13ee3af45f068256f0834d1202d79f36328aaef59eee4c3962e1a25d14b32bd9

General

Target

67070043be312f7d7ae75f81dc825a4b_JaffaCakes118.apk
Size

8.5MB
MD5

67070043be312f7d7ae75f81dc825a4b
SHA1

92858a9dad22140c83654c570f8c6b981525f89a
SHA256

13ee3af45f068256f0834d1202d79f36328aaef59eee4c3962e1a25d14b32bd9
SHA512

12039992db5dce64e6c98b05f9c62633cf210766fbc1c16ccf330937933330d2554d9e1374c35b7a737c8817f69d5f80ec475f387a9cfd628e9cc008965797a6
SSDEEP

196608:ZOC9t4GmFAkG5tPicgZ4YuCu/Evfis3uX0Jd2WibCtK2T0:Z6Gmpm8vfCX0Jfiei

Score

8^/10

collection discovery evasion impact persistence

Malware Config

Signatures

Requests cell location 2 TTPs 2 IoCs

Uses Android APIs to to get current cell location.

collection discovery evasion

Location Tracking

T1430

Geofencing

T1627.001

Processes:

com.baidu.newscom.baidu.news:bdservice_v1

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.baidu.news
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.baidu.news:bdservice_v1

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

System Network Connections Discovery
T1421

Processes:

com.baidu.news

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.baidu.news

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.baidu.news

Queries information about the current nearby Wi-Fi networks 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

discovery

System Network Connections Discovery

T1421

Processes:

com.baidu.newscom.baidu.news:bdservice_v1

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.baidu.news
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.baidu.news:bdservice_v1

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

Broadcast Receivers

T1624.001

Processes:

com.baidu.newscom.baidu.news:bdservice_v1

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.baidu.news
Framework service call	android.app.IActivityManager.registerReceiver	com.baidu.news:bdservice_v1

Checks if the internet connection is available 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

Processes:

com.baidu.newscom.baidu.news:bdservice_v1

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.baidu.news
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.baidu.news:bdservice_v1

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

Data Encrypted for Impact
T1471

Processes:

com.baidu.news

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.baidu.news

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.baidu.news

com.baidu.news
1⤵
- Requests cell location
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4297

com.baidu.news:bdservice_v1
1⤵
- Requests cell location
- Queries information about the current nearby Wi-Fi networks
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:4410

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

1

T1624

Broadcast Receivers

1

T1624.001

Privilege Escalation

Defense Evasion

Execution Guardrails

1

T1627

Geofencing

1

T1627.001

Credential Access

Discovery

Location Tracking

1

T1430

System Network Configuration Discovery

1

T1422

System Network Connections Discovery

3

T1421

Lateral Movement

Collection

Location Tracking

1

T1430

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

1

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.baidu.news/channel
Filesize
5B

MD5
a22e9a2ce9bb5aaca245ba8a8da037fb

SHA1
f5202304586e7892af8fad73feedd6c3dc26bc31

SHA256
727312eccb9e85363a0e24d926c81f22b0350be7769f89dc0928a3ed0134b1cd

SHA512
59956a1b741a7844a54532b64923db538dedd0137b2a430cc3e40a9a9e99acf620fc86183afe5116acd8ca6e2930a37763acd721c0cd7b4716f2b424cc2e12d4

Download Submit
/data/data/com.baidu.news/databases/news.db
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.baidu.news/databases/news.db-journal
Filesize
32KB

MD5
8d536120616b8e3383c1574747c86b33

SHA1
cc451a4918e0c1528dc77b772ad1fd4e61ca98d6

SHA256
a0fde28c1c44d227267dc7db6a4d7a8b9ef92b08739aac3e4a56c003d78787ce

SHA512
a37ddabae060513117e8dd8c68f1bfd9956532c2a378656489dd91590775cd208af4025bfd4fa3662e8142fb617b5b058f339c9d541d319931da84272cb8606b

Download Submit
/data/data/com.baidu.news/databases/news.db-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.baidu.news/databases/news.db-wal
Filesize
193KB

MD5
036ab4db07f93850a58a9ea58d3bf11a

SHA1
e50d56a81dd227c91e7112bae63b65f28fa04bd7

SHA256
77da2ec04d0a27cb3715ca89ba69c80232d76d259a3bd911c421ab82d8554c41

SHA512
46e2cc1caf3228ebd97953d5497fc73122d7c4016111c5a2ce3bef5ee3e78c26b208081f23624c1ff1d900cccf95f3ce0cd2151156dbdce6cb236ae390f6e851

Download Submit
/data/data/com.baidu.news/files/__local_stat_cache.json
Filesize
25B

MD5
0f88bb5b9cfc5c9074f80cd8581ce984

SHA1
73a99516602d75af51d133a417b7293dad85d7b8

SHA256
c17d1f81f883de5ac5a5a049aeeab0c4db5a1120f359a718bc665a47d75fd23f

SHA512
29277bb14f11abac05a22614a0b59204b96cbb3959f9da3462bd226aa91e4e724edd1d261ae95034f7f1cf0e40c0bd0bc2d2eca60139f2ac67a65dd05bdc114f

Download Submit
/storage/emulated/0/baidu/.cuid
Filesize
512B

MD5
54201e059e0d1e2ec604dc8ede99e24e

SHA1
40bd54dbd5eb7c6e47be44f7505e0a858d035ca5

SHA256
b27721d3ca25884b69d8440d1d110e6c2c3f2794abef906d61871d2582a439d8

SHA512
e292febb5f2ec86a613e11dc3091e2eacddd7a8ba659e5a1e1c5736c487bd73cb343d741e7554cce5479b1c5ff605377f7a99f207bba20d774f03fea27434f69

Download Submit
/storage/emulated/0/baidu/tempdata/con.dat
Filesize
151B

MD5
aa2ee8a07cd6238266b597e8fceb88e1

SHA1
a8892e47e85de02a49764cc62826061887149e69

SHA256
43c80c1f73d5b0d262540f70738f4f7724b76764d288342d7d0a09e3e5c540c2

SHA512
64a717cdb01dabc3595cc2ae08e5a1bf6596c80ccdd59cde84ee21597bf7b08b9dc96944356a0422c8e94fcc59ed13c732d603e991defdf988cf12d37393a5a1

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads