0e10015cd8b3912a824ae4a5936216dc083433692588a0f30cc286101fe3c304

Analysis

max time kernel
130s
max time network
141s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
22-05-2024 19:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6864f9c0e1b8bef65f623362509dd0cc_JaffaCakes118.apk
Size

19.6MB
MD5

6864f9c0e1b8bef65f623362509dd0cc
SHA1

67b8460580e0b3de950ce9865cf7705d16b09b8b
SHA256

0e10015cd8b3912a824ae4a5936216dc083433692588a0f30cc286101fe3c304
SHA512

bd1fce5ed2c7979ace710c7bf7b9d29855b5681422b9e1b56e4e70a921fc2b94028033b29756f6ccfca955eb712ff66bda3a9af0ae03f684f82043b08b57ed97
SSDEEP

393216:Ta8j7/THaFUW6cvsEWKVCMWhDT9qPS5Zz5JXlqehY8L/cTD:O8jXHaFUsvsPKVAIqfztq58Dcv

Score

7^/10

discovery evasion persistence

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 5 IoCs

Runs executable file dropped to the device during analysis.

evasion

T1407

Processes:

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.duwhauho.cjwgoaugocw/app_mimo/mimo_asset.apk --output-vdex-fd=69 --oat-fd=70 --oat-location=/data/user/0/com.duwhauho.cjwgoaugocw/app_mimo/oat/x86/mimo_asset.odex --compiler-filter=quicken --class-loader-context=&com.duwhauho.cjwgoaugocw/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.duwhauho.cjwgoaugocw/app_analytics/analytics.apk --output-vdex-fd=106 --oat-fd=108 --oat-location=/data/user/0/com.duwhauho.cjwgoaugocw/app_analytics/oat/x86/analytics.odex --compiler-filter=quicken --class-loader-context=&

ioc	pid	process
/data/user/0/com.duwhauho.cjwgoaugocw/app_mimo/mimo_asset.apk	4254	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.duwhauho.cjwgoaugocw/app_mimo/mimo_asset.apk --output-vdex-fd=69 --oat-fd=70 --oat-location=/data/user/0/com.duwhauho.cjwgoaugocw/app_mimo/oat/x86/mimo_asset.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.duwhauho.cjwgoaugocw/app_mimo/mimo_asset.apk	4211	com.duwhauho.cjwgoaugocw
/data/user/0/com.duwhauho.cjwgoaugocw/app_analytics/analytics.apk	4211	com.duwhauho.cjwgoaugocw
/data/user/0/com.duwhauho.cjwgoaugocw/app_analytics/analytics.apk	4414	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.duwhauho.cjwgoaugocw/app_analytics/analytics.apk --output-vdex-fd=106 --oat-fd=108 --oat-location=/data/user/0/com.duwhauho.cjwgoaugocw/app_analytics/oat/x86/analytics.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.duwhauho.cjwgoaugocw/app_analytics/analytics.apk	4211	com.duwhauho.cjwgoaugocw

Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

T1424

Processes:

com.duwhauho.cjwgoaugocw

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.duwhauho.cjwgoaugocw
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

com.duwhauho.cjwgoaugocw

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.duwhauho.cjwgoaugocw
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.duwhauho.cjwgoaugocw

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.duwhauho.cjwgoaugocw
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

T1422
Requests dangerous framework permissions 1 IoCs

Processes:

description ioc

Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.duwhauho.cjwgoaugocw

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.duwhauho.cjwgoaugocw

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.duwhauho.cjwgoaugocw

description	ioc
Allows an app to access approximate location.	android.permission.ACCESS_COARSE_LOCATION

com.duwhauho.cjwgoaugocw
1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:4211

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.duwhauho.cjwgoaugocw/app_mimo/mimo_asset.apk --output-vdex-fd=69 --oat-fd=70 --oat-location=/data/user/0/com.duwhauho.cjwgoaugocw/app_mimo/oat/x86/mimo_asset.odex --compiler-filter=quicken --class-loader-context=&
2⤵
- Loads dropped Dex/Jar
PID:4254

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.duwhauho.cjwgoaugocw/app_analytics/analytics.apk --output-vdex-fd=106 --oat-fd=108 --oat-location=/data/user/0/com.duwhauho.cjwgoaugocw/app_analytics/oat/x86/analytics.odex --compiler-filter=quicken --class-loader-context=&
2⤵
- Loads dropped Dex/Jar
PID:4414

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.duwhauho.cjwgoaugocw/app_analytics/analytics.apk.tmp
Filesize
545KB

MD5
4f6ba7835b8b8aff7f7c7a97bc262b34

SHA1
2f9b2433c46ed5ecd9c1d8dcf708d07340eb146c

SHA256
5a0062937d99f0b85e6fcfdb162ce6224ed0635cbb8cf6e3ac253d57fd8ef97c

SHA512
14a0ab2048b3366bf3893eeb3c8f978deadb1d28bff5c1918976db49dfc62307eaf7fcfe843d0f3696d175df7710defe120273cefb6221ce2612b14839536f40

Download Submit
/data/data/com.duwhauho.cjwgoaugocw/app_mimo/mimo_asset.apk
Filesize
390KB

MD5
39692de7ff0848e54bf6ea1ce9ece672

SHA1
bf6299d772f195bac724f738c49cdac0c538abe4

SHA256
011c400d36773b3b475290c2d1af5a829c0597c24dfbb10e12222611a4e1300e

SHA512
3ea7d8e4a85e1b8b7759984f817df7c65656d057e31b11ec1a970e79a99b775fca5e5f8ef942f99869a14b58a91c1a5838b5711ac33f915cf8f7f77280bcadc6

Download Submit
/data/data/com.duwhauho.cjwgoaugocw/app_mimo/mimo_download.apk.tmp
Filesize
400KB

MD5
3e86b24cfe8ea3644e3a6bb2f3bc75a1

SHA1
7881136fb412166d04ad5b6c4fdb9550a66fd99f

SHA256
1b01837a2b9004309bff95248adc60d39ffdadc90e52ebf645b2c5ce76f28bc7

SHA512
40ec714867b4a3e0aaa920abb648f331ce43e8bef442e782eff5ebaacb1052785e681c23b85f6ec50bc4e57e5b9924e61ca4fd72589f810ce8c670b5094b612b

Download Submit
/data/data/com.duwhauho.cjwgoaugocw/databases/analytics.db
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.duwhauho.cjwgoaugocw/databases/analytics.db-journal
Filesize
512B

MD5
c462591b9b6e3093cf309c2de08ba0ce

SHA1
8d2b9fedb1f31aab1dc735a2c21a9107fa1bb315

SHA256
dab872486320859d2fc9f7655836dfecc068136156f5800d2afcf66f753f5f0f

SHA512
ac6c0b89e4f62a82c679f8c7e6e8f06fbffee449d85e7cf51bb5323da95cf9fd5f60325d5c5a4cefc02c3d247e1511da0444ce217b31f5e8d247bebb4a1b9146

Download Submit
/data/data/com.duwhauho.cjwgoaugocw/databases/analytics.db-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.duwhauho.cjwgoaugocw/databases/analytics.db-wal
Filesize
32KB

MD5
974ef6d700ea6f1de92cfdb34d64cb85

SHA1
f713aec9c582a053df0e6f668a17bb6a33ab15fb

SHA256
c118cd78853219298dabd74040f17222468d5b737508110166f02c0067d7e6e6

SHA512
0216e50d44bdc6ff340613291caf888da925a98863f5c88149d03b8c8bc15247b123fc9bf1f01498b70106a865a5384098f95226f0b51b6bbc04f939ca45cce9

Download Submit
/data/data/com.duwhauho.cjwgoaugocw/databases/analyticsv2.db-journal
Filesize
512B

MD5
47a5f0dac051446d64ee40be6bbca827

SHA1
a5a12a8e190bd4528a60ff65fb23a29f99815cd3

SHA256
307a25c2bcabadf3e513d922d38072ca934a139b14d3059db8072a71561b721b

SHA512
d5990a26e1650d4c3535dc7f6a7d6c0c14dcccd96a021cba4cb4519680f13ec1dab54b4630c35f304a08c8715f8d299b282c43bb979fdd6760be9d27300bd08a

Download Submit
/data/data/com.duwhauho.cjwgoaugocw/databases/analyticsv2.db-wal
Filesize
28KB

MD5
a350d760a675fdd73c5fa784f475c35b

SHA1
fd132960a0d84e7a01e2dcdb12394df1dbd6a5a1

SHA256
bc9e038474876c07ccf9a4f5a3d1e083ad7eea822c54f856b2ab01269b956fbb

SHA512
42ea73c67f6b07de6b1c9393cdb02ffa5656368d01bba3cc70414b6f3b926206eb859331294ace8c7973c52708b0a343c8696615079be453d536706a8cb8ca87

Download Submit
/data/data/com.duwhauho.cjwgoaugocw/databases/reportServiceDB.db-journal
Filesize
512B

MD5
01d366e45461a2393c1aceae04f706e2

SHA1
0df54475fb2bab5e306b2b61a79704f2f100ac3b

SHA256
d62ea935a069b67934d4780b7c1bd8d6f6f60048fd1c4e3ff5b88ec65747c532

SHA512
8667f6f62e4d5cc5c3c5e8bce90f982f7e2384a539dd48c472d6eb88e1cc706f90c4a2015dd9b1601135f1a17acfa545876e51fecd472a1498d1b4d233255608

Download Submit
/data/data/com.duwhauho.cjwgoaugocw/databases/reportServiceDB.db-wal
Filesize
48KB

MD5
ccf0316f2318894ce9bcefc59fda35bf

SHA1
7651cb613d4e9508c605c3f61d72c7c34c58773d

SHA256
f340d0f5a3bd454efb680da70eece0635d6e715c6bc23e428e0aed11e713a0b4

SHA512
73c2650f1c73f39e1893040e1e0d94d90a52369670440065f0106aff292f052f35cbfe85e2feb2740a2fbbbcae6a622b19aeceb093e2b56a85c4fe355d736a86

Download Submit
/data/data/com.duwhauho.cjwgoaugocw/databases/requests.db-journal
Filesize
512B

MD5
24b2cb8ededcceed66bc51e5dfb94cf2

SHA1
45936d3e2b195d90eb3a6dff2e898acc2ed8bcd0

SHA256
8242b88e5a8bedaabf6a3d161846adfd92e028992eef760d7f9b12f02ba043b2

SHA512
8dc8f17711a93b11675dd8624c817d1e1d85791bdd7ffa827d3ed4142e78571134cebd2c1a28644992f4636811ac880439716735cc03d52c771919aede5812c6

Download Submit
/data/data/com.duwhauho.cjwgoaugocw/databases/requests.db-wal
Filesize
28KB

MD5
78c2769565adc87ebf8d223eebf987ec

SHA1
92b7c4b28afe9d6d5c9785523782e829395f6e6c

SHA256
916217ed5e51fe4581522700a2cbcb69e2e8a78e6630f8c9b88ce56dbe8fbf15

SHA512
d119637f756a9f74e16b8d49be8af31a9ba8df8e9693bddd9a4383b56242c9e9ce1e04784cf9d01d21510bfa56ab695caf4589fbc82ce6989e0c4b7b69516463

Download Submit
/data/data/com.duwhauho.cjwgoaugocw/files/54db829f09424caad69f7fb9350fa48d/policy.cache
Filesize
12KB

MD5
f0326dac3bd2b30f8d216ca46622eb2e

SHA1
e34cdf9529a96288d206b07c5078afb012be5b7e

SHA256
c59de2f2197323aae35f444e18f7f5d7ae2967cc486b0297bceaf329ef8dfcb7

SHA512
b91250a4e5cc4c2464657d7d625a3d19144b321fbc091041bae340dd8f7a27712dbc0c5961d50bc039471014c568fb06df9b8305f20e4ad08c65894e56b4c49b

Download Submit
/data/data/com.duwhauho.cjwgoaugocw/files/a194a0a7214f6cbda0672045c51505d1/policy.cache
Filesize
13KB

MD5
04ecedd182ec514d1a60d8d2ac199148

SHA1
3cc41071881e11ef4a5e8500ba83eb91e0502aed

SHA256
690fff1587a5f29c71dd12bb95f7c8d0d25518679ef90c9a9adf8c69ff5f18bf

SHA512
27a2e1ea979a0c3568064028558da583b72cdb5133442cbd5434c497ba0d2ba7a0a0445dee5657c4ec277af119b820371e03ac4c799eee93731b12379c491837

Download Submit
/data/user/0/com.duwhauho.cjwgoaugocw/app_analytics/analytics.apk
Filesize
1.1MB

MD5
36e6ce6a5a4e2b31982e3f8208a1af0e

SHA1
a7418ca9cdc61749e4c39e55cd4e74a0871ec196

SHA256
ca10a9f91f5246c09ab701368126bf842e33e62c0559328b34fc91295c13d298

SHA512
ee5022a46bc98db4be250a219a805073d5e558e5f3377de5d5becc5c3584f20988667af5e209dd2525c40c9fa70c8c7fac18eaaee98957b79d96b20a901ff100

Download Submit
/data/user/0/com.duwhauho.cjwgoaugocw/app_analytics/analytics.apk
Filesize
1.1MB

MD5
72c04a897494749e924a5caa8a679a99

SHA1
ef67bff3cfb96c8640bbc7745290a2d5eb59d504

SHA256
cb2d909918b2158dd9073b65d2f8ab203349ed3d4720e1bbe280165dc6272a23

SHA512
9e49285d9ae9d9ae8f2ace24c8decb48b079037b53acb0d969005a87b4d5e82382258c00b3998a2c518f659adbcc77897d8ec65e54461593aaa45ea9230cf489

Download Submit
/data/user/0/com.duwhauho.cjwgoaugocw/app_mimo/mimo_asset.apk
Filesize
664KB

MD5
12290c41a74632bdfba57ba60db0da82

SHA1
7ad8921c3178dcb1c17b58fb9ce19458328b2be7

SHA256
c7bedb30f9a27b5b0352595873add30a9c3d280deb8d3389440ecc5e9b0e8ffa

SHA512
7bc18b2286d24247561351f577ee101f766c811190fe9df5642767ff0cf9387af84cd76c691184b112b7ae5815e2be08e70e192ab5bd3a339a5b58b5947ddfe9

Download Submit
/data/user/0/com.duwhauho.cjwgoaugocw/app_mimo/mimo_asset.apk
Filesize
664KB

MD5
b29e22fce48fb0eabe12763e8441354a

SHA1
484b1154fa16a63c980631d74dd240376677f50d

SHA256
15fd755bd4c20c78a13e38bd3337bc5a80686b43365a346706858b9b817795ff

SHA512
2d0ec43846f67918fcffb5fac4ebdbd6f4e52592c5e36133e6e97ca26db1985fca04608d0fe8555b3e44c6dfe1db46b85b4192866f21e476188b03569307c53a

Download Submit
/storage/emulated/0/Android/data/com.duwhauho.cjwgoaugocw/cache/uil-images/journal.tmp
Filesize
31B

MD5
8c92de9ce46d41a22f3b20f77404cc1d

SHA1
8671a6dca00edb72be47363a7071be65cf270373

SHA256
68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

SHA512
30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

Download Submit