GroDDViewer: Cajino

Sample name: Cajino_B3814CA9E42681B32DAFE4A52E5BDA7A

Malware Family

Remote controlled spyware which uses Baidu Cloud Push notification messages

Sample description:

We can see the execution of the main process cajino.method.3. The process accessed the directory /mnt/sdcard/DCIM/Camera/ and created a file named file_list containing the listing of all SD card files. Unfortunately we cannot see any network activity, the server seems to be down.

File details:

  • MD5 : b3814ca9e42681b32dafe4a52e5bda7a
  • SHA256 : 31801dfbd7db343b1f7de70737bdbab2c5c66463ceb84ed7eeab8872e9629199
  • Size : 1.5 MB
View mode
System Flow Graph
Type: Group: Socket: .db-wal: .db-shm: .sqlite: .db-journal: .db: .xml: .tmp: .apk: .txt: .dex: .shaders_cache: .db-wal: .db-shm: .sqlite: .db-journal: .db: .xml: .tmp: .apk: .txt: .dex: .shaders_cache:
Grid Layout
Nb processes:
  • Graph legend
  • process
  • file
  • socket
Interactions frequency and zoom on time intervals
Min: 0 | Max: 1000 |
Current: 0
Speed: 500