13ee3af45f068256f0834d1202d79f36328aaef59eee4c3962e1a25d14b32bd9

Analysis

max time kernel
9s
max time network
155s
platform
android_x64
resource
android-x64-arm64-20240514-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
submitted
22-05-2024 10:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

67070043be312f7d7ae75f81dc825a4b_JaffaCakes118.apk
Size

8.5MB
MD5

67070043be312f7d7ae75f81dc825a4b
SHA1

92858a9dad22140c83654c570f8c6b981525f89a
SHA256

13ee3af45f068256f0834d1202d79f36328aaef59eee4c3962e1a25d14b32bd9
SHA512

12039992db5dce64e6c98b05f9c62633cf210766fbc1c16ccf330937933330d2554d9e1374c35b7a737c8817f69d5f80ec475f387a9cfd628e9cc008965797a6
SSDEEP

196608:ZOC9t4GmFAkG5tPicgZ4YuCu/Evfis3uX0Jd2WibCtK2T0:Z6Gmpm8vfCX0Jfiei

Score

8^/10

collection discovery evasion

Malware Config

Signatures

Requests cell location 2 TTPs 2 IoCs

Uses Android APIs to to get current cell location.

collection discovery evasion

Location Tracking

T1430

Geofencing

T1627.001

Processes:

com.baidu.newscom.baidu.news:bdservice_v1

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.baidu.news
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.baidu.news:bdservice_v1

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

System Network Connections Discovery
T1421

Processes:

com.baidu.news

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.baidu.news
Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
discovery

System Network Connections Discovery
T1421

Processes:

com.baidu.news:bdservice_v1

description ioc process

Framework service call android.net.wifi.IWifiManager.getScanResults com.baidu.news:bdservice_v1

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.baidu.news

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.baidu.news:bdservice_v1

Checks if the internet connection is available 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

Processes:

com.baidu.newscom.baidu.news:bdservice_v1

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.baidu.news
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.baidu.news:bdservice_v1

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

com.baidu.news
1⤵
- Requests cell location
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
PID:4617

com.baidu.news:bdservice_v1
1⤵
- Requests cell location
- Queries information about the current nearby Wi-Fi networks
- Checks if the internet connection is available
PID:4684

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Execution Guardrails

T1627

Geofencing

T1627.001

Credential Access

Discovery

Location Tracking

T1430

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.baidu.news/channel
Filesize
5B

MD5
a22e9a2ce9bb5aaca245ba8a8da037fb

SHA1
f5202304586e7892af8fad73feedd6c3dc26bc31

SHA256
727312eccb9e85363a0e24d926c81f22b0350be7769f89dc0928a3ed0134b1cd

SHA512
59956a1b741a7844a54532b64923db538dedd0137b2a430cc3e40a9a9e99acf620fc86183afe5116acd8ca6e2930a37763acd721c0cd7b4716f2b424cc2e12d4

Download Submit
/data/user/0/com.baidu.news/databases/news.db
Filesize
180KB

MD5
1d6b6662e13754966861acb179b6130b

SHA1
7e10dfa6cde5fba4df9b5e23582ecac373d4b717

SHA256
2d515b56e0f0b4f22a5f983430da095506bd03645778db88cdb9df6837de9bd2

SHA512
34cb8e709bc3d420446deec97c6b553aba8c827aa7fb9688fbfd8a35c4b74daa91eb4a0f3486fa8662d054b357a773465ad1ac5c33bdfe3ada099f7c488ee6dd

Download Submit
/data/user/0/com.baidu.news/databases/news.db-journal
Filesize
20KB

MD5
4f91410747bb2ba7a43ee7b298fc9417

SHA1
597e95133bff38aeb4154b8a79aaa0d31ee99fcc

SHA256
4e93ae7c16a145783f04d535aad7112b561b401ebbb01cee861aeb67f01984cf

SHA512
c13d30e367c948ac6899423954fdb0ec3a47b74bae428e0ebd8c7bd3544f21953d22a1632ce567fa5b7c999004d53add84a7bd0e226c40de41af04ef86a64ca4

Download Submit
/data/user/0/com.baidu.news/databases/news.db-journal
Filesize
8KB

MD5
ec9cd32fc3e7d1b3c21f970587c6e763

SHA1
1a312c3189591fd1e40469676e7a6b43e8b38997

SHA256
9873c03b79c7aa6fc6ee1f8ffc36c825bf51592de474c0bf5be7709ab4a11574

SHA512
c77a8b5d8bd90349ac39141a54d19ceba50c9d86d4d613a3b05e60b2f36ef052e68734ae98eb8debb62464410496182594d106ab7333703d6a16f6b940db7eb5

Download Submit
/data/user/0/com.baidu.news/databases/news.db-journal
Filesize
8KB

MD5
bb9c9d029a1ce4c0e4eae9e37f78ee5d

SHA1
828257617d0aafb289c718aa4ece4c85b14c5aee

SHA256
4dd7c9a6c4e10b312e0e3007923fd5d55ee78a04164da4598dd8c1ce5dfa1a79

SHA512
07bf955091b8db5b7cf3c8cdc6a8bde2f32b5bd7d0eefaf9776d76aba95545ab2ed10a5f0a697b2e5d7706aef700c718c16b499e840c73c37341a469900eca17

Download Submit
/data/user/0/com.baidu.news/files/__local_stat_cache.json
Filesize
25B

MD5
2d805b13f2f28dc3ca9bbcc000f49bb5

SHA1
9eac165b4d81258fd3967cde5cc53b53b1dabcb1

SHA256
c8a6624f390568f0ddcb9841336aec6a564460fdaf6624e562b32935b8956f19

SHA512
5db8c57bab36bcf9db698c1dce70318cbffc156dd1d1c1e09e5b7ba60aff07b598ebbf26c4bd8a2b03bd6e59ef2dde2d944a22a8d8a19ecc8378e83afb7c83b0

Download Submit
/storage/emulated/0/baidu/tempdata/con.dat
Filesize
108B

MD5
d29d18a7c57122ebf4776ffb92a86c48

SHA1
940b0380e21ebe65ca76594cc1b408e6af62753c

SHA256
7c61a8454fe2bf7160dcebd00e3e6e428c87d8e3eb29e1c045acfa568bb031df

SHA512
b300609a89a1780e7b336b90bcef4b30004c9be0aba26e82b2b3bf2ea535549b8f932cddc86f640997627cc79e6483cbc901ec08804ecc3b71cdf34d2cb620b4

Download Submit
/storage/emulated/0/baidu/tempdata/con.dat
Filesize
151B

MD5
880b4700e40c853284b81fbf75d2ef6c

SHA1
df8e2e70a4b660fc114813eac32b4ae97b58c50b

SHA256
4072808afde5888df043ef18f5275a8706b903f20a9df575ef746863ff67e5a2

SHA512
afbbd87066ea85a1574585ee125aa81dc52f52c666622ad01fd33363181259c959b86e059f7cd0a00b92dfe06346e8b718f18751132da128d59cfdb7e6b49ae0

Download Submit