c14a60558b26ad8952235ae418120dbe8d9809802115a11c2d6205c123b2cf51

Analysis

max time kernel
160s
max time network
188s
platform
android_x64
resource
android-x64-arm64-20240514-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
submitted
28/05/2024, 08:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

com.baidu.searchbox.novel.apk
Size

2.8MB
MD5

a91100974bbd2c98c6290f252c48eb92
SHA1

77c42c566b682a5f9d5ca059fe92923f0645e6b4
SHA256

dc1600c45a5d6db01aaf6d2a7505d517abdba01f30c089bf6560d4df65fd503e
SHA512

33967e9ecba74206983909ecddf1176ef465460c10e0124434c954bfba6a6c08a3308044b6026970c30610b4bd2af888df54cea1cf0441f89f1eecbc6cc61fc0
SSDEEP

49152:kLecQ1h4Oxcmem4RygNBo6fTP+neO51rUgIzw4YdYzJKKkMr/mRfmCG8I6v5Mthf:kWh42exRyel7PgL+M5sxcTzWhdJ

Score

7^/10

collection credential_access discovery evasion impact

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.baidu.searchbox.novel

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.baidu.searchbox.novel

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.baidu.searchbox.novel

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.baidu.searchbox.novel

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.baidu.searchbox.novel

com.baidu.searchbox.novel
1⤵
- Checks CPU information
- Checks memory information
- Obtains sensitive information copied to the device clipboard
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4649

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.baidu.searchbox.novel/databases/SearchBox_Novel.db

Filesize
20KB

MD5
d437d018d36b88103514bf005e7df3ab

SHA1
d30fb95b780de1d174dafecfedd2ad528b38eb5a

SHA256
1d18f420caa778b8be93faeef7e2b55b11a9f97db5293bdbbc8e619a995e6c70

SHA512
97fe32d7398b3f611e047e872a88d62233c1de02574855dcc1826b2ffe1f025867fb894bc8df079221df10816bfd6e5e8e7c2b3531e9881650d10eac3a1c9ab3

Download Submit
/data/user/0/com.baidu.searchbox.novel/databases/SearchBox_Novel.db-journal

Filesize
512B

MD5
ea42c020eb7168cbc7d909fb189f105e

SHA1
246023db0897da9af6e285c23fb3d6b6b8ad1cab

SHA256
4e79a4ca756df251acb00eda07be256f2dc8bc4a8fde5d8c71d8bf20834e74cd

SHA512
d84ddf3058e7b697deb79c480b9d99eb05b8889a6bd73353aa4684137d0ff455fef63244c955b8b33a543ef74b647e41e9a513d83f19d6fd8fc0c3110e8f198d

Download Submit
/data/user/0/com.baidu.searchbox.novel/databases/SearchBox_Novel.db-journal

Filesize
8KB

MD5
61bcac80118b15abf81ceb5d928e6cfb

SHA1
e8581ba71a4f5ccdc16c5179386edec148cfb12d

SHA256
d8049f6003e4f5b5b445277f4da12e742697deada2159333bda5383b95970d6b

SHA512
4b02f8c8c574512367532863a4b31215bedb595502391119207e9c794862781c4f3b9242d0fd06ee31fa7e6c6010724fdfa058e37d8b9230d6f0aaedc70e25bf

Download Submit
/data/user/0/com.baidu.searchbox.novel/databases/SearchBox_Novel.db-journal

Filesize
8KB

MD5
20a697128d224cf6e4dd86c1758219b7

SHA1
e33be94312f0f891f5f9d46100ea76c21ad42088

SHA256
ba22a50c3385baed42c4cbf65a65aa55c200ef17dcfe32e3e1921ee3331b3e51

SHA512
162e048033dcdffedbc2c1693c0208ac2ae5544ced5953a43aa625d5f85c125bb173fafe7da7c6722f5d0ca0b7c8b1b22ae66dac0db57c1d98ac2ad8bec698a3

Download Submit
/data/user/0/com.baidu.searchbox.novel/databases/bdbehavior.db

Filesize
40KB

MD5
cf22db914a15da0a33e52412ec03358e

SHA1
b48fa174099de346257e5fd3bf0228a7326120cc

SHA256
d4cae964f145d420fb14a19f2fbc1ce466e9b7fa2bd2d177f4c9581edbff8f23

SHA512
0031fdf956ec19ceb089931246eded94abd2cb84878a58b6cd7a7e1784cf3a968386afd31824489cbcc55f0105e272275c363e21589bbbae87dbf07e45dfc53c

Download Submit
/data/user/0/com.baidu.searchbox.novel/databases/bdbehavior.db-journal

Filesize
8KB

MD5
0cfa6d6ce32ba515dca4858e58e15876

SHA1
4de6fd57fed7eae3ec3c4309015d34dc40106495

SHA256
f867a0b6d9a6b6c727d94b86ad50dafa776de4434d7212886fad97aced486925

SHA512
f2631ea940916e0cce3aabdf207ab32b4f4ecc1be72cc11a0bcb9b126474475fbc1fe728683706b547531ee330f07a23fe7898dbec0d5e0875142a385cc04620

Download Submit
/data/user/0/com.baidu.searchbox.novel/databases/bdbehavior.db-journal

Filesize
12KB

MD5
9636338dc908becd7b21c054b80f70f6

SHA1
9f65d8bb5118ebe70d993e651fcab1544c98009a

SHA256
3372d525ef2e9833cba150ff336a003e47266b528108a0a9b02dfb65b9505979

SHA512
578950f18008fc36cb94cd910a44dfec5a40d0f7e0cbb0b68f4d907b3bb777586d56725971bef331b9e6172becc2f146222ca97527bd7697ad3bc7e7937d7505

Download Submit
/data/user/0/com.baidu.searchbox.novel/databases/bdbehavior.db-journal

Filesize
12KB

MD5
d18830a11587bb45913dd39502307314

SHA1
dd03f7ee406f2cfaab1ac250365a8f496b9483ca

SHA256
9c79a6c959ff82d72cd14b308119704d14a85af43e743bc263464a50d8e622c1

SHA512
abe7cd513a25d0c142b7d34cdc8f5ca4f94716a8f62a9bb914f08513b88594dcf7f57ce56b0c342ea946e5f231d7e288833072ad2db6a8d26f5738e3d16bfdfa

Download Submit
/data/user/0/com.baidu.searchbox.novel/databases/bdbehavior.db-journal

Filesize
12KB

MD5
d634f3665caba3a7e64b5d5181fe6d15

SHA1
8bd72bdf66cc229401162ab1560d65eecd29c5e4

SHA256
04252421da0811536ce3c5c3a55f824c3f0250af1169f7e4ddda630e3f972942

SHA512
a0a33ad8ca16f76084a1545a2c46b3131fa8e88e1b5e84255187f59345035f908a814003bcaebaa7ebe32904ae914c6c91ded879fe249c0f5137f8ef8a9d2c9d

Download Submit
/data/user/0/com.baidu.searchbox.novel/databases/bdbehavior.db-journal

Filesize
512B

MD5
51bfa1eddd31d137a01e3021364fab48

SHA1
ed7110161e841fa325f8dca8e086cb6d9813eb24

SHA256
49d3102063ee962fd7d5557e75d05933ebf91423af54e8b87f58e81c95d4748a

SHA512
66555859fb3cbf3b60ee7291c5514b8d272e2ffead08c6117010cd2530e82043e7ce2cbdff0034d92bbc6c1576005c43a5289be91b8b6ad7d2e2f61690a87292

Download Submit
/data/user/0/com.baidu.searchbox.novel/databases/bdbehavior.db-journal

Filesize
8KB

MD5
4ebd02a137b7ce7ed97b76d90a139dff

SHA1
bb16f9cfa5e393ac3ff49e44b65040e8364d3535

SHA256
3511072126608e71a78e4f2bad288a5a3f9395604ad409f1f0b0a7d2b419b7cb

SHA512
2323178dde76412e4b0cc4103be06a083041d22c8ec2594eec2624f4d8dbd345c89ff79f59985502a768cc6f3b6e0f63c4b1ed56a9a8ff31e0bfbf328b22994e

Download Submit
/data/user/0/com.baidu.searchbox.novel/files/libcuid.so

Filesize
109B

MD5
27cd032ea7e2bc3e0d548aa3f53efe8b

SHA1
9d89a648c5a14fa8f0ac309cfc2ca1c7e86f70fd

SHA256
c448b9949e1274c7c3fcb6fda25a4aff62f01e32bba589ae02aa0a59a5d6445e

SHA512
91201dd45a01d0f1088c7f67405dacd45ac836f5d052c14443147d67e6c0d2378599e885f0549d4440d8a62d6b2fce675af98f44057575f4344000eaac87b292

Download Submit
/storage/emulated/0/PlatformSDK.log

Filesize
62B

MD5
d804ff23fe18b47a2c567379a88d3332

SHA1
b778d7affb085a5ac600f12f1f11d672594ce82f

SHA256
189c40bda3ff27cc94119fa55fd5674dc2b1febae1085651b9925aa6ad9a26d4

SHA512
68390c761e19d5e3d05824d0acd77c2f37750e84bb906865aa26f262ae4786bfb69137ad64be7319a27a622d829f717ca65c88676210662969975afc7484e811

Download Submit
/storage/emulated/0/baidu/flyflow/cache/img/journal.tmp

Filesize
31B

MD5
8c92de9ce46d41a22f3b20f77404cc1d

SHA1
8671a6dca00edb72be47363a7071be65cf270373

SHA256
68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

SHA512
30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads