Analysis
-
max time kernel
151s -
max time network
160s -
platform
android_x86 -
resource
android-x86-arm-20240506-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240506-enlocale:en-usos:android-9-x86system -
submitted
13/05/2024, 07:10
Static task
static1
Behavioral task
behavioral1
Sample
3e4bbcad8ce24fe210763e1f36b55cca_JaffaCakes118.apk
Resource
android-x86-arm-20240506-en
Behavioral task
behavioral2
Sample
3e4bbcad8ce24fe210763e1f36b55cca_JaffaCakes118.apk
Resource
android-x64-20240506-en
General
-
Target
3e4bbcad8ce24fe210763e1f36b55cca_JaffaCakes118.apk
-
Size
13.7MB
-
MD5
3e4bbcad8ce24fe210763e1f36b55cca
-
SHA1
e42a51d5111c7f908d16bb3e66d3399c3403d2f6
-
SHA256
d20999fe7bc1e64f73f2174a6901889ddb5aed9966c3745dda3a55575a7354be
-
SHA512
1313e2c7667d5d97990826c62af3e8eb5a38d89c02b1bf7e679fccbe1811119fe20aca2cee12db32ccefd9efc0a7fcd5b63924bba131b6b12409531a638c8c8b
-
SSDEEP
393216:KbyhdmZZ4hDpF9xybr1RRHBRrULPL/4uTCh4OrGuKc:dhws79yTRHB0sYChZrGuKc
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Requests cell location 2 TTPs 2 IoCs
Uses Android APIs to to get current cell location.
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.baidu.tieba Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.baidu.tieba:remote -
Checks CPU information 2 TTPs 3 IoCs
Checks CPU information which indicate if the system is an emulator.
description ioc Process File opened for read /proc/cpuinfo com.baidu.tieba File opened for read /proc/cpuinfo com.baidu.tieba:remote File opened for read /proc/cpuinfo com.baidu.tieba:bdservice_v1 -
Queries information about running processes on the device 1 TTPs 3 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.baidu.tieba:remote Framework service call android.app.IActivityManager.getRunningAppProcesses com.baidu.tieba:bdservice_v1 Framework service call android.app.IActivityManager.getRunningAppProcesses com.baidu.tieba -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.baidu.tieba -
Queries information about the current nearby Wi-Fi networks 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
description ioc Process Framework service call android.net.wifi.IWifiManager.getScanResults com.baidu.tieba Framework service call android.net.wifi.IWifiManager.getScanResults com.baidu.tieba:remote -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 3 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.baidu.tieba:remote Framework service call android.app.IActivityManager.registerReceiver com.baidu.tieba:bdservice_v1 Framework service call android.app.IActivityManager.registerReceiver com.baidu.tieba -
Checks if the internet connection is available 1 TTPs 3 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.baidu.tieba Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.baidu.tieba:remote Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.baidu.tieba:bdservice_v1 -
Reads information about phone network operator. 1 TTPs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.baidu.tieba Framework API call javax.crypto.Cipher.doFinal com.baidu.tieba:bdservice_v1
Processes
-
com.baidu.tieba1⤵
- Requests cell location
- Checks CPU information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4187
-
com.baidu.tieba:remote1⤵
- Requests cell location
- Checks CPU information
- Queries information about running processes on the device
- Queries information about the current nearby Wi-Fi networks
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:4246
-
com.baidu.tieba:bdservice_v11⤵
- Checks CPU information
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4280
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Execution Guardrails
1Geofencing
1Virtualization/Sandbox Evasion
1System Checks
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
32KB
MD51c4274aa7a9a5cac8c6d1df71e4588c6
SHA1abaecd685e01cc68801292e3dc7085654a22feba
SHA2563f6cd5f480ae69859b7841450f3d032c528ba385ebf9f371b9c8fdc6eb4231be
SHA5121adb95935798607bd36cedcd183924d3068f50097d017b278da7caee7771532b61ec3606f6189b6dec8426eb038fe40be75079ce35894b1a8e0d1d815261150c
-
Filesize
512B
MD525add4371082e499d838e835ad7cc44e
SHA105f4c3ab9611b5faaadfcfcfa2026c8cdceae201
SHA25675ca7a505479d545f62c56e7c97437140d9e37ea70d46f0c7eb1f018289400b4
SHA512ee728cac1dc06fea32b79255944d4b57a96621030f8c611ca51b74808485f09d8ccbca35122037742f930d4941fdcf9c9d7ad3f15292cb462fd825040ed1cbaa
-
Filesize
32KB
MD544cf4841a8160e2e320386da26c33b3a
SHA1854e59ec1da1afc22911898980c394588076a1e9
SHA2568ec16e52fb43c1bffc6c405de74cb017f935d69ccfea0de6f10e564d82be5e65
SHA512f95d40086a6d0469d3b6e242b73a08ff8d1f80f80140851afa68efe1b28809017c4ed55a4237c48a23fffef9e0533ee106b30483ef1d1d74cffcae5b0542c90a
-
Filesize
84KB
MD5bb93479b6504023ff67835a5aea859d8
SHA18fb13b890b4f6dc0e771f861c58b0c1740f200d1
SHA256fef098ddf35b2d31bade12e44ce077639e17c5c6c87614965c4887f2406d3f72
SHA512fbcf7e21fc82ace1ed89f821766d2db09d20c04e9e87674ac6d23fa67e5f520d267dfadd51c3158a6bdd461461c63f71a51f64be877b77bccb2815b825842244
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
96B
MD5ac27e21b1639506ef88893c4836643b6
SHA15edc0adeb5df5ecaf299673b3c1996cd2e00f0ed
SHA256c133fd8a32120f5241cdae2c908133dec9c4577e2dc406f931b65c41dc1f1bcd
SHA51294385f890cad9510478682e28540a749ba3bff6420bd8b5a19d6bea0d0894a5e7091510e36b2ea2602a4da9f9757332fedbc1d43c513af0f435ef54a1994f466
-
Filesize
25B
MD52d805b13f2f28dc3ca9bbcc000f49bb5
SHA19eac165b4d81258fd3967cde5cc53b53b1dabcb1
SHA256c8a6624f390568f0ddcb9841336aec6a564460fdaf6624e562b32935b8956f19
SHA5125db8c57bab36bcf9db698c1dce70318cbffc156dd1d1c1e09e5b7ba60aff07b598ebbf26c4bd8a2b03bd6e59ef2dde2d944a22a8d8a19ecc8378e83afb7c83b0
-
Filesize
32KB
MD5d6985c20c48b48c83f4c1821887f1501
SHA110a928a90d6dead7f1c5d3279559a89172122015
SHA256deed3c79f551d237107c55039601059046f8d43960e411f03d5595dc5081be22
SHA512c9757db534a962031da82790816df83fc1719c36a576f766e038f139ffbbb5ea92c9822982d31d119342a98ddbfb090c2125924b551ca1fbed95340635f71a8e
-
Filesize
28KB
MD5160b7c883021e0e27095aa08f57a29db
SHA163a7f03d3b1aec69a1334851a4dac838122a2229
SHA2564fbeccdbf61df4bc45dfa7c0790a6521112f02708cd32206e046efc987dc7224
SHA512aa64b37f717c3e086afb53cc84a443e35ccf450e258303f16120c19364db884e17abab80ecbcd771960175edbeb0dd437eb038b0849123fcc730f1d5cb3a5f26
-
Filesize
512B
MD5fc2b08aa4eb24dcda6428cb406c2a1cc
SHA10affca5f6b8b81de454d874e6eb72fde19af9cdf
SHA25608eecf8875faf78d90ad81ae6d75be420b0c8f52d89cf7cc93011b1b6623f705
SHA512c0a74697c273d95cdf51feb0c68770a2e12bf939900eede490a335a12afdc4233cd588b84789cbf4f9b44cf206427986d8fa163f4a6363d436a4dc95ae2cfafa