Analysis
-
max time kernel
179s -
max time network
186s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
-
submitted
22-05-2024 23:43
General
-
Target
6908ddc72ecea0e26eaa5eefb87b4480_JaffaCakes118.apk
-
Size
19.1MB
-
MD5
6908ddc72ecea0e26eaa5eefb87b4480
-
SHA1
a95a656db63721a5c1ed8abda62b43c07a17a19e
-
SHA256
aa380ff914e8a09595b221a06445141ea4a7b7ece4ce82a20ef64417915b411b
-
SHA512
d8e3547ab72f52f2d2588ab70d9bde0314c154a42bc9079942cf602812210386be2ae0b17497aeae22c2e650795e2026b94a1e051786c8d9f316286e1c437e85
-
SSDEEP
393216:scRaw+16XFh1Gy1EoplS6ZwzOHi6X+qQic/AfslsgcByoYpnfNqhaoI2c:3aw+1cfGyuojSkiP61ffK7AyoMfkaolc
Malware Config
Signatures
-
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
-
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
-
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
-
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
-
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
-
Checks if the internet connection is available 1 TTPs 1 IoCs
-
Reads information about phone network operator. 1 TTPs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes
-
cn.gmw.cloud1⤵
- Requests cell location
- Checks CPU information
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/cn.gmw.cloud/app_crashrecord/1004Filesize
58B
MD50d210bfb2a0e1f1b4c082a6a0f79de07
SHA1bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1
-
/data/data/cn.gmw.cloud/app_crashrecord/1004Filesize
219B
MD5e095d2b95396fb43a2cd32840e0c8f20
SHA1d8edf8f195dd3307b8768717a3e35a516011da55
SHA2567b4d905db43fad3c131909024f802374d47ed7af2ecc2e06407029d93a9af523
SHA5123af3da49e3bba97be005fec0614e37024fb43ee30f896a8d0ed16ecb6736d46a50861ceae2d65d72d4460c6d2e4c2103413e910df4c5d95753b06300655b2744
-
/data/data/cn.gmw.cloud/databases/bugly_db_Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
/data/data/cn.gmw.cloud/databases/bugly_db_-journalFilesize
512B
MD5a1f766452b668fed28c9c807f542af1b
SHA1776cc3ac232ec8b16ff2db3a3ca67dbf1bc2128f
SHA2567e1e74775117ae17f303b14765bf391d2b9a9b953c8214008d3f613a143a413c
SHA51276012fae670ff59802938798a30b277764d9281e6f95249bcd74c3c2028ba758b73ee41f75d711db01a560997ad83d1be19c2bbc4245a15ef2a39db87c9b20dd
-
/data/data/cn.gmw.cloud/databases/bugly_db_-shmFilesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
/data/data/cn.gmw.cloud/databases/bugly_db_-walFilesize
72KB
MD5a5f1ae0794c30d71fa63b7b1fd1570a1
SHA14cd808c0d0aaff0e0373d36a24fc15a1a10db369
SHA2562791239c45623f0b9bc7f0a175f9d80190f1c915a84d6f7a7b70df2b835b9a2e
SHA512b08f2a6797ff2a833a70faec3ece9e67e35df6cb7481103c92ae5cff5c4d260e1bf7eaa42588e9b25fdff47c7f5acda0031ee3531823ff70f4e40d59d23e4da0
-
/data/data/cn.gmw.cloud/databases/cc/cc.dbFilesize
36KB
MD55d7ea1a23af19b4340cc8d90f28297d5
SHA14cfe95b23a9e98378d69c4290af81b51fbe76aea
SHA256474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da
SHA51233071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b
-
/data/data/cn.gmw.cloud/databases/cc/cc.dbFilesize
36KB
MD5ce6135aa1b1fe4f2c2db2a546d2a5558
SHA179b59582154017aadab783dc266fcb158c252940
SHA2567b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c
SHA5122839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4
-
/data/data/cn.gmw.cloud/databases/cc/cc.db-journalFilesize
512B
MD536df7974bf12a4a9a7942958e4ee2dd9
SHA102087ed1e2db3738b3647445c2b6eaf2895e1f75
SHA25681d69879f3884adf8d515a6ad30a0b96cbb55ab80a3ba319a1b09f9ee7c7e9e2
SHA512454b203b32d1fbf59ed95dd0c4586905d15798e233e4f465ea9a94966e8b228f22a040bdff738165fa980be3973c71b73323ee382219ee972c363e4cd6f3518a
-
/data/data/cn.gmw.cloud/databases/cc/cc.db-walFilesize
48KB
MD5b4fa246a98281de943750cf530c954f7
SHA19d9a6a071323656ef0b84dc61b3798f2fbbf06f3
SHA256013d52cd626d0e11958b98df417573309bd29bebb6afe8f92a6abbb299a050f3
SHA512aa2f416d8b421a4f88c1714029c86bfa42d97d0f0fa9db5f7e614bc8fb3be9506410c076d97ee2f7c54d5e8b8866a5fdfbca9ad58078cf488d761f7b1898c2df
-
/data/data/cn.gmw.cloud/databases/cc/cc.db-walFilesize
16KB
MD5958fd515b44fa9104be15801c2dbb43b
SHA168714463cb254aec8c04897266c3d831343b7406
SHA25618253d871bc09dceffab359656db918fa7bf1fd9ebc9d7f6009925f554060868
SHA51253f2ff874405f0653e65a521fced1132f4f08aa4f11caa34b1de348a8195b24fbe8e2e1d6b3226d801f037b0fbbdf8d89913f89191db4dfaf12934c49144589a
-
/data/data/cn.gmw.cloud/files/.um/um_cache_1716421497670.envFilesize
1KB
MD5b5ff90f8dbed3e12ea614c8a3c5a4870
SHA1cfbb96726fd64466ebc71ca07d47f326eb2f4666
SHA2569e7e120fdbfafced2734dd9c0d9c38bbda9a468c06dd7e447f44ce6f09e35dd4
SHA512ca67e1b838c058a279235d385a255647a7bf45c8fbd6b060243eafbfca9c363d658c8ae26ea5a527959f301f49d6529342ec6a5c7c73688ec1403f2700f8d387
-
/data/data/cn.gmw.cloud/files/.umeng/exchangeIdentity.jsonFilesize
162B
MD511877fd594f4770a794733bd137dd271
SHA184e24becfe83d49323ed03d08347f0a75759a927
SHA256412f60f0f91af816a117e77863d506d08f68d36d324664dd2b1efabd3d4b053d
SHA512e6588b6f1a1270619a3d4df27451cf7ef6bade4b89f7ad6f4b3d3234cc6f3de4c1e91aa836dc84206f4b851bc0de3b6b3875c8638adc06227bdca750d9a01fe4
-
/data/data/cn.gmw.cloud/files/com.maa.sdk/access.logFilesize
296B
MD590e8ad87f268e52e6bc51bdcdd884280
SHA1e881a520e36f2d0b532288381ea32dd9076fb16e
SHA256ef602b6c03399d21cebe256eabb96f06389ac499f661fce07c0a40a942bf213e
SHA512ebe0a284184cf4f19d87c87503e9e49cba801a8665e064af782fc9a8d7c0a4d2bd5b162431c7856fcf6e4e0118e08c7c5da0fa235a2b9f515db7c1bbda4cd2a6
-
/data/data/cn.gmw.cloud/files/mobclick_agent_cached_cn.gmw.cloud75Filesize
2KB
MD52888bd538d6ecef1ef48326865e8e6cf
SHA1bdcf4f3773fbb649424ffbdbe0f26e7525d18df1
SHA2560efc5f596baa376cfeb482a9a3490f2b01f7d946d5d8af072dc54a2ec523f69b
SHA51227af0d236eeb34b9879ac0948f3514f7490359f318959a92c8cd139fc05300fec473a8b1555b0b5718a3221b43bab0b115c1384e7dc2a0bb7b3666bdb65f0444
-
/data/data/cn.gmw.cloud/files/umeng_it.cacheFilesize
415B
MD550e0d289eadd05e4ecbd252d5f18f020
SHA18040ff245321c78728c9f740465793ecdbb1252d
SHA25626ab7688b68b44d8b305fa3711ee5bdfd1b7cb46ba361009552f41f9b601e92a
SHA5124ffe9ab3127dcfc9dd7efe43d18bb31875fa9a055b1618bb46072184c9c3908bd90a7c6f02d978f0aa764163623c95d66893f09dba6ceb17de207023b7b5a01b
-
/data/data/cn.gmw.cloud/files/wspxFilesize
277KB
MD5b0af5e81eb5ae8b2196ccbd0eab3c65c
SHA13ba81ead639281abd20589464a7cd90bb6e8025d
SHA25642184f314d77add645a9bdb828398d966104d1803b991022b1e7ab7a7e6e0e2e
SHA51241fc351992aee16dfad9e1381340b56aec18d52edd4c779df5a46e1e978f74c4e87d296ec213691509ca493749549240a3f4a048b9e9dd7a059d4e55b7f5a29f
-
/storage/emulated/0/Android/data/cn.gmw.cloud/cache/mw_cache/journal.tmpFilesize
31B
MD58c92de9ce46d41a22f3b20f77404cc1d
SHA18671a6dca00edb72be47363a7071be65cf270373
SHA25668bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA51230f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56
-
/storage/emulated/0/gmwdaily/cdnlog/RedCDNUpLoad.logFilesize
1KB
MD5b6dc26188924d62b6c32495592f47df5
SHA172c8bfc7c6758b29cbc1fd6968fc4a1da5904e00
SHA2567d61bd61a87b1315e8ba8be21a6c2430c7530fe7fe4e8857e5564b78575c0404
SHA5122773a7a910174f8a1bd7088daa8780a5af4d694752a48fd9c0b198f862bbb9a3bd083f099e4b554d6df900890d1905dbefe359f28eb280f1661832b4c37cd853
-
/storage/emulated/0/gmwdaily/cdnlog/m.iniFilesize
1024B
MD5a84881f746f80cae9cf6038ffc86ff65
SHA10e7fd278ef8f5b59183a1642f1b1974ab1d26eab
SHA2564025131af9366930f6a8f96845bab680a07fd5939199e4d473eabc372cbea57d
SHA5121a394f084aa99b1f278ca941eacb4fe4a20ce018a863bd54d450808b1ef8d8a870dfb2400a0a3c0aea9f0d0c0db2174b778741ad68e77ef9bdbb6689f797e9f7
-
/storage/emulated/0/gmwdaily/cdnlog/uploadmgr.dbFilesize
2KB
MD5216661729a3c81e912cfe15446f2a28e
SHA1bb858e5732520da826393f8908d19f43b19f280f
SHA256e96221ea726c0689f527c3a522c89399d99abaceeebe02b8bf78793a629c6521
SHA512ad28d06f21274221aa584c7cb9bb06bf022d14ec4d7da58a705e3d23665ad79b3d04774aaaa099f4aa917c0f42a1ffe2c609722f19858d4db663c1d58a7343e4
-
/storage/emulated/0/gmwdaily/cdnlog/uploadmgr.db-journalFilesize
512B
MD5a011d172aaeb30a19e4eebb0266a9e90
SHA19dbbc6006bba22881019cc6c19f1978e6e916f42
SHA256b70ad4700fee35fc2825a285f6354af73de96b3ac36fc82b753613ec4e6a6e8e
SHA5122d1b15780c8c92c193f69361b80b2a1198b6f58ecbc459187ac7a58c98dda46a8533e136059b2cf9debb4ce0c4b54949eebcd502d6473d477ce1606409fb366d