Analysis
-
max time kernel
5s -
max time network
131s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system -
submitted
22-05-2024 02:02
Static task
static1
Behavioral task
behavioral1
Sample
659f8f7a0498c09013193487234f46c5_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
__pasys_remote_banner.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral3
Sample
__pasys_remote_banner.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral4
Sample
__pasys_remote_banner.apk
Resource
android-x64-arm64-20240514-en
General
-
Target
659f8f7a0498c09013193487234f46c5_JaffaCakes118.apk
-
Size
23.4MB
-
MD5
659f8f7a0498c09013193487234f46c5
-
SHA1
4afaf516950db402926edd25e67a8036ab93b5e7
-
SHA256
20b72af93d1d5212072daf7cbcb2c40426de4f91206a2a828713dcaf2ca37bdd
-
SHA512
11a14d942d3a7ce3a78d50efa207255e7bde50f7713ee4eebf27b2e80f6be80f33ae5f520b84fb0ae206a72f38bac0abcec8f22de7be4674bc4143d631bcaa3b
-
SSDEEP
393216:vitdOIqNXNYfKqxQYFysQRrOjXqGD+eaSizw90VV/krGFKYfi4i8BQPSQUF9wCY:UXjL/IRiaGD6VzwmV5yGFKYK4ipkZY
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
Processes:
com.baidu.baidutranslatedescription ioc process Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.baidu.baidutranslate -
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
Processes:
com.baidu.baidutranslatedescription ioc process File opened for read /proc/cpuinfo com.baidu.baidutranslate -
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
Processes:
com.baidu.baidutranslatedescription ioc process File opened for read /proc/meminfo com.baidu.baidutranslate -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.baidu.baidutranslatedescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.baidu.baidutranslate -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.baidu.baidutranslatedescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.baidu.baidutranslate -
Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
Processes:
com.baidu.baidutranslatedescription ioc process Framework service call android.net.wifi.IWifiManager.getScanResults com.baidu.baidutranslate -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
com.baidu.baidutranslatedescription ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.baidu.baidutranslate -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.baidu.baidutranslatedescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.baidu.baidutranslate -
Checks if the internet connection is available 1 TTPs 1 IoCs
Processes:
com.baidu.baidutranslatedescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.baidu.baidutranslate -
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
Processes:
flow ioc 13 ip-api.com -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.baidu.baidutranslatedescription ioc process Framework API call javax.crypto.Cipher.doFinal com.baidu.baidutranslate
Processes
-
com.baidu.baidutranslate1⤵
- Requests cell location
- Checks CPU information
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4281
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Execution Guardrails
1Geofencing
1Virtualization/Sandbox Evasion
2System Checks
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
650KB
MD5ca6f4f188877d3d1f57be1c1804602ac
SHA15ade2f8d8c8fa47703540f021c4479dfcbdb10a5
SHA256bf3df0e9884afe00ff845f617a61807bd86e922cd3b55eb5117232078ee6149a
SHA512dc4eec5838032813438c0fa584427d75c20674d5bf032fbd595694b0702eb29d68d14dcd7a5ff169438c888de9bb2d29f87c5dd20419282ebcb3126e132c1442
-
Filesize
61KB
MD5f7cf5c567faa608b4e214d496a2a7b3f
SHA1b8d59aeff1ffd0c85f31803d2eb0e916b889c046
SHA2562314a9bb0285e47da00d0fe1adf008908f56ee4a8ae0d26fe43a5b070d88c981
SHA5120b965a803308a37f534dbba28098c304bbf7c3b2cd092fe9556203173eb9d631aebd4d27f27acae773069986564ba68cb5d4224a44f477b89369a442c91ff21e
-
Filesize
22KB
MD5dc7004dfe249f258ace381e4307d8430
SHA1d78420ea84405787c70cbde49d2e9e7256477b43
SHA2565952316d44b76c4bb2d98ee3c50dcd179eb4e4115a9bb4f53c198da62918f3c4
SHA5121d380e60f7fc41c790f205b486776894795e1a987b9342b15494008e0ea33351b8ed850102c4d8a7f5fdb1385fc725a538a9c7bad8cfa5c655a18ab996a2776b
-
Filesize
2.0MB
MD5981ac28948f5796440d754e2d6b83f71
SHA1b07e41d405d6045b268046ab7f39d87ec465f8c1
SHA2563ee36e1451ae7c852c3c47b4e791ca0007df5c637b77824fe5571f5492bc8ad0
SHA512c465915ad57c0e21523a5820194e3947f54bbd27f9bcc6b76a798fe1e27de9ef6f62215c0a3ae37e928076c2445c130835a623402e8a9fb21133e36bc2983e91
-
Filesize
217KB
MD50dac655f26b5233e5b0f627f0b810300
SHA130f175b00c52c1dde95adcba06c605ecba5ce0b0
SHA256bde410f1ee21189aa1f4f07e202ae41e4ce2aceffb658fe16dcda27fd5177586
SHA51233093e824120510525eeca38bd11e114dc8c230cf7c3a342c460926f67f48f1ec1615d25da17f677e08f9c595ef33d2368bdf8e10f316fd8e8e1855fe4d8c4d1
-
Filesize
4.4MB
MD5c6c888f18c7457a2a832642ed912f395
SHA1cfb97129c99e68c5cd1b57aad32399608c01f6dd
SHA256e689ce6bf553228e56b1728335685d1e24375c532b9e7b2eed771808d0d5f558
SHA5125e94ab35e094d9ab36c5303db114fb927ffe388ba0628ee629160819af5da334fb49a432049d6c99cd0f05e652c1d33c18fe6b9f52a707444d3a7890b906b163
-
Filesize
372KB
MD53c14c298f2fa36feaaae2401542c1ff9
SHA10ad1106a09a9b49bf85957e215532de4c68499a6
SHA256eda24f2460942d0759429a8b83e1f51d9c945f560c48da7758074236f37e819f
SHA512eb31bc79ae33c7f4a2856325b69724dcbb5bb331040d45c2ff777ba7cc194d77e025e6a9fae1cccdfd0bf106146cc90b81449f56c9aa78cacbeff0db34f6fd05
-
Filesize
89B
MD5198f563da51facacaa62382cd6ffc871
SHA1d5019ec860fdda34c8d11986101f76c9358cc8de
SHA256781df2d86148f815d7459437b11562a126824c5345a908a46c9b00cd0e350987
SHA51297fb0e426f784a4b4a0b6f78e173108b2bda12fa79e5635a0c9c94b07a8f9cb12cc10b94edb3b0b20510156c93f9213b460bd9950ea69afb7b098a0be6037cc3
-
Filesize
20KB
MD5e60ec03eada62a14c01a60aa0975cb4c
SHA14eabd58f4b5599bba7e83d13000bfecfb805c684
SHA256a1ad45a5f1a61b3ffe8764df4e8c6f5d691c21e2fe01216acf2f0f2f917532bf
SHA5120b7e9b1a5da75b876ab2a2583d082976a4ffbd68e9a87f8a8f943bca90f39f6104cdfff5922d5d23cf37b412a6e0b9145c0a912042d722ec234606e95ab10892
-
Filesize
512B
MD53f010b2ceca76aa50776af25552a6592
SHA1c4120899e0eb70fe862438574301bec6bc8d0d9d
SHA256963d79f325fb982beb557224dcd426a03ff5d2a3a992aa8a6dcac7d81e312a18
SHA512e89061504ace4969dade48e77237bcf14facff1c5a4bf1d64163e4ace77e4641df93343f1af676f881dd77d289a758943549af1b311c8512e0422d01b4e82cf0
-
Filesize
28KB
MD5cf845a781c107ec1346e849c9dd1b7e8
SHA1b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA25618619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA5124802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612
-
Filesize
44KB
MD5cb61fc899f36878b620def2a34046925
SHA193bde2ca9b2417e9ffd11f2ba3bffe0e6b2f3448
SHA256a793a9506d962aad15663b80e33d0a20d3f3c121774165b7079d72c8bd567389
SHA5126a54320aa4dd6deb12402b1e2da6f8066ffa09245ec6d426a4fa6b26b43ffda1488c23a1514e7b4bbf1fa45064923e04b31f8e61e917fd693273e28c8022f0ce
-
Filesize
25B
MD5e992d519b2f390208d7e30e0e6b5b2ab
SHA162d34dac2b87d0d1ee181e2e7ea460297a667169
SHA2567ae897e3a8c444c1825069a97042913bcce7589237e9bb1c05698a82b2d15d60
SHA512af954f1332fcb02be8ae95ee7b4db36246acacded02caff7e75cdf6e34f885e092b96ba411e560199de8a400c604823c4f10232b51052ad7d224e4ab49ca3844
-
Filesize
89B
MD5a6023ac8eaeea7422ec42f816fa84497
SHA12c76316f0056700aaa2a000c3879a4d20bedfaef
SHA25676427d35bde12dcd9a674584dcee0e03beef183463d60dfeff270e4dcdf04f5f
SHA512d60b4eecacebf69043a41320c9445f36c9b41346ddec33a449cb2bc2d7c6f022d7d919d34b16b67ad78967d582b782f57271cd163dd5d930ae02f3af47073dff