Analysis
-
max time kernel
3s -
max time network
157s -
platform
android-9_x86 -
resource
android-x86-arm-20240910-en -
resource tags
arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system -
submitted
02/11/2024, 05:48
Static task
static1
Behavioral task
behavioral1
Sample
84da1c0827485fae82eccead3341bf4f_JaffaCakes118.apk
Resource
android-x86-arm-20240910-en
Behavioral task
behavioral2
Sample
mimo_asset.apk
Resource
android-x86-arm-20240910-en
Behavioral task
behavioral3
Sample
mimo_asset.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral4
Sample
mimo_asset.apk
Resource
android-x64-arm64-20240910-en
General
-
Target
84da1c0827485fae82eccead3341bf4f_JaffaCakes118.apk
-
Size
12.3MB
-
MD5
84da1c0827485fae82eccead3341bf4f
-
SHA1
4642d011d53c3e64207897c88c53d5785d8a0def
-
SHA256
e5e31186fff8498590d7c8ba9aac784f84d5bd82867ba0c37112260f6f312043
-
SHA512
8efc463c8898566ff9b52c4b833f0d9ad3f7a2bfdc38d338a79f1cc3e7b4d045daf08ca0f261a40a37003f284a12234c66ae31ee62ac76b9b338250987907eee
-
SSDEEP
196608:1Rv/0fY2lfiLYC4I5ip/AwBnsl8rjaCQl09NeB7jeEeXNrnR24YAfzfbgXYd:v7u04SA/7sCrjVQlugerNrkXAfzEX4
Malware Config
Signatures
-
Loads dropped Dex/Jar 1 TTPs 4 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.ddy.qmgslm.mi/app_mimo/mimo_asset.apk 4331 com.ddy.qmgslm.mi /data/user/0/com.ddy.qmgslm.mi/cache/mubiao/SDK1830_dex.jar 4400 /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.ddy.qmgslm.mi/cache/mubiao/SDK1830_dex.jar --output-vdex-fd=78 --oat-fd=81 --oat-location=/data/user/0/com.ddy.qmgslm.mi/cache/mubiao/oat/x86/SDK1830_dex.odex --compiler-filter=quicken --class-loader-context=& /data/user/0/com.ddy.qmgslm.mi/cache/mubiao/SDK1830_dex.jar 4331 com.ddy.qmgslm.mi /data/user/0/com.ddy.qmgslm.mi/app_analytics/analytics.apk 4331 com.ddy.qmgslm.mi -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.ddy.qmgslm.mi -
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.ddy.qmgslm.mi -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.ddy.qmgslm.mi -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.ddy.qmgslm.mi -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Requests dangerous framework permissions 1 IoCs
description ioc Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.ddy.qmgslm.mi
Processes
-
com.ddy.qmgslm.mi1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4331 -
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.ddy.qmgslm.mi/cache/mubiao/SDK1830_dex.jar --output-vdex-fd=78 --oat-fd=81 --oat-location=/data/user/0/com.ddy.qmgslm.mi/cache/mubiao/oat/x86/SDK1830_dex.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
PID:4400
-
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
577KB
MD5dada334a335ffebdb3ffb5905ec57e0c
SHA1bebd385b1356a1f5c840f41a516c866768c9b1a7
SHA256df954f00ca2e742573b431e1128ce725bad3f37073c4ec7c7916a522324058ff
SHA5125f60e27cf4cda6a5f5240bb241b4300655a92d3f4f00930749b28906fb16dd665f94a59656ce175044f185fc6987e5a5d26a748e50b8fc532eaa61094dd87630
-
Filesize
300KB
MD5bf0be21e40885f5f682349db415ba2f8
SHA1823bcad773983ab798565f7b64b95783dce14d80
SHA256aca4c8f0522c09a77bcc790b10c772611525456cc88da97b0240ffdfe1c4a2eb
SHA5123c837718ddcc19885e00d54f9b7c336d83406571affdf64411e85a1ca317d67399e1cd56c5472a725568897dcd45bc5d94b87747be72b15e37e565034544be81
-
Filesize
400KB
MD53e86b24cfe8ea3644e3a6bb2f3bc75a1
SHA17881136fb412166d04ad5b6c4fdb9550a66fd99f
SHA2561b01837a2b9004309bff95248adc60d39ffdadc90e52ebf645b2c5ce76f28bc7
SHA51240ec714867b4a3e0aaa920abb648f331ce43e8bef442e782eff5ebaacb1052785e681c23b85f6ec50bc4e57e5b9924e61ca4fd72589f810ce8c670b5094b612b
-
Filesize
20KB
MD58150db917306f1642f2294889378ca00
SHA15d8ff47ef804ad22522211fffb6fa03ceb8c9a1f
SHA2567664b5d6ef65c86d3551db06ceea123c8d98a70072f17889980c72150aedc29a
SHA512c517294004cf525f39095b233fefb9f918f80e9a5b50b71fd0e49d7a9e26cc81d1d068c50fdc937d206da4b15898d0575f923c014ad740d3a3de72250d4ed1d4
-
Filesize
29B
MD55b2bade469748e3374cfae55ff888421
SHA1efceacb62c4ba6627c6ee0c38d17889b6349a071
SHA256445cd83b75ce6553a38547d6cab9bd8c88ce62fb2646ad2100e02f84b95ae04d
SHA512b99635e86930e7c7110650b94fdeadc3942404eb2a862406cee0c7484842aa1fbf330b298b9979dcb5de49330840be716b01e47506b6a39489a2032aafa32730
-
Filesize
20KB
MD57c2b7bb3a3882c90db54a2401542c506
SHA1b1b5828d2394d2af926726df72e252d7017f5425
SHA2562210f072d4a1af9f74e16e30dd7f03c98b011380aa43c335fd2f9c6904b28d28
SHA512398ff41cd84f267aa82ecde1c32f3b5afa5d7c68a458783f7f4670400ed513f074a96247030f7ac5fcbda17d87aa5afc77c6584a0c2cc92300f3953f35a692ab
-
Filesize
619KB
MD543512117ab2deaee3f0c7acc3cca56c7
SHA1fb5abfec28be51d96839c035e99b5176d0dbb811
SHA256a3c20c4fd85fdbe39be7f0fbc05c85a33f976cf8f4789dca8b34b96f7678196a
SHA5129813180b502bcd3a2b5cca952acb213895c8c8b902bc8b81912f145ad1233fce366f99908f7cce5e1159260209e81590ff380124190347fcbed77f1d48bd3c1e
-
Filesize
1.2MB
MD5d55f8223492e988bb77d7ae79a0694b0
SHA111ff0b520dc646ed002796df812e754099c7930b
SHA2567e99efd9066858db3c0b7679dddcea79784afe107412ef5e5bee9377b478f52d
SHA512f3f2e6a7df827f2f4a51161476c319ed9c040f58df0119bcf725640a41d6ac6e969ea86fc683a60ea8acf6d9c12ad2ba904c5d6541146d87e856095b1632aed7
-
Filesize
504KB
MD55a15af670a78139158914e6c23a74dab
SHA186ebd3ce9d7b325aaf25daa601b79ef10bdc0ac4
SHA256454d49ed08121de604effae547020357ca79798a558451b688481aea9c7383b2
SHA512b8b6e18f68edeb80ddc14ccdac1ecc8e0523083f55da52da4baf86a75d255cab1b47e25265e5e5668c9ba583a18feddffcd41db1dc2fe0945e2c1b723421ce1d
-
Filesize
47KB
MD5b1b860e2b03355f4ede444dfb9594e70
SHA1ed9b15a431794f113675a93120db51242d0c2bbb
SHA25652a4989788ad665c4b3b2c54605e73d7a992da2a6b7cb24078cac6d17a90d87e
SHA5127846ce890f36e3368921f5463fdd38954e195d3af4f5afdd89be69a5c0511aa0a4616e67bcb6b8b9e9500ec440021bf76598334aaa775027d423937382fd531b
-
Filesize
47KB
MD5ef9e4942e81823a2a92ac17071ceb65e
SHA16e0cebc64c4ea4813e6f04aa8849f2e14b0ff114
SHA256ff4d13f723f2ef6ca8e9497f506b381b6362a89f97f64bc077d26d7e22a39409
SHA512a0b41ff9c51d58d8ace96b2cf1a58271a15d7ee5af0efe1d4da50316c4052611bad971dabe01ad2ee4f6f3ffc97e4ff9b1af28dddbb441da97bc76dd648c56a6