Analysis Overview
SHA256
e5e31186fff8498590d7c8ba9aac784f84d5bd82867ba0c37112260f6f312043
Threat Level: Shows suspicious behavior
The file 84da1c0827485fae82eccead3341bf4f_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Queries information about running processes on the device
Queries the phone number (MSISDN for GSM devices)
Requests cell location
Loads dropped Dex/Jar
Queries the unique device ID (IMEI, MEID, IMSI)
Queries information about active data network
Queries information about the current Wi-Fi connection
Requests dangerous framework permissions
Registers a broadcast receiver at runtime (usually for listening for system events)
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-02 05:48
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. | android.permission.SYSTEM_ALERT_WINDOW | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read the user's calendar data. | android.permission.READ_CALENDAR | N/A | N/A |
| Allows an application to write the user's calendar data. | android.permission.WRITE_CALENDAR | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. | android.permission.SYSTEM_ALERT_WINDOW | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. | android.permission.SYSTEM_ALERT_WINDOW | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. | android.permission.SYSTEM_ALERT_WINDOW | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-02 05:48
Reported
2024-11-02 05:51
Platform
android-x86-arm-20240910-en
Max time kernel
3s
Max time network
157s
Command Line
Signatures
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.ddy.qmgslm.mi/app_mimo/mimo_asset.apk | N/A | N/A |
| N/A | /data/user/0/com.ddy.qmgslm.mi/cache/mubiao/SDK1830_dex.jar | N/A | N/A |
| N/A | /data/user/0/com.ddy.qmgslm.mi/cache/mubiao/SDK1830_dex.jar | N/A | N/A |
| N/A | /data/user/0/com.ddy.qmgslm.mi/app_analytics/analytics.apk | N/A | N/A |
Queries information about running processes on the device
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
Queries the phone number (MSISDN for GSM devices)
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Queries the unique device ID (IMEI, MEID, IMSI)
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Processes
com.ddy.qmgslm.mi
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.ddy.qmgslm.mi/cache/mubiao/SDK1830_dex.jar --output-vdex-fd=78 --oat-fd=81 --oat-location=/data/user/0/com.ddy.qmgslm.mi/cache/mubiao/oat/x86/SDK1830_dex.odex --compiler-filter=quicken --class-loader-context=&
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | sdkconfig.ad.xiaomi.com | udp |
| NL | 20.33.39.104:443 | sdkconfig.ad.xiaomi.com | tcp |
| NL | 20.33.39.104:443 | sdkconfig.ad.xiaomi.com | tcp |
| US | 1.1.1.1:53 | zeus.ad.xiaomi.com | udp |
| NL | 20.47.97.231:443 | zeus.ad.xiaomi.com | tcp |
| US | 1.1.1.1:53 | file.market.xiaomi.com | udp |
| GB | 23.56.238.88:80 | file.market.xiaomi.com | tcp |
| GB | 23.56.238.88:443 | file.market.xiaomi.com | tcp |
| US | 1.1.1.1:53 | f1.market.xiaomi.com | udp |
| US | 1.1.1.1:53 | f5.market.xiaomi.com | udp |
| US | 152.199.21.175:443 | f5.market.xiaomi.com | tcp |
| US | 152.199.21.175:443 | f5.market.xiaomi.com | tcp |
| CN | 47.105.111.65:80 | tcp | |
| US | 1.1.1.1:53 | sdkconfig.xiaomi.com | udp |
| US | 1.1.1.1:53 | sdkconfig.intl.xiaomi.com | udp |
| NL | 20.33.39.104:443 | sdkconfig.intl.xiaomi.com | tcp |
| NL | 20.33.39.105:443 | sdkconfig.intl.xiaomi.com | tcp |
| GB | 142.250.200.46:443 | tcp | |
| GB | 142.250.200.46:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.204.78:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| GB | 142.250.187.196:80 | tcp | |
| GB | 142.250.178.4:443 | tcp | |
| GB | 142.250.187.195:80 | tcp | |
| GB | 142.250.187.234:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 142.250.187.234:443 | semanticlocation-pa.googleapis.com | tcp |
Files
/data/data/com.ddy.qmgslm.mi/app_mimo/mimo_asset.apk
| MD5 | bf0be21e40885f5f682349db415ba2f8 |
| SHA1 | 823bcad773983ab798565f7b64b95783dce14d80 |
| SHA256 | aca4c8f0522c09a77bcc790b10c772611525456cc88da97b0240ffdfe1c4a2eb |
| SHA512 | 3c837718ddcc19885e00d54f9b7c336d83406571affdf64411e85a1ca317d67399e1cd56c5472a725568897dcd45bc5d94b87747be72b15e37e565034544be81 |
/data/user/0/com.ddy.qmgslm.mi/app_mimo/mimo_asset.apk
| MD5 | 5a15af670a78139158914e6c23a74dab |
| SHA1 | 86ebd3ce9d7b325aaf25daa601b79ef10bdc0ac4 |
| SHA256 | 454d49ed08121de604effae547020357ca79798a558451b688481aea9c7383b2 |
| SHA512 | b8b6e18f68edeb80ddc14ccdac1ecc8e0523083f55da52da4baf86a75d255cab1b47e25265e5e5668c9ba583a18feddffcd41db1dc2fe0945e2c1b723421ce1d |
/data/data/com.ddy.qmgslm.mi/cache/top.zip
| MD5 | 7c2b7bb3a3882c90db54a2401542c506 |
| SHA1 | b1b5828d2394d2af926726df72e252d7017f5425 |
| SHA256 | 2210f072d4a1af9f74e16e30dd7f03c98b011380aa43c335fd2f9c6904b28d28 |
| SHA512 | 398ff41cd84f267aa82ecde1c32f3b5afa5d7c68a458783f7f4670400ed513f074a96247030f7ac5fcbda17d87aa5afc77c6584a0c2cc92300f3953f35a692ab |
/data/data/com.ddy.qmgslm.mi/cache/mubiao/SDK1830_dex.jar
| MD5 | 8150db917306f1642f2294889378ca00 |
| SHA1 | 5d8ff47ef804ad22522211fffb6fa03ceb8c9a1f |
| SHA256 | 7664b5d6ef65c86d3551db06ceea123c8d98a70072f17889980c72150aedc29a |
| SHA512 | c517294004cf525f39095b233fefb9f918f80e9a5b50b71fd0e49d7a9e26cc81d1d068c50fdc937d206da4b15898d0575f923c014ad740d3a3de72250d4ed1d4 |
/data/data/com.ddy.qmgslm.mi/cache/mubiao/bjddy.txt
| MD5 | 5b2bade469748e3374cfae55ff888421 |
| SHA1 | efceacb62c4ba6627c6ee0c38d17889b6349a071 |
| SHA256 | 445cd83b75ce6553a38547d6cab9bd8c88ce62fb2646ad2100e02f84b95ae04d |
| SHA512 | b99635e86930e7c7110650b94fdeadc3942404eb2a862406cee0c7484842aa1fbf330b298b9979dcb5de49330840be716b01e47506b6a39489a2032aafa32730 |
/data/data/com.ddy.qmgslm.mi/app_mimo/mimo_download.apk.tmp
| MD5 | 3e86b24cfe8ea3644e3a6bb2f3bc75a1 |
| SHA1 | 7881136fb412166d04ad5b6c4fdb9550a66fd99f |
| SHA256 | 1b01837a2b9004309bff95248adc60d39ffdadc90e52ebf645b2c5ce76f28bc7 |
| SHA512 | 40ec714867b4a3e0aaa920abb648f331ce43e8bef442e782eff5ebaacb1052785e681c23b85f6ec50bc4e57e5b9924e61ca4fd72589f810ce8c670b5094b612b |
/data/data/com.ddy.qmgslm.mi/app_analytics/analytics.apk.tmp
| MD5 | dada334a335ffebdb3ffb5905ec57e0c |
| SHA1 | bebd385b1356a1f5c840f41a516c866768c9b1a7 |
| SHA256 | df954f00ca2e742573b431e1128ce725bad3f37073c4ec7c7916a522324058ff |
| SHA512 | 5f60e27cf4cda6a5f5240bb241b4300655a92d3f4f00930749b28906fb16dd665f94a59656ce175044f185fc6987e5a5d26a748e50b8fc532eaa61094dd87630 |
/data/user/0/com.ddy.qmgslm.mi/cache/mubiao/SDK1830_dex.jar
| MD5 | ef9e4942e81823a2a92ac17071ceb65e |
| SHA1 | 6e0cebc64c4ea4813e6f04aa8849f2e14b0ff114 |
| SHA256 | ff4d13f723f2ef6ca8e9497f506b381b6362a89f97f64bc077d26d7e22a39409 |
| SHA512 | a0b41ff9c51d58d8ace96b2cf1a58271a15d7ee5af0efe1d4da50316c4052611bad971dabe01ad2ee4f6f3ffc97e4ff9b1af28dddbb441da97bc76dd648c56a6 |
/data/user/0/com.ddy.qmgslm.mi/cache/mubiao/SDK1830_dex.jar
| MD5 | b1b860e2b03355f4ede444dfb9594e70 |
| SHA1 | ed9b15a431794f113675a93120db51242d0c2bbb |
| SHA256 | 52a4989788ad665c4b3b2c54605e73d7a992da2a6b7cb24078cac6d17a90d87e |
| SHA512 | 7846ce890f36e3368921f5463fdd38954e195d3af4f5afdd89be69a5c0511aa0a4616e67bcb6b8b9e9500ec440021bf76598334aaa775027d423937382fd531b |
/data/user/0/com.ddy.qmgslm.mi/app_analytics/analytics.apk
| MD5 | d55f8223492e988bb77d7ae79a0694b0 |
| SHA1 | 11ff0b520dc646ed002796df812e754099c7930b |
| SHA256 | 7e99efd9066858db3c0b7679dddcea79784afe107412ef5e5bee9377b478f52d |
| SHA512 | f3f2e6a7df827f2f4a51161476c319ed9c040f58df0119bcf725640a41d6ac6e969ea86fc683a60ea8acf6d9c12ad2ba904c5d6541146d87e856095b1632aed7 |
/data/data/com.ddy.qmgslm.mi/files/suryua_d/suryua_f.zip
| MD5 | 43512117ab2deaee3f0c7acc3cca56c7 |
| SHA1 | fb5abfec28be51d96839c035e99b5176d0dbb811 |
| SHA256 | a3c20c4fd85fdbe39be7f0fbc05c85a33f976cf8f4789dca8b34b96f7678196a |
| SHA512 | 9813180b502bcd3a2b5cca952acb213895c8c8b902bc8b81912f145ad1233fce366f99908f7cce5e1159260209e81590ff380124190347fcbed77f1d48bd3c1e |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-02 05:48
Reported
2024-11-02 05:51
Platform
android-x86-arm-20240910-en
Max time kernel
6s
Max time network
153s
Command Line
Signatures
Processes
com.miui.ad.mimo.plugin
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.187.206:443 | tcp | |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| GB | 172.217.16.234:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.204.78:443 | android.apis.google.com | tcp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-11-02 05:48
Reported
2024-11-02 05:51
Platform
android-x64-20240624-en
Max time kernel
7s
Max time network
155s
Command Line
Signatures
Processes
com.miui.ad.mimo.plugin
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.187.232:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.179.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.46:443 | android.apis.google.com | tcp |
| GB | 142.250.200.36:443 | tcp | |
| GB | 142.250.200.36:443 | tcp | |
| GB | 172.217.16.238:443 | tcp | |
| GB | 216.58.204.66:443 | tcp |
Files
Analysis: behavioral4
Detonation Overview
Submitted
2024-11-02 05:48
Reported
2024-11-02 05:51
Platform
android-x64-arm64-20240910-en
Max time kernel
6s
Max time network
153s
Command Line
Signatures
Processes
com.miui.ad.mimo.plugin
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.200.46:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.204.78:443 | android.apis.google.com | tcp |
| GB | 216.58.204.78:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | www.youtube.com | udp |
| GB | 142.250.187.238:443 | www.youtube.com | tcp |
| US | 216.239.36.223:443 | tcp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.187.232:443 | ssl.google-analytics.com | tcp |
| US | 216.239.36.223:443 | tcp | |
| GB | 142.250.187.225:443 | tcp | |
| US | 216.239.36.223:443 | tcp | |
| GB | 142.250.200.1:443 | tcp |