Analysis

  • max time kernel
    151s
  • max time network
    160s
  • platform
    android_x86
  • resource
    android-x86-arm-20240506-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240506-enlocale:en-usos:android-9-x86system
  • submitted
    13/05/2024, 07:10

General

  • Target

    3e4bbcad8ce24fe210763e1f36b55cca_JaffaCakes118.apk

  • Size

    13.7MB

  • MD5

    3e4bbcad8ce24fe210763e1f36b55cca

  • SHA1

    e42a51d5111c7f908d16bb3e66d3399c3403d2f6

  • SHA256

    d20999fe7bc1e64f73f2174a6901889ddb5aed9966c3745dda3a55575a7354be

  • SHA512

    1313e2c7667d5d97990826c62af3e8eb5a38d89c02b1bf7e679fccbe1811119fe20aca2cee12db32ccefd9efc0a7fcd5b63924bba131b6b12409531a638c8c8b

  • SSDEEP

    393216:KbyhdmZZ4hDpF9xybr1RRHBRrULPL/4uTCh4OrGuKc:dhws79yTRHB0sYChZrGuKc

Malware Config

Signatures

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
  • Requests cell location 2 TTPs 2 IoCs

    Uses Android APIs to to get current cell location.

  • Checks CPU information 2 TTPs 3 IoCs

    Checks CPU information which indicate if the system is an emulator.

  • Queries information about running processes on the device 1 TTPs 3 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Queries information about the current nearby Wi-Fi networks 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 3 IoCs
  • Checks if the internet connection is available 1 TTPs 3 IoCs
  • Reads information about phone network operator. 1 TTPs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

Processes

  • com.baidu.tieba
    1⤵
    • Requests cell location
    • Checks CPU information
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Queries information about the current nearby Wi-Fi networks
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4187
  • com.baidu.tieba:remote
    1⤵
    • Requests cell location
    • Checks CPU information
    • Queries information about running processes on the device
    • Queries information about the current nearby Wi-Fi networks
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    PID:4246
  • com.baidu.tieba:bdservice_v1
    1⤵
    • Checks CPU information
    • Queries information about running processes on the device
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4280

Network

        MITRE ATT&CK Mobile v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /data/data/com.baidu.tieba/databases/baidu_tieba.db

          Filesize

          32KB

          MD5

          1c4274aa7a9a5cac8c6d1df71e4588c6

          SHA1

          abaecd685e01cc68801292e3dc7085654a22feba

          SHA256

          3f6cd5f480ae69859b7841450f3d032c528ba385ebf9f371b9c8fdc6eb4231be

          SHA512

          1adb95935798607bd36cedcd183924d3068f50097d017b278da7caee7771532b61ec3606f6189b6dec8426eb038fe40be75079ce35894b1a8e0d1d815261150c

        • /data/data/com.baidu.tieba/databases/baidu_tieba.db-journal

          Filesize

          512B

          MD5

          25add4371082e499d838e835ad7cc44e

          SHA1

          05f4c3ab9611b5faaadfcfcfa2026c8cdceae201

          SHA256

          75ca7a505479d545f62c56e7c97437140d9e37ea70d46f0c7eb1f018289400b4

          SHA512

          ee728cac1dc06fea32b79255944d4b57a96621030f8c611ca51b74808485f09d8ccbca35122037742f930d4941fdcf9c9d7ad3f15292cb462fd825040ed1cbaa

        • /data/data/com.baidu.tieba/databases/baidu_tieba.db-shm

          Filesize

          32KB

          MD5

          44cf4841a8160e2e320386da26c33b3a

          SHA1

          854e59ec1da1afc22911898980c394588076a1e9

          SHA256

          8ec16e52fb43c1bffc6c405de74cb017f935d69ccfea0de6f10e564d82be5e65

          SHA512

          f95d40086a6d0469d3b6e242b73a08ff8d1f80f80140851afa68efe1b28809017c4ed55a4237c48a23fffef9e0533ee106b30483ef1d1d74cffcae5b0542c90a

        • /data/data/com.baidu.tieba/databases/baidu_tieba.db-wal

          Filesize

          84KB

          MD5

          bb93479b6504023ff67835a5aea859d8

          SHA1

          8fb13b890b4f6dc0e771f861c58b0c1740f200d1

          SHA256

          fef098ddf35b2d31bade12e44ce077639e17c5c6c87614965c4887f2406d3f72

          SHA512

          fbcf7e21fc82ace1ed89f821766d2db09d20c04e9e87674ac6d23fa67e5f520d267dfadd51c3158a6bdd461461c63f71a51f64be877b77bccb2815b825842244

        • /data/data/com.baidu.tieba/databases/moplus_server_config.db

          Filesize

          4KB

          MD5

          f2b4b0190b9f384ca885f0c8c9b14700

          SHA1

          934ff2646757b5b6e7f20f6a0aa76c7f995d9361

          SHA256

          0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

          SHA512

          ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

        • /data/data/com.baidu.tieba/files/__local_last_session.json

          Filesize

          96B

          MD5

          ac27e21b1639506ef88893c4836643b6

          SHA1

          5edc0adeb5df5ecaf299673b3c1996cd2e00f0ed

          SHA256

          c133fd8a32120f5241cdae2c908133dec9c4577e2dc406f931b65c41dc1f1bcd

          SHA512

          94385f890cad9510478682e28540a749ba3bff6420bd8b5a19d6bea0d0894a5e7091510e36b2ea2602a4da9f9757332fedbc1d43c513af0f435ef54a1994f466

        • /data/data/com.baidu.tieba/files/__local_stat_cache.json

          Filesize

          25B

          MD5

          2d805b13f2f28dc3ca9bbcc000f49bb5

          SHA1

          9eac165b4d81258fd3967cde5cc53b53b1dabcb1

          SHA256

          c8a6624f390568f0ddcb9841336aec6a564460fdaf6624e562b32935b8956f19

          SHA512

          5db8c57bab36bcf9db698c1dce70318cbffc156dd1d1c1e09e5b7ba60aff07b598ebbf26c4bd8a2b03bd6e59ef2dde2d944a22a8d8a19ecc8378e83afb7c83b0

        • /data/data/com.baidu.tieba/files/loginshare.json

          Filesize

          32KB

          MD5

          d6985c20c48b48c83f4c1821887f1501

          SHA1

          10a928a90d6dead7f1c5d3279559a89172122015

          SHA256

          deed3c79f551d237107c55039601059046f8d43960e411f03d5595dc5081be22

          SHA512

          c9757db534a962031da82790816df83fc1719c36a576f766e038f139ffbbb5ea92c9822982d31d119342a98ddbfb090c2125924b551ca1fbed95340635f71a8e

        • /storage/emulated/0/baidu/.cuid

          Filesize

          28KB

          MD5

          160b7c883021e0e27095aa08f57a29db

          SHA1

          63a7f03d3b1aec69a1334851a4dac838122a2229

          SHA256

          4fbeccdbf61df4bc45dfa7c0790a6521112f02708cd32206e046efc987dc7224

          SHA512

          aa64b37f717c3e086afb53cc84a443e35ccf450e258303f16120c19364db884e17abab80ecbcd771960175edbeb0dd437eb038b0849123fcc730f1d5cb3a5f26

        • /storage/emulated/0/tieba/from.dat

          Filesize

          512B

          MD5

          fc2b08aa4eb24dcda6428cb406c2a1cc

          SHA1

          0affca5f6b8b81de454d874e6eb72fde19af9cdf

          SHA256

          08eecf8875faf78d90ad81ae6d75be420b0c8f52d89cf7cc93011b1b6623f705

          SHA512

          c0a74697c273d95cdf51feb0c68770a2e12bf939900eede490a335a12afdc4233cd588b84789cbf4f9b44cf206427986d8fa163f4a6363d436a4dc95ae2cfafa