Analysis
-
max time kernel
159s -
max time network
168s -
platform
android_x64 -
resource
android-x64-20240506-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240506-enlocale:en-usos:android-10-x64system -
submitted
13/05/2024, 07:10
Static task
static1
Behavioral task
behavioral1
Sample
3e4bbcad8ce24fe210763e1f36b55cca_JaffaCakes118.apk
Resource
android-x86-arm-20240506-en
Behavioral task
behavioral2
Sample
3e4bbcad8ce24fe210763e1f36b55cca_JaffaCakes118.apk
Resource
android-x64-20240506-en
General
-
Target
3e4bbcad8ce24fe210763e1f36b55cca_JaffaCakes118.apk
-
Size
13.7MB
-
MD5
3e4bbcad8ce24fe210763e1f36b55cca
-
SHA1
e42a51d5111c7f908d16bb3e66d3399c3403d2f6
-
SHA256
d20999fe7bc1e64f73f2174a6901889ddb5aed9966c3745dda3a55575a7354be
-
SHA512
1313e2c7667d5d97990826c62af3e8eb5a38d89c02b1bf7e679fccbe1811119fe20aca2cee12db32ccefd9efc0a7fcd5b63924bba131b6b12409531a638c8c8b
-
SSDEEP
393216:KbyhdmZZ4hDpF9xybr1RRHBRrULPL/4uTCh4OrGuKc:dhws79yTRHB0sYChZrGuKc
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Requests cell location 2 TTPs 2 IoCs
Uses Android APIs to to get current cell location.
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.baidu.tieba Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.baidu.tieba:remote -
Checks CPU information 2 TTPs 3 IoCs
Checks CPU information which indicate if the system is an emulator.
description ioc Process File opened for read /proc/cpuinfo com.baidu.tieba File opened for read /proc/cpuinfo com.baidu.tieba:remote File opened for read /proc/cpuinfo com.baidu.tieba:bdservice_v1 -
Queries information about running processes on the device 1 TTPs 3 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.baidu.tieba Framework service call android.app.IActivityManager.getRunningAppProcesses com.baidu.tieba:remote Framework service call android.app.IActivityManager.getRunningAppProcesses com.baidu.tieba:bdservice_v1 -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.baidu.tieba -
Queries information about the current nearby Wi-Fi networks 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
description ioc Process Framework service call android.net.wifi.IWifiManager.getScanResults com.baidu.tieba Framework service call android.net.wifi.IWifiManager.getScanResults com.baidu.tieba:remote -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 3 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.baidu.tieba:remote Framework service call android.app.IActivityManager.registerReceiver com.baidu.tieba:bdservice_v1 Framework service call android.app.IActivityManager.registerReceiver com.baidu.tieba -
Checks if the internet connection is available 1 TTPs 3 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.baidu.tieba Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.baidu.tieba:remote Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.baidu.tieba:bdservice_v1 -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.baidu.tieba Framework API call javax.crypto.Cipher.doFinal com.baidu.tieba:bdservice_v1
Processes
-
com.baidu.tieba1⤵
- Requests cell location
- Checks CPU information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:5092
-
com.baidu.tieba:remote1⤵
- Requests cell location
- Checks CPU information
- Queries information about running processes on the device
- Queries information about the current nearby Wi-Fi networks
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:5163
-
com.baidu.tieba:bdservice_v11⤵
- Checks CPU information
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:5199
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Execution Guardrails
1Geofencing
1Virtualization/Sandbox Evasion
1System Checks
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
72KB
MD521596029927ac7c89abad6d6eacb7588
SHA18d424136ff0d997349f1676d756128dec936643a
SHA2567e4fc50a4f32b4dfb872da0081fdc7bb65c79e1a99a4301a6fa5d05b8ffaba30
SHA51236d8e9131ab636d4489e1e5d976a195a6d50b68d6ba7fcbb479d7d4615313a2df18879acbabea778ffa342711ee7abeea9857d9b568b4368fd9ea5101b530362
-
Filesize
28KB
MD528816cc9580aa7128f2139409db99563
SHA15edd94a64317a876275cadaa0697c2243b9fb1dc
SHA25629aeb5130d0e09f8085534ef8eff746f64dcd052f333380405bd5be83cecb67d
SHA512848ffc4a67e1135da136083c7ad21f761c65f041d904cc7b87dc89b9905e378d7e3504d2b92df3fb1a84e1b847a86bf11b62dd199d81579e68f2855678681c1c
-
Filesize
8KB
MD55ef7b5e5987ee79fa45a62bb38cc918c
SHA1450bf9885e430508bb775f1b752aed57a5cd013b
SHA2562c4644863cc51989cce436a0f0be80ad0344d2cf4d99860e3e503ec6cd1c6ee9
SHA512452bca78df90fd0bfac68074504273daa4c710a199e27624849ad8228adb65c32dcd087b92985bded8ca6c24ba1e4f4404e47a7a9398f9b946d2480fed92ccf7
-
Filesize
8KB
MD5fcadb83d9ed351ebc1ef3908e6436d39
SHA1b186b56a14382799cfb6dc304fd8fc747e17d70e
SHA256213201efa12226f03bd3a55c90b050daa689a4d8150149bf7755d5c9038dd45c
SHA512470439b6ae2f2dd787c74d90e233acf52230f4bf9cb5a703c42707a624ee82ac64a124833965bfb1ff24502cc00ab23d657221bcfab4d0e1c0cdcbc75d765cff
-
Filesize
16KB
MD558065a2ca12783b9aa02e912cfe4e736
SHA104005d2c730cc4c2d10fa50271ef140400966c6e
SHA25600a58846dbcefb9c134f43c8925d90243a039d2e7097287380b8bf0847677375
SHA5126749c3495eb96cb9a93182391908857fc3487beaa77a85de1c0b18a36c4c54ae1a593b3765eef4fd78803e4e6d83da48bfc7fd4d52d8733bb3c795716e8c431c
-
Filesize
8KB
MD5efc95d23b588b91e1fbb94ca48acc9a2
SHA1acd057c847e41526ace3a0a8b90cbad633610f2d
SHA256d637107994232c106969538dd34e09f11f5ca13ba52d69562bb4ea64d0d9a99f
SHA5121c69cdf8eb3723ac427e98de32237eb421af8d36560b649019f002bfb2c123318c499cd373f14521d8467c6a404188addac220d11df293494e7f3fab9fac722d
-
Filesize
12KB
MD50c90e0663e1aa1977fd01f739af1c57f
SHA1be3fea90525734a5e754a0c548bef4351bb1e242
SHA256986a3ee872b35054c9f339457018f021fba516a27628ba8c1732578dfd6b1423
SHA5128326be6adc5ef1a4f0747543f822c79e362a81cedcab72abce7c9bc3f2846c4075d665427e3f59021a509eac6ed087a482de768930073e39a163ac2612c72088
-
Filesize
20KB
MD51f0ab587f8372d3a9a42cccf8eeebde1
SHA1011876ab57195f37912145fda980d2d7da0fb2f3
SHA256c9935ecb53fff36fc3cb07a58c52d4e113c9c6f1dab657db9a682b807dec5913
SHA512e1afbab1d66c80fa0cd40f8fa3d0752ccbb101cd1de40f04892d54860f466f8805dd07689a47b7945963c378de5374ad5d0d9965a6511498ab40b91e8fcc8a47
-
Filesize
512B
MD5b0b0c1519f139d8a3fdf2179dfd33e35
SHA18c679a738e9f87f6289c17da07d0ad951c6a2ccc
SHA256e8fe88935be22ea45ac4bf713a45da225363238ea2fdabed31ec5be22d2db9fd
SHA512abba6b3429094b51e070d42cf448ab2ad1e7b93f51740187f15a249425011c827e30af028c65acc0584ba17de860763cd3da4185a1d2f03bb84032d703e045ae