Analysis

  • max time kernel
    159s
  • max time network
    168s
  • platform
    android_x64
  • resource
    android-x64-20240506-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240506-enlocale:en-usos:android-10-x64system
  • submitted
    13/05/2024, 07:10

General

  • Target

    3e4bbcad8ce24fe210763e1f36b55cca_JaffaCakes118.apk

  • Size

    13.7MB

  • MD5

    3e4bbcad8ce24fe210763e1f36b55cca

  • SHA1

    e42a51d5111c7f908d16bb3e66d3399c3403d2f6

  • SHA256

    d20999fe7bc1e64f73f2174a6901889ddb5aed9966c3745dda3a55575a7354be

  • SHA512

    1313e2c7667d5d97990826c62af3e8eb5a38d89c02b1bf7e679fccbe1811119fe20aca2cee12db32ccefd9efc0a7fcd5b63924bba131b6b12409531a638c8c8b

  • SSDEEP

    393216:KbyhdmZZ4hDpF9xybr1RRHBRrULPL/4uTCh4OrGuKc:dhws79yTRHB0sYChZrGuKc

Malware Config

Signatures

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
  • Requests cell location 2 TTPs 2 IoCs

    Uses Android APIs to to get current cell location.

  • Checks CPU information 2 TTPs 3 IoCs

    Checks CPU information which indicate if the system is an emulator.

  • Queries information about running processes on the device 1 TTPs 3 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Queries information about the current nearby Wi-Fi networks 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 3 IoCs
  • Checks if the internet connection is available 1 TTPs 3 IoCs
  • Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
  • Reads information about phone network operator. 1 TTPs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

Processes

  • com.baidu.tieba
    1⤵
    • Requests cell location
    • Checks CPU information
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Queries information about the current nearby Wi-Fi networks
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:5092
  • com.baidu.tieba:remote
    1⤵
    • Requests cell location
    • Checks CPU information
    • Queries information about running processes on the device
    • Queries information about the current nearby Wi-Fi networks
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    PID:5163
  • com.baidu.tieba:bdservice_v1
    1⤵
    • Checks CPU information
    • Queries information about running processes on the device
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:5199

Network

        MITRE ATT&CK Mobile v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /data/data/com.baidu.tieba/databases/baidu_tieba.db

          Filesize

          72KB

          MD5

          21596029927ac7c89abad6d6eacb7588

          SHA1

          8d424136ff0d997349f1676d756128dec936643a

          SHA256

          7e4fc50a4f32b4dfb872da0081fdc7bb65c79e1a99a4301a6fa5d05b8ffaba30

          SHA512

          36d8e9131ab636d4489e1e5d976a195a6d50b68d6ba7fcbb479d7d4615313a2df18879acbabea778ffa342711ee7abeea9857d9b568b4368fd9ea5101b530362

        • /data/data/com.baidu.tieba/databases/baidu_tieba.db-journal

          Filesize

          28KB

          MD5

          28816cc9580aa7128f2139409db99563

          SHA1

          5edd94a64317a876275cadaa0697c2243b9fb1dc

          SHA256

          29aeb5130d0e09f8085534ef8eff746f64dcd052f333380405bd5be83cecb67d

          SHA512

          848ffc4a67e1135da136083c7ad21f761c65f041d904cc7b87dc89b9905e378d7e3504d2b92df3fb1a84e1b847a86bf11b62dd199d81579e68f2855678681c1c

        • /data/data/com.baidu.tieba/databases/baidu_tieba.db-journal

          Filesize

          8KB

          MD5

          5ef7b5e5987ee79fa45a62bb38cc918c

          SHA1

          450bf9885e430508bb775f1b752aed57a5cd013b

          SHA256

          2c4644863cc51989cce436a0f0be80ad0344d2cf4d99860e3e503ec6cd1c6ee9

          SHA512

          452bca78df90fd0bfac68074504273daa4c710a199e27624849ad8228adb65c32dcd087b92985bded8ca6c24ba1e4f4404e47a7a9398f9b946d2480fed92ccf7

        • /data/data/com.baidu.tieba/databases/baidu_tieba.db-journal

          Filesize

          8KB

          MD5

          fcadb83d9ed351ebc1ef3908e6436d39

          SHA1

          b186b56a14382799cfb6dc304fd8fc747e17d70e

          SHA256

          213201efa12226f03bd3a55c90b050daa689a4d8150149bf7755d5c9038dd45c

          SHA512

          470439b6ae2f2dd787c74d90e233acf52230f4bf9cb5a703c42707a624ee82ac64a124833965bfb1ff24502cc00ab23d657221bcfab4d0e1c0cdcbc75d765cff

        • /data/data/com.baidu.tieba/databases/moplus_server_config.db

          Filesize

          16KB

          MD5

          58065a2ca12783b9aa02e912cfe4e736

          SHA1

          04005d2c730cc4c2d10fa50271ef140400966c6e

          SHA256

          00a58846dbcefb9c134f43c8925d90243a039d2e7097287380b8bf0847677375

          SHA512

          6749c3495eb96cb9a93182391908857fc3487beaa77a85de1c0b18a36c4c54ae1a593b3765eef4fd78803e4e6d83da48bfc7fd4d52d8733bb3c795716e8c431c

        • /data/data/com.baidu.tieba/files/__local_last_session.json

          Filesize

          8KB

          MD5

          efc95d23b588b91e1fbb94ca48acc9a2

          SHA1

          acd057c847e41526ace3a0a8b90cbad633610f2d

          SHA256

          d637107994232c106969538dd34e09f11f5ca13ba52d69562bb4ea64d0d9a99f

          SHA512

          1c69cdf8eb3723ac427e98de32237eb421af8d36560b649019f002bfb2c123318c499cd373f14521d8467c6a404188addac220d11df293494e7f3fab9fac722d

        • /data/data/com.baidu.tieba/files/__local_stat_cache.json

          Filesize

          12KB

          MD5

          0c90e0663e1aa1977fd01f739af1c57f

          SHA1

          be3fea90525734a5e754a0c548bef4351bb1e242

          SHA256

          986a3ee872b35054c9f339457018f021fba516a27628ba8c1732578dfd6b1423

          SHA512

          8326be6adc5ef1a4f0747543f822c79e362a81cedcab72abce7c9bc3f2846c4075d665427e3f59021a509eac6ed087a482de768930073e39a163ac2612c72088

        • /data/data/com.baidu.tieba/files/loginshare.json

          Filesize

          20KB

          MD5

          1f0ab587f8372d3a9a42cccf8eeebde1

          SHA1

          011876ab57195f37912145fda980d2d7da0fb2f3

          SHA256

          c9935ecb53fff36fc3cb07a58c52d4e113c9c6f1dab657db9a682b807dec5913

          SHA512

          e1afbab1d66c80fa0cd40f8fa3d0752ccbb101cd1de40f04892d54860f466f8805dd07689a47b7945963c378de5374ad5d0d9965a6511498ab40b91e8fcc8a47

        • /storage/emulated/0/tieba/from.dat

          Filesize

          512B

          MD5

          b0b0c1519f139d8a3fdf2179dfd33e35

          SHA1

          8c679a738e9f87f6289c17da07d0ad951c6a2ccc

          SHA256

          e8fe88935be22ea45ac4bf713a45da225363238ea2fdabed31ec5be22d2db9fd

          SHA512

          abba6b3429094b51e070d42cf448ab2ad1e7b93f51740187f15a249425011c827e30af028c65acc0584ba17de860763cd3da4185a1d2f03bb84032d703e045ae