20b72af93d1d5212072daf7cbcb2c40426de4f91206a2a828713dcaf2ca37bdd

Analysis

max time kernel
5s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
22-05-2024 02:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

659f8f7a0498c09013193487234f46c5_JaffaCakes118.apk
Size

23.4MB
MD5

659f8f7a0498c09013193487234f46c5
SHA1

4afaf516950db402926edd25e67a8036ab93b5e7
SHA256

20b72af93d1d5212072daf7cbcb2c40426de4f91206a2a828713dcaf2ca37bdd
SHA512

11a14d942d3a7ce3a78d50efa207255e7bde50f7713ee4eebf27b2e80f6be80f33ae5f520b84fb0ae206a72f38bac0abcec8f22de7be4674bc4143d631bcaa3b
SSDEEP

393216:vitdOIqNXNYfKqxQYFysQRrOjXqGD+eaSizw90VV/krGFKYfi4i8BQPSQUF9wCY:UXjL/IRiaGD6VzwmV5yGFKYK4ipkZY

Score

8^/10

banker collection discovery evasion impact persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
collection discovery evasion

Location Tracking
T1430

Geofencing
T1627.001

Processes:

com.baidu.baidutranslate

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.baidu.baidutranslate
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.baidu.baidutranslate

description ioc process

File opened for read /proc/cpuinfo com.baidu.baidutranslate
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.baidu.baidutranslate

description ioc process

File opened for read /proc/meminfo com.baidu.baidutranslate
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

Process Discovery
T1424

Processes:

com.baidu.baidutranslate

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.baidu.baidutranslate
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

System Network Connections Discovery
T1421

Processes:

com.baidu.baidutranslate

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.baidu.baidutranslate
Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
discovery

System Network Connections Discovery
T1421

Processes:

com.baidu.baidutranslate

description ioc process

Framework service call android.net.wifi.IWifiManager.getScanResults com.baidu.baidutranslate
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

System Network Configuration Discovery
T1422

Processes:

com.baidu.baidutranslate

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.baidu.baidutranslate
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

com.baidu.baidutranslate

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.baidu.baidutranslate
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

com.baidu.baidutranslate

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.baidu.baidutranslate
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

13 ip-api.com
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

Data Encrypted for Impact
T1471

Processes:

com.baidu.baidutranslate

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.baidu.baidutranslate

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.baidu.baidutranslate

description	ioc	process
File opened for read	/proc/cpuinfo	com.baidu.baidutranslate

description	ioc	process
File opened for read	/proc/meminfo	com.baidu.baidutranslate

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.baidu.baidutranslate

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.baidu.baidutranslate

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.baidu.baidutranslate

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.baidu.baidutranslate

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.baidu.baidutranslate

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.baidu.baidutranslate

flow	ioc
13	ip-api.com

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.baidu.baidutranslate

com.baidu.baidutranslate
1⤵
- Requests cell location
- Checks CPU information
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4281

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Execution Guardrails

T1627

Geofencing

T1627.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Location Tracking

T1430

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.baidu.baidutranslate/app_files/app_sc.bin

Filesize
650KB

MD5
ca6f4f188877d3d1f57be1c1804602ac

SHA1
5ade2f8d8c8fa47703540f021c4479dfcbdb10a5

SHA256
bf3df0e9884afe00ff845f617a61807bd86e922cd3b55eb5117232078ee6149a

SHA512
dc4eec5838032813438c0fa584427d75c20674d5bf032fbd595694b0702eb29d68d14dcd7a5ff169438c888de9bb2d29f87c5dd20419282ebcb3126e132c1442

Download Submit
/data/data/com.baidu.baidutranslate/app_files/ocr_sent

Filesize
61KB

MD5
f7cf5c567faa608b4e214d496a2a7b3f

SHA1
b8d59aeff1ffd0c85f31803d2eb0e916b889c046

SHA256
2314a9bb0285e47da00d0fe1adf008908f56ee4a8ae0d26fe43a5b070d88c981

SHA512
0b965a803308a37f534dbba28098c304bbf7c3b2cd092fe9556203173eb9d631aebd4d27f27acae773069986564ba68cb5d4224a44f477b89369a442c91ff21e

Download Submit
/storage/emulated/0/BaiduTranslate/ce/ce.ambi.model

Filesize
22KB

MD5
dc7004dfe249f258ace381e4307d8430

SHA1
d78420ea84405787c70cbde49d2e9e7256477b43

SHA256
5952316d44b76c4bb2d98ee3c50dcd179eb4e4115a9bb4f53c198da62918f3c4

SHA512
1d380e60f7fc41c790f205b486776894795e1a987b9342b15494008e0ea33351b8ed850102c4d8a7f5fdb1385fc725a538a9c7bad8cfa5c655a18ab996a2776b

Download Submit
/storage/emulated/0/BaiduTranslate/ce/ce.dict.seg

Filesize
2.0MB

MD5
981ac28948f5796440d754e2d6b83f71

SHA1
b07e41d405d6045b268046ab7f39d87ec465f8c1

SHA256
3ee36e1451ae7c852c3c47b4e791ca0007df5c637b77824fe5571f5492bc8ad0

SHA512
c465915ad57c0e21523a5820194e3947f54bbd27f9bcc6b76a798fe1e27de9ef6f62215c0a3ae37e928076c2445c130835a623402e8a9fb21133e36bc2983e91

Download Submit
/storage/emulated/0/BaiduTranslate/ce/ce.name.model

Filesize
217KB

MD5
0dac655f26b5233e5b0f627f0b810300

SHA1
30f175b00c52c1dde95adcba06c605ecba5ce0b0

SHA256
bde410f1ee21189aa1f4f07e202ae41e4ce2aceffb658fe16dcda27fd5177586

SHA512
33093e824120510525eeca38bd11e114dc8c230cf7c3a342c460926f67f48f1ec1615d25da17f677e08f9c595ef33d2368bdf8e10f316fd8e8e1855fe4d8c4d1

Download Submit
/storage/emulated/0/BaiduTranslate/db/dict_local.db

Filesize
4.4MB

MD5
c6c888f18c7457a2a832642ed912f395

SHA1
cfb97129c99e68c5cd1b57aad32399608c01f6dd

SHA256
e689ce6bf553228e56b1728335685d1e24375c532b9e7b2eed771808d0d5f558

SHA512
5e94ab35e094d9ab36c5303db114fb927ffe388ba0628ee629160819af5da334fb49a432049d6c99cd0f05e652c1d33c18fe6b9f52a707444d3a7890b906b163

Download Submit
/storage/emulated/0/BaiduTranslate/db/sentence.db

Filesize
372KB

MD5
3c14c298f2fa36feaaae2401542c1ff9

SHA1
0ad1106a09a9b49bf85957e215532de4c68499a6

SHA256
eda24f2460942d0759429a8b83e1f51d9c945f560c48da7758074236f37e819f

SHA512
eb31bc79ae33c7f4a2856325b69724dcbb5bb331040d45c2ff777ba7cc194d77e025e6a9fae1cccdfd0bf106146cc90b81449f56c9aa78cacbeff0db34f6fd05

Download Submit
/storage/emulated/0/backups/.SystemConfig/.cuid

Filesize
89B

MD5
198f563da51facacaa62382cd6ffc871

SHA1
d5019ec860fdda34c8d11986101f76c9358cc8de

SHA256
781df2d86148f815d7459437b11562a126824c5345a908a46c9b00cd0e350987

SHA512
97fb0e426f784a4b4a0b6f78e173108b2bda12fa79e5635a0c9c94b07a8f9cb12cc10b94edb3b0b20510156c93f9213b460bd9950ea69afb7b098a0be6037cc3

Download Submit
/storage/emulated/0/backups/system/.confd

Filesize
20KB

MD5
e60ec03eada62a14c01a60aa0975cb4c

SHA1
4eabd58f4b5599bba7e83d13000bfecfb805c684

SHA256
a1ad45a5f1a61b3ffe8764df4e8c6f5d691c21e2fe01216acf2f0f2f917532bf

SHA512
0b7e9b1a5da75b876ab2a2583d082976a4ffbd68e9a87f8a8f943bca90f39f6104cdfff5922d5d23cf37b412a6e0b9145c0a912042d722ec234606e95ab10892

Download Submit
/storage/emulated/0/backups/system/.confd-journal

Filesize
512B

MD5
3f010b2ceca76aa50776af25552a6592

SHA1
c4120899e0eb70fe862438574301bec6bc8d0d9d

SHA256
963d79f325fb982beb557224dcd426a03ff5d2a3a992aa8a6dcac7d81e312a18

SHA512
e89061504ace4969dade48e77237bcf14facff1c5a4bf1d64163e4ace77e4641df93343f1af676f881dd77d289a758943549af1b311c8512e0422d01b4e82cf0

Download Submit
/storage/emulated/0/backups/system/.confd-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/storage/emulated/0/backups/system/.confd-wal

Filesize
44KB

MD5
cb61fc899f36878b620def2a34046925

SHA1
93bde2ca9b2417e9ffd11f2ba3bffe0e6b2f3448

SHA256
a793a9506d962aad15663b80e33d0a20d3f3c121774165b7079d72c8bd567389

SHA512
6a54320aa4dd6deb12402b1e2da6f8066ffa09245ec6d426a4fa6b26b43ffda1488c23a1514e7b4bbf1fa45064923e04b31f8e61e917fd693273e28c8022f0ce

Download Submit
/storage/emulated/0/backups/system/.config

Filesize
25B

MD5
e992d519b2f390208d7e30e0e6b5b2ab

SHA1
62d34dac2b87d0d1ee181e2e7ea460297a667169

SHA256
7ae897e3a8c444c1825069a97042913bcce7589237e9bb1c05698a82b2d15d60

SHA512
af954f1332fcb02be8ae95ee7b4db36246acacded02caff7e75cdf6e34f885e092b96ba411e560199de8a400c604823c4f10232b51052ad7d224e4ab49ca3844

Download Submit
/storage/emulated/0/baidu/pushservice/files/.info

Filesize
89B

MD5
a6023ac8eaeea7422ec42f816fa84497

SHA1
2c76316f0056700aaa2a000c3879a4d20bedfaef

SHA256
76427d35bde12dcd9a674584dcee0e03beef183463d60dfeff270e4dcdf04f5f

SHA512
d60b4eecacebf69043a41320c9445f36c9b41346ddec33a449cb2bc2d7c6f022d7d919d34b16b67ad78967d582b782f57271cd163dd5d930ae02f3af47073dff

Download Submit