7109fd4584037dac8ba8b086ae5567845afdf265b8a76acb068322895124ed4f

Analysis

max time kernel
141s
max time network
178s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
24-05-2024 01:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6cde0887af4f517ac5e2c11442dd4f3b_JaffaCakes118.apk
Size

18.5MB
MD5

6cde0887af4f517ac5e2c11442dd4f3b
SHA1

ca5c51bed18f03f2de961b8e193c6c3dad7f220b
SHA256

7109fd4584037dac8ba8b086ae5567845afdf265b8a76acb068322895124ed4f
SHA512

6b688f8f62237d39d9f15cf87784e191685a676c169a80d12d22c9a4e3a398acd6b852f2e89b476fca328d4528aef4ffb789640856ea373640190a79ae707d5d
SSDEEP

393216:ff0/LFwKzWc3hoLES+DO4s4ljDOCtdLodZQCwHlmAc2HiUbxAA:f8/LtRv1np/5odZvwHc/2dbxAA

Score

8^/10

banker discovery impact persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

T1418.001
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

T1424

Processes:

com.baidu.roocontroller

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.baidu.roocontroller
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

com.baidu.roocontroller

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.baidu.roocontroller
Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
discovery

T1421

Processes:

com.baidu.roocontroller

description ioc process

Framework service call android.net.wifi.IWifiManager.getScanResults com.baidu.roocontroller
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

com.baidu.roocontroller

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.baidu.roocontroller
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.baidu.roocontroller

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.baidu.roocontroller
Reads information about phone network operator. 1 TTPs
discovery

T1422
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

T1471

Processes:

com.baidu.roocontroller

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.baidu.roocontroller

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.baidu.roocontroller

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.baidu.roocontroller

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.baidu.roocontroller

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.baidu.roocontroller

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.baidu.roocontroller

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.baidu.roocontroller

com.baidu.roocontroller
1⤵
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4314

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.baidu.roocontroller/databases/tray.db
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.baidu.roocontroller/databases/tray.db-journal
Filesize
512B

MD5
d4bb5689201358b46819414ca92f2838

SHA1
68a88150e1d2381cfd17e67cdfabf0ae9daed13d

SHA256
d1d13f4bdcbd9246d48124f2fff4174da8a5516356c72c0fe7e2cf97e4c9c8e8

SHA512
d40bf43348c98eaface454409a6c109eaa7ac507b51aa9c9af31ccd3f5432741f5f610d3db1b00571047e3db39bac74a1d02b85480abf183d112641cfe09d238

Download Submit
/data/data/com.baidu.roocontroller/databases/tray.db-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.baidu.roocontroller/databases/tray.db-wal
Filesize
56KB

MD5
f27ab7ed1174c8427ab6add88f15918f

SHA1
d25f07503cfb786c9b956d8f7aaaa5c3b8e66e5f

SHA256
2bf430800e65ccff282753a7cba66ddd4fe3ac6f099851dbc6e3397e95da6f9f

SHA512
d432db7beabccda3393b4e9e4dc377bd1d0bfbc6eda5a3d785e0203aad3d554c8e004413ec96122ca0b3a50af3c5cd9bf47b5ab228b44d15db69cae78a5141b5

Download Submit
/data/data/com.baidu.roocontroller/files/libcuid.so
Filesize
129B

MD5
9519aef60c286060e0fe896f7b120e36

SHA1
d01b140622974082aa8afa868ceefdc835746e58

SHA256
6fc14d298aa4c5d7ebe0391f94a86cc7983a40889f093c19265f4486d3d2b2cb

SHA512
ad419839f6d1b7f434b43c2ca5c36fe2afb6df3d9d5194cd1552eb751a586aacd121a61d8432222bfe6a42acc77abc8f5bc8d04072f297125b2607f6eacf5801

Download Submit
/storage/emulated/0/backups/system/.confd
Filesize
24KB

MD5
8c7f6e3b52e6e841b895bbd13644ed43

SHA1
ec8daf46a7eb99c75ea1ce8582ef77b2df8455d2

SHA256
6615188d5d8fa77b44fbae7a249d073b3623316e7489c5fec95fe53188ea467c

SHA512
cffafd628e62fa915872796ee02dd8119cfebd6811291155acd400986ee5d34b244ab3b5d0bd386566724205771f665571bcb04950d390c5c60072fdb90c5280

Download Submit
/storage/emulated/0/backups/system/.confd
Filesize
24KB

MD5
33f54a04e9aa1de9fb3a3c2d75319a4e

SHA1
4d9c0861d8e895bba150dbf40878ccb5aa476811

SHA256
5025db474895563f641b5e5037fb8f3d97a57374bc9c3f363a101a6d5b622566

SHA512
308ba1d0cd1ae3a5d808a7abe1efba7527e6bdf62271419106481d6339cc85449120b642614379d3d3b760f017147b833a6ea2bfefae8f0da1fbc0f07b40cd71

Download Submit
/storage/emulated/0/backups/system/.confd
Filesize
24KB

MD5
d92bd35d499135107f82aee32b1e17ed

SHA1
c3b37131c466e5663a2cef7f8c175586d3074dc5

SHA256
16b6b7a79fb6b5fbfb49eaaddb006ed412c867497d0405389207f35cf00c801c

SHA512
197d8ae61f79140dcec216ab65c9185c1924ed474bb4ad788a78ef48067a37288b87e898e588e66cdd42582237abf102b8a4a5ae975a2a47a54d4783fe656b36

Download Submit
/storage/emulated/0/backups/system/.confd
Filesize
32KB

MD5
4585ea7d92fce080431022710d6b47ee

SHA1
c7cf7ae59de1b70a9812156886ab1acb3dabd78c

SHA256
6588a3ea6a490b66288eb61cf0d01179d5c0a1c2f67e9b9e41416e963d1a514b

SHA512
d18c4cd8b1ec75eb603611367827f3fe1838014b5036e791eeb3cb5fc906459eb1937cf90f2ce0886f409330496950a482e41d4ba52dd1d4733b7b441d66ecdb

Download Submit
/storage/emulated/0/backups/system/.confd
Filesize
20KB

MD5
249e034c9703afc1fd6062371c7f3da8

SHA1
9ca489179488e0fe5a35f7c0d5887f163e4890cd

SHA256
18fc5cf216b05487a87be99a662e7474bd54120f214e034b3179f40ca989352a

SHA512
b819b152548431c7892678ecdf23abe44cbdcf80e8f22707ab32a2aedb5356346b27e3c3e750665ba893d602af1c7dcca97edbac3c820859a0fc20714c22c0bd

Download Submit
/storage/emulated/0/backups/system/.confd-journal
Filesize
512B

MD5
148d323d36302ed10690eb640ca48296

SHA1
51d8767183e6d72b25f2ee6f38ba71d474203ba3

SHA256
020bbb6511ce81b5fb1646a77c3e186e67db182eed55679f3d6ee2c5fb70b1b5

SHA512
33708fda5535457f91e61c63a6e119cfac384e63ecc4122ce60ee0162e59112a8ae14e4c2c868ad7604940c846db3b3f6544f6db4ef69f12d8fc3d3347bfd565

Download Submit
/storage/emulated/0/backups/system/.confd-wal
Filesize
36KB

MD5
73e32d49369725e3b2c3c42511d145c3

SHA1
f26aa9920e209d1436be8cff1a0b8845af62ef96

SHA256
27e0045c38f71d118838f2e7e37716540000d87e322c4c0c9944baee32667c80

SHA512
d43c04d3a5951a725c4bba8811e118e4b6f5a881331e7f31055feabad6ab6f92df5696ebafd5df8279449aaea849bb47718f8119536dff02e1f821a41560abf3

Download Submit
/storage/emulated/0/backups/system/.confd-wal
Filesize
12KB

MD5
3a20b0da6aeb105b63c8b72fee0fe355

SHA1
c05074ad9628bd03d1e2e9ba2029a7313ba4355d

SHA256
09dea932a38ac91f738171f3737221e8a15886b9d5cfc96a75417025a2553a87

SHA512
c49577aeb670b29cc3632186966c8d89b714c09cb0a8b160dd5b016ece191ca095cd07ccbf365ea22694b37976855f9954c732a1da4c82d78a97b5ada06cf9f3

Download Submit
/storage/emulated/0/backups/system/.confd-wal
Filesize
8KB

MD5
4f3181fd4a7a0ab4cfc3e8b50d8226c5

SHA1
05d2eb40f591f80079f4d596b92290543b595d96

SHA256
2cc80d8a752a16c06a9a6d2401182e09f152f5612d3cf807a8112fb181db2214

SHA512
35aa5dc5d13491a4c564eeb27a4d7ca9dd0ec716b0c7c77521177550492eddf722aabeb78b812415e446854d4ec02df88db4adc6a14185a67211d882088f40f1

Download Submit
/storage/emulated/0/backups/system/.confd-wal
Filesize
8KB

MD5
0ab97fb926fee3a9c61b1d69d3628aa5

SHA1
f803791c22369f375d38c3089c834a40b433385c

SHA256
8af20a8ed15f41bf7aee4fda82e6a72a40d80517c96baf3f5e1e398e85d81f80

SHA512
f2ca2af49dd703a39730eb7ea520193811ef11d0b365ae591ea79cbba4ead51471fe158a1c822e4217b5c9ce2109b3b3c38c4f0d105e9e9d96e71e656f50ab89

Download Submit
/storage/emulated/0/backups/system/.confd-wal
Filesize
12KB

MD5
0aa07066003fb50eb8de139edee5c89e

SHA1
b76ba1c25322845e9dd89518c72c1a3e2028712e

SHA256
ac823acb2257bd9f72a7aa4073a22e7128d189253a360bf30b7909953d66e742

SHA512
52a03c4386ae0d8db8ba70db0f54bc56069432aebe73a2e1ed7f4607032294d58e4b51920615b09ce13e13fcaabee61bf0739041314c1cd1d002b894b428ace8

Download Submit
/storage/emulated/0/backups/system/.confd-wal
Filesize
8KB

MD5
367966a3f953b3cbbd4d508f3cb74832

SHA1
0d495c6b58ffaedd67129bba3ff2f856f833805d

SHA256
c5cdb7d97395992574cd9f7b8a8483e448f588f5e23cedf73ec74771908a0116

SHA512
76312027c9af32b4ee3739d262143dd4420d8485cea6b0a3d3c4f7e4c0d47eba7bbffd660942eeea4952f82f44943c6f7de0e41674a007b63ed507799f36e281

Download Submit
/storage/emulated/0/backups/system/.confd-wal
Filesize
12KB

MD5
6d478b4db45e51293b8be0e9058a5215

SHA1
043bf58307f0f7f997871d0b71967b864e9d1841

SHA256
8506481a3e5ab9beed8b96405562d0c2875e7ce10d70a13bac8530c831813b5f

SHA512
5b53a20b61e9581a009824c812099eab1cdec52b1a0714878d4685c0314e2c483fe30cc42468e20f4f678bb24bc8bc9b8c0ff5fc9b1b897a5de4be0a7732faf4

Download Submit
/storage/emulated/0/backups/system/.confd-wal
Filesize
8KB

MD5
0f73496b9c6a6de57dbd00df0e4f357c

SHA1
02468b06e8bbf6b6b934aeb191449c1fbe2ac2b6

SHA256
24243be68c4d49cc3616fd98b55bd9992a7b92e4453f243750ba8cce5ce25bf9

SHA512
3907f2ce62cddf1524ec23ecded750a0fdbf9c32df5809a92ced9241fe68a2531a88e0ae06024151cc2c6bc0a11f0f96449fcbd7df328907777be564e9bd4e57

Download Submit
/storage/emulated/0/backups/system/.timestamp
Filesize
25B

MD5
4a6ae94fa884dbad6b3c4ac8910064aa

SHA1
1fb0c815df9ece68b54f273e42baec308b1f1c0a

SHA256
746c8c516c0d948e156303f31a9644db2cd08ed0347ffa7d37d34e602c29dcae

SHA512
f7ba4f22167433a43baaf613a597ea9e0a8af01e9b38c1d21f7009bcd90d9ac55d08d9af1f2aa9a5ec9bbd3d16c85db5a27a80619e8eaef39db8314af985054e

Download Submit
/storage/emulated/0/backups/system/.timestamp
Filesize
55B

MD5
b27376e70896ba1dc95faf0f0e10429f

SHA1
cb6f63871f67cf9bcf14383c0fc4aa56eecce0ca

SHA256
4ca27a24eb11b4b1976b18cda3edc8b4945d6ecf8b0cea96cd6e07eead005577

SHA512
b9f1618ddb170673480e0c49512e124cc7217dd0110dbc58ccc186f8a01916890d565cb38591a88ee6024d08ae811b36767613982ce878203836306555c16a91

Download Submit
/storage/emulated/0/backups/system/.timestamp
Filesize
84B

MD5
6851ea1560ac4fef49b97894646532c5

SHA1
610bd973b1f0f3a0555b3462b2e9aad6df78b6e6

SHA256
7b28359b79be98ff5b4830e9f456d33971c04318d1faf7b754f5faf5ec51ea04

SHA512
2399115e75d31a2fb50e7cbadbfec52f555f94224d3a1814846ba5ab3440f7cd6d5fa1158c94ec80880d61733b4331c179da49af320502a45714bb06f0051c89

Download Submit
/storage/emulated/0/backups/system/.timestamp
Filesize
114B

MD5
69d45059d013c78b3e29e9e1525f903c

SHA1
923f662041e9744b4140b3d29ba7d4836f9bbbd3

SHA256
e599834c2fad726bb891e47fce651d2fabea2d7cc0e1febca8714739f0bccd9e

SHA512
2acdfe8956d1e4cf661a7d134027dc629c04abb5fb11465cef2eebdba8a68134f5544e729bcd691831c2a45b5ec50787eee2054a215c7561bca9ac33e5295cdf

Download Submit
/storage/emulated/0/backups/system/.timestamp
Filesize
138B

MD5
9c107fe748026a6913231b1849af1532

SHA1
565f89f683a274714d039e2632e84a3ebaf45aa4

SHA256
1272cb174dc186d716403150fe0fe6c00dd0cd07e0ed3ee479cdc6482d3fb124

SHA512
036d78ce67e69219f54e9cf52ca72679bb772a0e32a01c1d7d593cb920366679e99f3594c21e2bdeb9b27b72a09a4c78782db1cc26c9c6f410eeb37465ff0c67

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads