e685d31b5af18f82f48a90

    SHA1

    d31e927868a0125cdb012382c846c0ae62e04c08

    SHA256

    0b521d3b5beff2aab886cf4d07ae70f6182892ba8791779add7ec6ba589628f7

    SHA512

    8f965a08e39278f29365994958dbecc0669585e236e889a78de5fa24971e08a955d1455346fdbd92df100772f4dac3c97de87ada59789d23ad91f894e37c6d1a

    Download Submit

  • /data/data/net.playtouch.ballwall.xsl/files/exid.dat
    Filesize

    85B

    MD5

    e27a2369aa7127845ef08f2ea7e6b6d8

    SHA1

    aae5816e400f86fda1869f24f6e0dce5e7fd4a23

    SHA256

    4a2d6045113c91b77e9d1b031efe51536a0427ad21afa1dd6e4a602d8dc4503e

    SHA512

    1fccb913b63ae84e6e87ab34d767ecd2bffc3ed9474a4ae2842156df2a9a65d3557b538a60456e09e66170b603bf1175602e1b792e32d558737466cb228c31a7

    Download Submit

  • /data/data/net.playtouch.ballwall.xsl/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE2MzAzNzgwNzk5

    Filesize

    1KB

    MD5

    5f72ba1e0c5763ae5e140aa912e05f7f

    SHA1

    b31a52ca2824bb9ca58982594b3580e5fc513fe5

    SHA256

    1ba1e4091f24c4166da6a160ba89f405aca8fcf327d624f6925373c59df80a6c

    SHA512

    37d24a8a7cab05d74a8e5a52de3916983955456c4b63dd13ee13a76d7008258cb77f192d5f76eb57c642e7d9ab4f47aaae1148cb70e4457e8a68b15c11f08395

    Download Submit

  • /data/data/net.playtouch.ballwall.xsl/files/umeng_it.cache
    Filesize

    415B

    MD5

    2ea6be5a071829d5798d0e5ab0baea73

    SHA1

    c4ab8a9b40db4d4c3be0aec6e3dcada5da5b97d0

    SHA256

    ea4e4721700909a96a065c0ffe5ccf23f1f511adaca932cc2947c0c90c9d612f

    SHA512

    41c83d9e3ffb019d173b6b8abf434d1540474311cc5263abdb9eabc0bf4e33f9cf5b369e9b3cff63ad28dd41a11401031dddc08d9f22bf32cca965a735d7ff1b

    Download Submit

  • /storage/emulated/0/save_data/net.playtouch.ballwall.xsl/.jiagu/oat/x86/tmp.odex
    Filesize

    16KB

    MD5

    e1b9e1c470966346efe9505f47926743

    SHA1

    0a69ff8e20afa9acadba85888af0a275e4cfca35

    SHA256

    fb712a3d6490295f629bf872b84b73749e25e0787690ad169d2a845b45f482cf

    SHA512

    5487413b8b6f8c5017df4e86758729548df48e1c86653e77df788daa3a6995b05b8f3c3ddb99a2ae54c03a22f35e41001c3676dcedb33cfa63407fe944758c6a

    Download Submit

  • /storage/emulated/0/save_data/net.playtouch.ballwall.xsl/.jiagu/oat/x86/tmp.vdex
    Filesize

    340B

    MD5

    c5d40bc64b9b3c2ba0dfbcfa6b04108f

    SHA1

    21bde60a1c8123743aacd6876882eac00b254f3d

    SHA256

    81709a472f663b31ad554d377e5182219668bf02b2c4444fcdf26adde7142721

    SHA512

    49e0dee8e65eb213c7b3c2b4b2e00f78714d3cc6742e613ad856e8b8e00867e743da758f3f8e35a2ebd6fc6f9e031c5a0039c5330eb5f196f0ba193f76e4b42b

    Download Submit

  • /storage/emulated/0/save_data/net.playtouch.ballwall.xsl/files/.jglogs/.jg.ri
    Filesize

    307B

    MD5

    b805a931523cb1ef1f0b75cfc1ea83f9

    SHA1

    4e5f304170c4ba0e65669ae35a9f14000cfd11a0

    SHA256

    2225e014cb68151334af2a47ee9a1ada0ff504b431400ccef502285bc6d90a7a

    SHA512

    a6bf5c217f1d5cf11ae1bc5af27d348db371a872d76bf8fc0d98cce21d99c94bf192665a0590a34d8d28f8fb4a182cbfb847feee78eb5c9cc5e896062cfc18f2

    Download Submit

  • /storage/emulated/0/save_data/net.playtouch.ballwall.xsl/shared_prefs/com.facebook.internal.preferences.APP_GATEKEEPERS.xml
    Filesize

    4KB

    MD5

    57c5c7262b41ea0da6b798c6233afa43

    SHA1

    6a459c9d5eeae08f497227cfb8c2bd7852b590de

    SHA256

    e83461cbcad062c13cbdc0bc4b9b1913e74c71a64d7b690585ffa1249a6c06a2

    SHA512

    eb19ef833cfea733e4d19c32d247172ec92f23b16e6679952bd348ce773b5d706a7b645f6542b3d6fbdb8fe859213ca4d5a010ba563934ef8468a83481c2e691

    Download Submit

  • /storage/emulated/0/save_data/net.playtouch.ballwall.xsl/shared_prefs/com.facebook.internal.preferences.APP_SETTINGS.xml
    Filesize

    949B

    MD5

    b48cf3b0b6a5c46310ff792b221da908

    SHA1

    a9bf174d7e1540e4a8428533436be65f50337757

    SHA256

    5d0207d69a0b62848adaa8f643b537810844ff06c34f50223f1dde6cf0fc179a

    SHA512

    549bef016f4ab3aaa94918be52d9932faad9e8db36e2a621239b7764e4ce43124814626306c8410b7e9a5ce451a7c121775e1337a8b8ea39dab8fac25117a2d5

    Download Submit

  • /storage/emulated/0/save_data/net.playtouch.ballwall.xsl/shared_prefs/com.facebook.sdk.appEventPreferences.xml
    Filesize

    160B

    MD5

    50fda53e8213195f08322b729ea838f6

    SHA1

    59fa2ec4682fe0a0906d47d5fd4742211a03e427

    SHA256

    77c6c0d4995370d3b0374f749a63dad15cccec1591872c768f7c17c47c37b949

    SHA512

    b543dc3cabab8b0cf9d1224ab02da9f400276bc403121233b5b12bd866431d261a10f7cf63f5ff621d7d23108f019800680f8f5713def9820791503e047def67

    Download Submit

  • /storage/emulated/0/save_data/net.playtouch.ballwall.xsl/shared_prefs/com.google.android.gms.measurement.prefs.xml
    Filesize

    297B

    MD5

    9e87e1a3af439001382e5ff54b9a7428

    SHA1

    8360932ea42255794387be1014e3871a6589d627

    SHA256

    e5cb5cd22d56bbd9ef5a1c79d7f9e3bab713c0e1490f40fee6564c0f4d082f5b

    SHA512

    63175c0f0ef5a19b0c7ae284e59a795134475e85a958c1e439e17a10c4322814ad365fd34f18676e454e1951202e676d95fb9d7fcefac6aeddfb890b3ee4df0f

    Download Submit