c14a60558b26ad8952235ae418120dbe8d9809802115a11c2d6205c123b2cf51 | Triage

Analysis

max time kernel
48s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
28/05/2024, 08:12

Sharing

Report Analysis Logs

General

Target

com.baidu.appsearch.clean.apk
Size

2.1MB
MD5

0728a78f509210b743d7fa5d6a2ed47d
SHA1

646548ba7f4fd6735ec3c67407facfe8b4da8b5a
SHA256

3381d5fb20ca460907d9c73c5c3dc120062119a5e6de84e21e6dd5b3e83c0f5e
SHA512

faa14176dbc20762ea7125a444578add80db0c84c2df094592c63134f90832acc2e39a4a68c9a7a258c5176263d7b7750d95821a05b1c13b92f5dd8204d16720
SSDEEP

24576:oQu4Xif5lMi8xl6cTddCRnAdI9hFaA9IfyVz3K7JCDYgYza7uXBrb9xH6IShmX68:oQpXpiPSddCRnewhVDK7Ekg8XBzHCmf

Score

8^/10

banker discovery impact persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

Broadcast Receivers

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.baidu.appsearch.clean

Checks if the internet connection is available 1 TTPs 1 IoCs

System Network Connections Discovery

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.baidu.appsearch.clean

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

Data Encrypted for Impact

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.baidu.appsearch.clean

com.baidu.appsearch.clean
1⤵
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4337

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Software Discovery

Security Software Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.baidu.appsearch.clean/databases/app_control.db

Filesize
36KB

MD5
c6ab0301a2e734d12c74c255138d3588

SHA1
2af67f5e01cdbdb4986c702da220f17fae29cd5a

SHA256
d1b5d733c988d1d51673ff34654f02a747e8a3ae332ffc2343e8479be5410e71

SHA512
50309cb91bd9192196aea6146ccf5c29466a59e5189e1b74c8f9031ee488b7e238a8a474c5dfa3776ab2241431b22f524d2668bd78265d0acab6bf87c116eeee

Download Submit
/data/data/com.baidu.appsearch.clean/databases/app_control.db-journal

Filesize
512B

MD5
6b7c6b4e84c8d696faab089b30ab37dd

SHA1
f901d9e376efc974bafb663abe2253e1691a0b07

SHA256
25185f85f879c9b3570f08afa3e4e9c518c9c1a4e45910963a3df31737d58927

SHA512
408c950fb305a9cc51f7826a9b4a7c577181600e464ab818f90c2e4496dd37a50b7e4b63838406b1e3357161ba4e7e2047997953a379088c42d8afbc90f8408d

Download Submit
/data/data/com.baidu.appsearch.clean/databases/app_control.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.baidu.appsearch.clean/databases/app_control.db-wal

Filesize
48KB

MD5
8dd2b96dc001fea019c9bdf3d5c93d02

SHA1
02c8a21fb251773565ce0062bae0fce4b64cf03e

SHA256
bcdbbfad14865447cff7fe9fa30aab44cf8f9d9a38c5d49b040aeae1f8e6a5dc

SHA512
0dd6b159ac6422514a8345e53fa392a5aee8560f02d47faf6a0ffeef728317c5c9b8350f8c3be2e6695ce6151e20be02c8fe01cc49eea4cddeb6cb9e9f485ad6

Download Submit
/data/data/com.baidu.appsearch.clean/databases/appsearch.db-journal

Filesize
512B

MD5
fe961a9db98fedd75d37167d289d4fef

SHA1
ceea705f9c851404f73e8f611d7c6d975104fafe

SHA256
d117a7e6f1fa7d94992325fed7dfd7e9e563d3cee8ab113e80fa6df269e71cc2

SHA512
728ca0f2012a5f6b2b18fb928e37ff8287950f94229e05bf544b3aef02dff6be0fa92e6592cd46486ef154910ad0b8857e395e12f37eaaa29bedbb61b2817494

Download Submit
/data/data/com.baidu.appsearch.clean/databases/appsearch.db-wal

Filesize
32KB

MD5
ef34717ad64e2dde2b4f8a77475011cb

SHA1
85fcb2d92677af646dbe322779365fa689238bf8

SHA256
0e38127ad2f3216dadccdc207bf6b390c4301309445c9ab87acf5a4447794676

SHA512
5b5a7f13e68abe6f588af3e4907adaf1cfa16bc646ee76176c458f372d856f4e3a980c85aa16f8568419b46502dbef94835e48e44359d8bdbf710cd8c4b4a9e2

Download Submit
/data/data/com.baidu.appsearch.clean/databases/bddownloads.db-journal

Filesize
512B

MD5
efb3754ca6dc90abf1b67cce60ece29c

SHA1
7d8a916d68752f0db3296064ce1909b49d43b161

SHA256
e0d93804a6d0b65bf097989b6f2ebfce0130b8e0dd5cd3a81108f3b865120a90

SHA512
ebebb4f63b8c3fac0307d94b38b26982f3e0729d994db613ca1862ff3ac6b6b282b2744216dc908f82be88dc57124620534d2995d035d7c66a241fa27b6a3a34

Download Submit
/data/data/com.baidu.appsearch.clean/databases/bddownloads.db-wal

Filesize
32KB

MD5
d2d234782c560b049eff93e8925bf001

SHA1
c06f4cf77e200143be5b5194a3aec3b109f4cef2

SHA256
d84e038777253cb79d353c66fc4c920faaf6263af57a836ea9dc005629ba36fa

SHA512
bb8d638dc7a8746b417133824e7ff988f57d30819bc2be84e548d56950c56799f70bd46d5b88005fb0909bd55bd5be9139834a81a9a376f4c6fd7c7acfc347c8

Download Submit
/data/data/com.baidu.appsearch.clean/databases/bgscantrashinfo.db-journal

Filesize
512B

MD5
78a600c23cb01a9d608881bac31fc7f3

SHA1
51a6aa0f73ad56a0a12d6b50a032a96d2492effb

SHA256
123ca059ca9ccdb0fb67c8254702b61d6cf2c39dcd1559d8b39f481a233a849e

SHA512
1142d2b06ef02c671908e7818f20bf7b54871ee7b84d6b014c43f71ebfffa6a5bfc89356ea4ccb2b8d524d8480ca0c950885369dea1fe1e007a14a2e8a6274e3

Download Submit
/data/data/com.baidu.appsearch.clean/databases/bgscantrashinfo.db-wal

Filesize
32KB

MD5
5341a38fe601c085e9ad90a12da8fd4d

SHA1
4f32109669aaf7b223c7084a4078fed630b639fe

SHA256
58adea2ed90c77289d79020e47d1d6ff530e4d7f5bd60cf6c8c63e60434fefb8

SHA512
4ad1e14005425dea312263b4bddb21a9eb5a10b9c9394b080a028d29c0b8efbc91c4fa06aa83dccff4bf2bf28e90177516b924d604ebda838348bf350cbdc180

Download Submit
/data/data/com.baidu.appsearch.clean/databases/cachedtrashinfo.db-journal

Filesize
512B

MD5
8c1abf862ecf946316b5dee94ea0c9cf

SHA1
ac97bf28ef0a5158842275c2db2ef556c4c5e5bd

SHA256
a3d39e03751e6cd2489486146dd116174b4fceca9f3d3045e8043bcf5519be21

SHA512
b60b191b6d36339b75207826ac70efe9447c4ba01ad7105b63d7a7c880b51a3219b7a00db4b4f70b9aeed8c0eebd5548f6366cd640f9d2884adf4fe5e0325dc7

Download Submit
/data/data/com.baidu.appsearch.clean/databases/cachedtrashinfo.db-wal

Filesize
44KB

MD5
3a0c1119a645e4c53b9f1b2ed6c6b060

SHA1
aa5d987c9c20a66ca874df7414b60bc83f5ead2e

SHA256
e2bf59ffe0615e9dea816a06773c73016b0827c1435ba1fafe3357732f8a9056

SHA512
82e2230c5b634dd3ca52e2ed29863edde98f24176ed6f91e026adb6ac3e759cfb3e9dd600b5d09d54c9423775c32d068ec189500cf0a7e72bd4174264c7cac2d

Download Submit
/data/data/com.baidu.appsearch.clean/databases/downloads.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.baidu.appsearch.clean/databases/downloads.db-journal

Filesize
512B

MD5
3b41b2c7b9f17f2129e98e8adf357806

SHA1
e2497312b6c557cc7e2ae6353d8e00c24699cac8

SHA256
e4e8b856d59fae3ac0975c8b35b2c5ba59bee7341f552ee3e8a975d9757032fb

SHA512
7f1a103b1901a4f5607ff178ffd6c38cc7a00d00e8055e9b67d38d186a22d4668b8fe46b1422798264c92ed62ab070689924cb46890e1fd46c3b9d3a5861f5da

Download Submit
/data/data/com.baidu.appsearch.clean/databases/downloads.db-wal

Filesize
32KB

MD5
a26cb61d372871079abe5f9fcda45dca

SHA1
91664dc05440ee03cae8be75472a310a4b0d5b45

SHA256
f23bc467248eae98ae349c8c6ad9222a8eeff0871c99eef2730f9e16ad89da1c

SHA512
4e0f7768e3dba7815c89e2313eaad67d4e60c2cbb1965dfc5b2f04bd9e7922a2ec503ae425feb8c5eda6410e9fe15d8b46f36d585d2417ccb05225d0afa8b8a4

Download Submit
/data/data/com.baidu.appsearch.clean/databases/server_config.db-journal

Filesize
512B

MD5
fd73a5fd479233c786a831086777a8c8

SHA1
6e912779b0f28a314f6bc36783dde3890b3d7c87

SHA256
107dc0010eeaa243352ad4afb799e11257c3d48220808015d1759a4453696971

SHA512
51f707edc56c42bcc4412cc2a0d252723fb40221366578d088c7babb2222a1e50be2f8ff9142a8739e03c90fdb22072a307ac21e46d07e9b094dc3419969f6b3

Download Submit
/data/data/com.baidu.appsearch.clean/databases/server_config.db-wal

Filesize
32KB

MD5
8038d6ddd1addfa490e72903da7b0673

SHA1
5e6b46ff523e33cd7db942f05bbbedf3d4cff116

SHA256
d6c4c6ce8bf9c0fa6a8b091de8b011c989cc202d8d029204066ba14e9bd0e5bc

SHA512
1d55fcb390a4295e443faaf3f6f22f66f1e008a48a0bc94d46c7467fb60e6381c3424bae50cbf50b6b1a68717e633ab77b45c970dca30f961824c77327b08e91

Download Submit
/data/data/com.baidu.appsearch.clean/databases/trashinfo.db

Filesize
487KB

MD5
701b6fdbc750cef34c09edde8fdcf612

SHA1
81f7070ec419200b013cb2c336939eee5903a2bf

SHA256
ba14faf1e7be6a645e4c944483e8f8c491e9b8e3bf0d9480a3653537840bdad1

SHA512
d4a85c21262086bdc5d11efe25f9cba0cfac2e0fc6ffa0d020dfe38f2003a681b557d20a68253324f41bcd2460c64ec6351762a184ff2392a97b7024d84b4218

Download Submit
/data/data/com.baidu.appsearch.clean/databases/trashinfo.db

Filesize
3.0MB

MD5
da2eb82b6779f1b17e267ab11858ba24

SHA1
a4607c31a5b387dc5a6e732ee3b94f6d9953586e

SHA256
fc3bff145ac506a708253379747bc7973f591c1f0a3a77aec127f74a896fb4bb

SHA512
3d5dd526abfa17ebea74074c290dc0d4ea3ddd31281808a3857e08d5705e8b33d54e49f30fb441f82f1f2becbbcb695ae860a130948b9159ae997604227d672e

Download Submit
/data/data/com.baidu.appsearch.clean/databases/trashinfo.db-journal

Filesize
512B

MD5
2363671fd36a55a6d86fe5aa3c61b53b

SHA1
31b9cdf5d16b09456cfeac205d35a17110951568

SHA256
b753fe4395df56fbe403d10b7165a63a06c9aba1a541736e727f442717053a32

SHA512
e17715c0c74895593b10c4e196532300b1dd1d263af5c0d7a1bca363d7fb7279b3c22a540d2b8208420855595c32c722a946bfece78e91aba6ba56f5e64e80ab

Download Submit
/data/data/com.baidu.appsearch.clean/databases/trashinfo.db-wal

Filesize
76KB

MD5
d2e34d8d8bc72b36c9616befe5a5a91a

SHA1
2ab8eff33b258a4c952dbcd2b20f35d535675b12

SHA256
3caaf5ce74cfd3463b08ee147e3b2a6c31f9e938864a0e603fa06dd5555101a7

SHA512
6b129104338fe319367a3444c4776ac1d975dc7a692900f3ccb2ba5c6e8a07cfc7ce696084b1ac6c056e80f52d6d5566181e34b9a4a50becec038f0b9b382c4c

Download Submit
/data/data/com.baidu.appsearch.clean/files/libcuid.so

Filesize
129B

MD5
f54f82080ec139596409d8d61a29557a

SHA1
624915c2b2542c4a7a113c83b57f7dec14431732

SHA256
39c324cad73d899b19e3cdcbc6ef532d9db786463e1a3d6d4d3fa7f8411d78c0

SHA512
823115aa3b6c7e2e0e9b8cb39ae2aafed9189e732b23025f5b89902716b8263f1d1f11d4dbbec5efc17f1d057861a1b9d1dc9d31a4adab8120e24139dfbd4c13

Download Submit