fe76dfb323c58246c908e93e7879c2f1d7ce3febc18e8e60d811a90d24a9f18a

Analysis

max time kernel
175s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240611.1-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
submitted
14-06-2024 00:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a73f417a964c2fceaa713b41dfaece51_JaffaCakes118.apk
Size

10.0MB
MD5

a73f417a964c2fceaa713b41dfaece51
SHA1

25748ec0376fa99bc189f5eee09b4bb4ac8e2cb3
SHA256

fe76dfb323c58246c908e93e7879c2f1d7ce3febc18e8e60d811a90d24a9f18a
SHA512

4fe57e41e251f6f924e841e001aca12604b853499312d1318940030f3e5955cd8775b57fdced78b50724ac8736adecbc2342b30a9c176809df2ecd253d7fd6b2
SSDEEP

196608:i9RG0A1riUItUcUnohd3tGFDX799fn267NqxRoQgQU:wR7AYtUn6d3IV7vuQsgL

Score

8^/10

discovery evasion impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 6 IoCs

evasion

T1426

Processes:

com.wsw.cospa

ioc	process
/system/bin/su	com.wsw.cospa
/system/xbin/su	com.wsw.cospa
/data/local/su	com.wsw.cospa
/data/local/bin/su	com.wsw.cospa
/data/local/xbin/su	com.wsw.cospa
/sbin/su	com.wsw.cospa

Loads dropped Dex/Jar 1 TTPs 3 IoCs

Runs executable file dropped to the device during analysis.

evasion

T1407

Processes:

com.wsw.cospa

ioc	pid	process
/data/data/com.wsw.cospa/.jiagu/classes.dex	4237	com.wsw.cospa
/data/data/com.wsw.cospa/.jiagu/classes.dex!classes2.dex	4237	com.wsw.cospa
/data/data/com.wsw.cospa/.jiagu/classes.dex!classes3.dex	4237	com.wsw.cospa

Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

T1424

Processes:

com.wsw.cospa

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.wsw.cospa
Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
discovery

T1421

Processes:

com.wsw.cospa

description ioc process

Framework service call android.net.wifi.IWifiManager.getScanResults com.wsw.cospa
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 2 IoCs

Processes:

flow ioc

8 s.appjiagu.com
14 b.appjiagu.com
Queries information about active data network 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.wsw.cospa

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.wsw.cospa
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

com.wsw.cospa

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.wsw.cospa
Reads information about phone network operator. 1 TTPs
discovery

T1422
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

com.wsw.cospa

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.wsw.cospa
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

T1471

Processes:

com.wsw.cospa

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.wsw.cospa
Checks CPU information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

com.wsw.cospa

description ioc process

File opened for read /proc/cpuinfo com.wsw.cospa
Checks memory information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

com.wsw.cospa

description ioc process

File opened for read /proc/meminfo com.wsw.cospa

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.wsw.cospa

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.wsw.cospa

flow	ioc
8	s.appjiagu.com
14	b.appjiagu.com

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.wsw.cospa

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.wsw.cospa

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.wsw.cospa

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.wsw.cospa

description	ioc	process
File opened for read	/proc/cpuinfo	com.wsw.cospa

description	ioc	process
File opened for read	/proc/meminfo	com.wsw.cospa

com.wsw.cospa
1⤵
- Checks if the Android device is rooted.
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current nearby Wi-Fi networks
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4237

sh -c ps
2⤵
PID:4372

ps
2⤵
PID:4372

ps
2⤵
PID:4397

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.wsw.cospa/.jiagu/classes.dex
Filesize
6.6MB

MD5
58843986370e2224c6fe1609460954e0

SHA1
8078d39fbee7c795c0db64389e28fb0122d9305c

SHA256
1042e13c5b24dac5632de33ff442790bfaed3627bd3e3dbcd24f0e9e1c44307b

SHA512
a033c27245feec1da660ed6c2beb4392f9e6710754b67561b0959c26ad5005f661e2829c523f9af7ea4e860c88cd0dc7f3d17f6ffb087d52eddf9b69c42d9b4d

Download Submit
/data/data/com.wsw.cospa/.jiagu/classes.dex!classes2.dex
Filesize
6.6MB

MD5
f7fe0d25833ce464eb127a8ca669e628

SHA1
dd7ea1b57eb771cf00ac50217734158795599ea5

SHA256
46defe0ca7a20ccdf33bb816ed28021cc85c5e2fd43c0773a4d30273e7e0ae43

SHA512
dfd8e75c9b20617e9672c99d38fa6f1b38764e067396f4d0117193be3d91c605929daa4dc31780541ec65a2d31112ff3536bcefc95f0104058c6d49c5ed920e1

Download Submit
/data/data/com.wsw.cospa/.jiagu/classes.dex!classes3.dex
Filesize
213KB

MD5
0483cef51b4a123f7bf73379e3fe1df9

SHA1
efecdfb1978a36354856690fb371529055be35c6

SHA256
ef666613fa7923c563c61424cb2ab23f89ad6a9c9671eef796148f54fc54fa31

SHA512
11c620e4b772f92ee0722a4c7acff1834fd59a1c375a3bd67ce978cc0403b5180de242fab3548a76723335dcb3661504dc2643c7bd159a5053c1f0fac9f2d7f3

Download Submit
/data/data/com.wsw.cospa/.jiagu/libjiagu.so
Filesize
480KB

MD5
6e8ea47d2d8500b7fb8855394fdf0526

SHA1
d3c719bda605cd787c4acf30507edb76b7fb6070

SHA256
cc3b55086867ed7136d474a21b1359f49e6afed3b74fbb4ba5f11b36ce1f4d46

SHA512
385241f905c46ead517e4e0bcaf2fe00160ba0f7f40c6926ba288bf41d46e77a8bd63ec0a97d57a5b65cf6fb1f93b5f86f51d9cb24809ae934ebdb2fd49c0b70

Download Submit
/data/data/com.wsw.cospa/databases/comic-db
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.wsw.cospa/databases/comic-db-journal
Filesize
512B

MD5
cfac20b8ec3232250503b46a49a4c7cf

SHA1
e98671860f948cd2d2d4f2431c92cd230796217b

SHA256
a44155f88d217384d314a4e80fbc5d17c9f7166d74421ca13e9909776895a757

SHA512
ff2a567744016760d52cc7398d2654535c79669e83805a75f6eecbcf0f3721bbd16ce69f45939f0c4f8ceacfc118279f3796c53eb3cb24e48815951484d97e5f

Download Submit
/data/data/com.wsw.cospa/databases/comic-db-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.wsw.cospa/databases/comic-db-wal
Filesize
108KB

MD5
874b87f14c79aace48230088150de10b

SHA1
04fac5a4d407e1d1d19fd970f0196c0ac935a36b

SHA256
2701086c82be004636ef92fc4a808b26dbe015cc85ba54179dae9d5030e76a0b

SHA512
6cc118e14a39744a487b8d366f17594ada937210c33ceb07893fb4115a6a9d52ac155d29bd1feb2f6c8bd4aa7570ab530409a28ea5d26ac9171a9127d909065b

Download Submit
/data/data/com.wsw.cospa/databases/pri_tencent_analysis.db_com.wsw.cospa-journal
Filesize
512B

MD5
065cba3ed3bd1357d0c80e7ccf5e45ac

SHA1
8803b1e53c64ce11e9fd64440ae63492b63177e6

SHA256
ae15d1ec091632199d70803305c962d4608aada4bcf3dfc56561eaa0db3836e8

SHA512
c1ee80c4affc5dd4340fe926f2ab27387fd5ed1ea6170d442c59dd4a52576004d3bceb42ee5e58fa797ff02cea44876dcf388201f49de4a3f1bdc0cb86be1f88

Download Submit
/data/data/com.wsw.cospa/databases/pri_tencent_analysis.db_com.wsw.cospa-wal
Filesize
64KB

MD5
26820555bd6281e9067949a932c7868a

SHA1
8d0063bca213fd92cfa907f250f3c138208c85c3

SHA256
125a1cdf9f661efd27a2d33c3f32b23fcb77989bc9180cae7210ed175abbb0a9

SHA512
370ab8ba96eb44c07274fa79d05b2d95d4dd06e40693dab5bddea989e5df17e8e1890d36b9626b9063e2da6d04e69ca0c16a3741c2a59e2fa7e7d05feb8f0834

Download Submit
/data/data/com.wsw.cospa/databases/tencent_analysis.db_com.wsw.cospa-journal
Filesize
512B

MD5
b8c2327d5e8380cf0640af9d0eca4990

SHA1
8d90bab314d2e918aa29c23698d04599db9ace25

SHA256
591c45d528dfe662cdcee2c215724aa7c405c650e1ff589c5689cfe75bbfaae4

SHA512
6d2f8642407855996535d23958880c81ca60999d5c1b422e14bb3cea36d23b16581fec6ffd0b3b844ef06501bce53b5075cc173b4fa1f699bcd6a029032e7fe2

Download Submit
/data/data/com.wsw.cospa/databases/tencent_analysis.db_com.wsw.cospa-wal
Filesize
104KB

MD5
2787bb712dc370293552a5d3f99aae7b

SHA1
28d901e4eb7aef768344686ecabe6b222f7e6933

SHA256
f5f126bb30d0fcb2854b73d9b0c52b52b93d70386df8e2d73e393a1dbb89de7c

SHA512
44ab3e09f567e46288ddaa9d4cb8769d52c2e4aebf4142934600bb8aedaac144c5915345e977d476b32f17f9a6bd78da4f5c5e752b6d15eba41fad268c1b370c

Download Submit
/data/data/com.wsw.cospa/files/.jglogs/.jg.ac
Filesize
40B

MD5
d8b02bbbb5ccdcc6572471473959d175

SHA1
cd84a9a651db651572b636489f5e7dc1053326ca

SHA256
fb22e6451882db7885c8b8cd42afd6a0f18db24648a85a9ba791700cb70a53a2

SHA512
1f818b2b506e218e56f8a209fc76f83aba33e29241f977bd3e1833e5026123df1a45f7ec6010ad2a867cb8be0a28beddd874ee95381c6b01d53227913ff5db6f

Download Submit
/data/data/com.wsw.cospa/files/.jglogs/.jg.ac
Filesize
40B

MD5
20d83070d7a4036335059e003f52bf92

SHA1
19e1ddb4ba2c0f8560b63108bb98d718b6e1c502

SHA256
33694dc60e8959e16b242987e41a7eeaacb415c3b6aa200ef54421dffad26f0e

SHA512
fda6fd8b7bcab48433047319e89181a45b05d363d7d00fd77edb6afc3ab2d3c10319bcee123eb72a9395f4d09900fc605e26b45de3917236f7c9289cf752f55a

Download Submit
/data/data/com.wsw.cospa/files/.jglogs/.jg.di
Filesize
340B

MD5
fb0715c350fe753f2e7740b53471e919

SHA1
7651696bfe3b1cc02125816cf8fdd9b4551efa0b

SHA256
3bf3e837eb3edbd2c513e5f1532b66cd6aab3663ddfe705ee78c052f88004c24

SHA512
2cc3176fb4af07cf1adb1fb594b9c372209f349a85d826e347556784ed04f94e99c088b1606d2cdea1c59a8a82d679ca3b42768d213d58b691eed7faefd2bad1

Download Submit
/data/data/com.wsw.cospa/files/.jglogs/.jg.di
Filesize
340B

MD5
1246844b445e22988d1901f7d69d0947

SHA1
d8416d346fd18db9295779961cd113494bfd3a09

SHA256
703f73f61c82748e100076a0685e91f8430e1c8e5cf9e33cec9d7651d13bebff

SHA512
221425bf0c441d10be712e021874ba8fc91aef970cceb631ede29bb66828434f25e6fad334eb00d06d2cbae2852f0681b84f4ab334d370b40729eaf243a89db7

Download Submit
/data/data/com.wsw.cospa/files/.jglogs/.jg.ic
Filesize
40B

MD5
8761d66d316646eecaef5f2baf7554f1

SHA1
48e20c2d755957fefe12870be579fa3abd8b24e4

SHA256
dbccc8ab79e579286e86f31cff13d0ad3bf3594d61cdba4510052e4cde8bf75e

SHA512
004df6aa91197768a0722a4045b88aa433ddafda52da21eee36b9037d32afeeb6c72f4f1097083f7c1f982882c2028538bb2d6a84cc64b58cdcda8c0ae2da660

Download Submit
/data/data/com.wsw.cospa/files/.jglogs/.jg.rd
Filesize
73B

MD5
5feb1ea91acf9df739bdcd039acf16ec

SHA1
4595ada233077f2ec67b77c12fc4ec7cf4c37297

SHA256
68b41f16682b0d6c19e5d06d055114e59b5fb8db29042dda6b8e0b0d04aa7dfc

SHA512
024ecdd0c13e9c43ef1796c3bf33ea6355245100a85f6027689742998ea323dda2c6141ac6b711b564f5b6fab88f8f1a89de82117cfa1f27e4c63018b5eea36a

Download Submit
/data/data/com.wsw.cospa/files/.jglogs/.jg.ri
Filesize
314B

MD5
3fa6a6ce027acfa99bdc8919c79eacec

SHA1
a35cd4bbcb15fc5311e09c5d1f07688dfe7fecd9

SHA256
b4ebfa7d7c94fdd9eb0537d8ea6ed0eae1124f185d13126d4392d872f7fc829d

SHA512
ea5f9efcdb54dc7c206b9a6e86459109a1a92668b8f335382798dd5f5c5560ce3bb9437b156c03df961c0d35b1f57044b783667e4f6be8824d4030199ab5dbb2

Download Submit
/data/data/com.wsw.cospa/files/.jglogs/.jg.store
Filesize
127B

MD5
0aa0789335b8846d593456b2803314b4

SHA1
e2383ee927f1f97423c407dfd8f147136a765e8c

SHA256
8526d0be07358e4b2931e8a7b7565e94843083825a59a22dd4453a05ff258bae

SHA512
e3fb558739a92035dc209ff1e4dab2e7f5f506554bdace45c0763a747750412e376f34f97313686434e14aa307166f39b98feb34bd692e092ef7c7521de444ce

Download Submit
/data/data/com.wsw.cospa/files/.jglogs/.jg.store
Filesize
32B

MD5
448e391c59eef34ee1defbe4dee4c41f

SHA1
df1f890987371d7d8e6963c68b787856e42bc146

SHA256
55612e17689f4bb05f27e18b4f6d06ffef92a6a8893a5cfdd3d5b99a6028b549

SHA512
ce336ce895ba861dda7da27e8869dea065eb3c3403cac55cdf1935409e5ebc95b495370f87ed7416af20af533b15615472e333ae9f2fd2713040f526835399b7

Download Submit
/data/data/com.wsw.cospa/files/.jiagu.lock
Filesize
27B

MD5
438914befb85d9f8710e05b6e960fa48

SHA1
eba6d388b98fffb1cc90e213adbe6cf0b59ecfb2

SHA256
b3be0319578fa41a5a972d098694a5707a80376991997341ca9a8dcb2164517e

SHA512
6c5d0f3660070b83e4fefa89f2547e4b067db7aad56da86dec94129873838a8f2dc67f6c36baf019b28244068c7c1cbbc40f3a4aba5eecaba0675c9e2dc9f581

Download Submit
/data/data/com.wsw.cospa/lib-main/dso_deps
Filesize
268B

MD5
c4274a8bb09d4ded32d0a26b213bcc75

SHA1
cf07299087d7b332ef403fcde553a8380f21a2e5

SHA256
22b0277f761198032ac88d48be444eea89774176818ba17c8eb2acea627b034f

SHA512
4da723b2c20fbe4d3aafd3c392609e219601bdc53544c90b590d250b8a47c946e3f7f4d599fc40a6592b890df9888fcb6c0089f91547e992fbba26562a040b16

Download Submit
/data/data/com.wsw.cospa/lib-main/dso_manifest
Filesize
5B

MD5
c06857e9ea338f3f3a24bb78f8fbdf6f

SHA1
c5a0a2529d2deb60fec041b4fbd722a2ebe31702

SHA256
957b88b12730e646e0f33d3618b77dfa579e8231e3c59c7104be7165611c8027

SHA512
29f61516876c25379a7bf4faa2b3ca6f6b53eac90e7de47671fec4a818d51441b4025cd7909f7c0a0d113ab6c5ff00cb3700c286bac7319185b77905feec4fb1

Download Submit
/data/data/com.wsw.cospa/lib-main/dso_state
Filesize
1B

MD5
93b885adfe0da089cdf634904fd59f71

SHA1
5ba93c9db0cff93f52b521d7420e43f6eda2784f

SHA256
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

SHA512
b8244d028981d693af7b456af8efa4cad63d282e19ff14942c246e50d9351d22704a802a71c3580b6370de4ceb293c324a8423342557d4e5c38438f0e36910ee

Download Submit
/data/data/com.wsw.cospa/lib-main/dso_state
Filesize
1B

MD5
55a54008ad1ba589aa210d2629c1df41

SHA1
bf8b4530d8d246dd74ac53a13471bba17941dff7

SHA256
4bf5122f344554c53bde2ebb8cd2b7e3d1600ad631c385a5d7cce23c7785459a

SHA512
7b54b66836c1fbdd13d2441d9e1434dc62ca677fb68f5fe66a464baadecdbd00576f8d6b5ac3bcc80844b7d50b1cc6603444bbe7cfcf8fc0aa1ee3c636d9e339

Download Submit
/storage/emulated/0/360/.deviceId
Filesize
48B

MD5
1d8d16c4e3b19ebf18988530d9b9a757

SHA1
bc94c1cce05cd848a53271ecb9c5311e27ffebf5

SHA256
abd87140da8de3d0aa39a24a8d52bfe7b2eb28f7a3d505f205471c7e8f4964d7

SHA512
4562d1eedbc5c2dd7f25cd1c70343053fd451026403585182b142a64f17016c1bd0bf6ad51667b439b220e425640e55fbbda08517e7106376cdc220a4555da82

Download Submit
/storage/emulated/0/360/.iddata
Filesize
32B

MD5
d31403f317a40d5b3d77abd513abd555

SHA1
bfd308022da9e0e2096bda0b9de0488e3d5b00b4

SHA256
a9a9cb9583e194008c869f0d4e0cf0eb940a84e207477e2fd2df8cf5564753ca

SHA512
fd91ba491056eee858d61d8c4450ffb9f5db7466b7a3bac2d3fa488063b5dad37161c36b89a8cb205abf8133bab217983e8d6d2a46ca7521b38cb06d5ec89fde

Download Submit