8dd0922a775c1fbf612108d54aa45965a480519071ce32891ea7e2ca2ab30097

Analysis

max time kernel
137s
max time network
153s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
01/10/2024, 03:05

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0424d177ffa3a29b1e273a3d64ef4383_JaffaCakes118.apk
Size

5.5MB
MD5

0424d177ffa3a29b1e273a3d64ef4383
SHA1

c6e26363c1d9d8c3d752918ec1a133e36330283c
SHA256

8dd0922a775c1fbf612108d54aa45965a480519071ce32891ea7e2ca2ab30097
SHA512

fcbdf49fdf44cfe04d3de8c8cd3e4ac5fe0018c828d48ee21c30736830799a836116d8c03cfc9057e4212f78ebe0bd03aa6cedcbc78712c2d78a8c0b85488f60
SSDEEP

98304:/hI84+07xZ+MecqRDxXovnfI44OgJBLgw3CW1Wfa7DgQxorhhRYbVo/NZIprR0ok:/ak07PojRDx4vnfI3PJD3Ceb/t2r7Rv7

Score

8^/10

collection discovery evasion impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/xbin/su	com.baidu.haokan
/system/bin/su	com.baidu.haokan

Queries information about running processes on the device 1 TTPs 4 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.baidu.haokan
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.baidu.haokan:dl
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.baidu.haokan:haokan
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.baidu.haokan:bdservice_v1

Queries information about the current nearby Wi-Fi networks 1 TTPs 4 IoCs

Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.baidu.haokan
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.baidu.haokan:dl
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.baidu.haokan:haokan
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.baidu.haokan:bdservice_v1

Requests cell location 1 TTPs 5 IoCs

Uses Android APIs to to get current cell information.

collection discovery

Location Tracking

T1430

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	com.baidu.haokan
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.baidu.haokan:dl
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.baidu.haokan:haokan
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.baidu.haokan:bdservice_v1
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.baidu.haokan

Queries information about active data network 1 TTPs 4 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.baidu.haokan:haokan
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.baidu.haokan:bdservice_v1
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.baidu.haokan
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.baidu.haokan:dl

Queries information about the current Wi-Fi connection 1 TTPs 4 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.baidu.haokan:haokan
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.baidu.haokan:bdservice_v1
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.baidu.haokan
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.baidu.haokan:dl

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.baidu.haokan
Framework service call	android.app.IActivityManager.registerReceiver	com.baidu.haokan:bdservice_v1

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 3 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.baidu.haokan
Framework API call	javax.crypto.Cipher.doFinal	com.baidu.haokan:haokan
Framework API call	javax.crypto.Cipher.doFinal	com.baidu.haokan:bdservice_v1

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.baidu.haokan

com.baidu.haokan
1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Queries information about the current nearby Wi-Fi networks
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
PID:4249

com.baidu.haokan:dl
1⤵
- Queries information about running processes on the device
- Queries information about the current nearby Wi-Fi networks
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
PID:4279

com.baidu.haokan:haokan
1⤵
- Queries information about running processes on the device
- Queries information about the current nearby Wi-Fi networks
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Uses Crypto APIs (Might try to encrypt user data)
PID:4320

com.baidu.haokan:bdservice_v1
1⤵
- Queries information about running processes on the device
- Queries information about the current nearby Wi-Fi networks
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4522

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Location Tracking

T1430

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.baidu.haokan/app_baidu_ad_sdk/__xadsdk__remote__final__builtin__.jar

Filesize
79KB

MD5
4c29ad33f5b128b923b426e9bb598f83

SHA1
0cf07f1d7d6e230f8e6ad6a2db453ff1450aeaf4

SHA256
0a640d60884fddfafca1eadc8a88e3a5142dfae2133dfacd9a51f8dc954d19b0

SHA512
74f8cd64845c096778e9eac8dfc6772f487dd71dc1388b53cd2bdaf56f2412227149d33bd83a4740c0fdf237b449d7bf115b7f5263e1e0de17bd749c7e35aa55

Download Submit
/data/data/com.baidu.haokan/databases/database.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.baidu.haokan/databases/database.db-journal

Filesize
512B

MD5
8a2b4758364ede48d8888b69cb411137

SHA1
abbb9b46825075909324c08b8cb1e29f304f1886

SHA256
08aeed0960f71577e81131ed2435b06d0eecde2479f636dce8b711561e30f89e

SHA512
c88b4aa2ba38a175cd51bc37810efa02a33e83b1dd435f7f1999462ceaf109849be96e1e54248d6d87e100dd5f92c24be8f3100f60c9aed1cce3f6c8178dd6cd

Download Submit
/data/data/com.baidu.haokan/databases/database.db-shm

Filesize
32KB

MD5
2830edee4edb75fb673fe39f031feb15

SHA1
1e8bc9384e424cf88100cb07e4633f253424f8b5

SHA256
4b8d11fed356d687e6f511e6d50fbd2aebf016ae6ba8a895d4feea8d62871631

SHA512
a9735dc7abed270d24ac11bf587c9f141bcbfd2764893668a09dc120155eecbb1457053f6033be4c7018addb38c49906082d4f85a8e789d708e9e579f9a67e1c

Download Submit
/data/data/com.baidu.haokan/databases/database.db-wal

Filesize
44KB

MD5
c14fd2cb3535465b7ba370ce06066a33

SHA1
96f178c332a82bbae25566ebd9342c377e0fba53

SHA256
ef871871ac1e5f46b360c9739b29dd188e4f0195ab6e2c9ef94f0859bddd49c2

SHA512
8193c48c9abc754adca298be8cd0e86b35d04b0f05f72a93445e78ae65c57f655eaf92f38174839d8ae704bb436bcfe262c65ed0b6cd119e0362236b174fc0a0

Download Submit
/data/data/com.baidu.haokan/databases/haokandb.db

Filesize
4KB

MD5
ee5c7d8e1ce91863fce7c945b4076216

SHA1
93090ebda07ed4bb060c0cb9c2ad2152ae8e18e1

SHA256
e3be74a8c9decd4dd707aa68130d00f2c8dd1ae3996f0b372107346104888e9c

SHA512
1a4bdc436f5f2c7e6c6a4cc5b44771506355d612ad44a511f1020136aaa3008b7266223689e48943100e1e8c890ee8478332b6330a83104cebfbc70a105d6801

Download Submit
/data/data/com.baidu.haokan/databases/haokandb.db-journal

Filesize
543B

MD5
e1c4e72d4a9cba3a7de1905d36a60f4f

SHA1
701babb025dca57c0b112d0fdfed1eca39763c06

SHA256
2fe08fc50c7a33a297c54c079db95a10d40245eb99ea1384e2be28d66abc9835

SHA512
20d2840fcf1ac802177735c5af5cd3aa827434716aea68d919d14137dd38b327e46246bd2ec2ba7cceab6d6f14948e4da3568c77992c4828b1e7f22a4cb14346

Download Submit
/data/data/com.baidu.haokan/databases/haokandb.db-shm

Filesize
32KB

MD5
f158da811d7f107e57746dda3dfbde84

SHA1
a35130207ba5715c68e915c5100f0593ed0c07ec

SHA256
49a2c7c999510e7dbcde2697ae6d8d97693a416dd8d1d216e124c32eefa101e4

SHA512
b42e702b855e21808e36dc2478f8cd07ee2a06715bda41b76024c9bf1f580324d9eae11f8e18126acc53cdc560a123f3951a95bdc9aa3a48ba6ba6c483ca0e5f

Download Submit
/data/data/com.baidu.haokan/databases/haokandb.db-wal

Filesize
80KB

MD5
12d8eb01c8a758fc405c89082abaa557

SHA1
45cd88ca60268fdc08ae9f2bbe553cc2ba4ea04a

SHA256
00ac9bc6952d00821a4844f9a550b3dbba5625a15e2923b33ccc90a8991552e0

SHA512
419e7d671362f2e6a0a63dfa8346b3c6c7f959a90248f91fa0c6cda00d85cee6749b9a20e1c5c97bd76ffbaa7f39592f8b0129d66ea81fe003b2ad5cc2d1dfc0

Download Submit
/data/data/com.baidu.haokan/files/__local_ap_info_cache.json

Filesize
512B

MD5
ddbe6023b89aa1250d7b5429ad43b63e

SHA1
32c31911bdc018e558cca4a5f4c80853e94a3f6c

SHA256
069a745a1a99710e5cc7666f1e3fc739c94bf93f8aa850aa7619430b53bee568

SHA512
ed14650b6bc695a2deccb0a36a6e83831c792b79b89d9cb34b181c60fdb33b8fbe788cb082ab67eb33a448f52da9c9dc827c558336473c70aa7c36f9a4a9c6e8

Download Submit
/data/data/com.baidu.haokan/files/__local_ap_info_cache.json

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
/data/data/com.baidu.haokan/files/__local_ap_info_cache.json

Filesize
153B

MD5
95077b6b78d06a1fd4f66a9311f9f8ac

SHA1
7c1c2c28dc2abf5498048cc6555df6bea0855912

SHA256
26346284464b4b27bffcb34a812061453dd1b7d08a168aaf61b0bdda01b25683

SHA512
d425cfb0e114829e0f55556befa2ed54b9871334e6a8aab7cd5e1e88a57a27c1bde9b3fc96ee45fd94a8694acbe665ed293ef3410a496737df018793add249c2

Download Submit
/data/data/com.baidu.haokan/files/__local_last_session.json

Filesize
48KB

MD5
ae22d0733323f49cd8a0f39245667e30

SHA1
712b364cae3dc861bab9dce3df5302aa7fde4385

SHA256
573a9b236a7a07fd740f020985f91f410dcff3469c4ef85a3fc4f275ae13c436

SHA512
34e62baf1da656f1b436e68ab0cbc69f22009f88843e31b1bc4dc872eaebd7dd4a7db99ee250c60a7ebe6de85b46340432210fa9bed033aad4f6f7eae83e702f

Download Submit
/data/data/com.baidu.haokan/files/__local_stat_cache.json

Filesize
713B

MD5
f6e25583f0ac2dd84267b32d53573b16

SHA1
66c0d27305321cec0e7e4b604d66f4200c1ffb09

SHA256
526bc65346a9d1f9d061289f2971983525e23265e11ee5677cdbf8376d66532c

SHA512
1e1e9ba378d95f8fcd2724b2abd582a61c68f5029eb772bf88303d462a3b5c49514333c7d1ade235836a09822b1027b1bdaccbf452e8beb6bf8b04dc5d3e10c2

Download Submit
/data/data/com.baidu.haokan/files/__local_stat_cache.json

Filesize
89B

MD5
c06a3acd28d5a6aba96162cd4dcdb9fc

SHA1
f846ac575974e4ff915cd04f5efc511dc1fc1562

SHA256
6ef8823021af4f917fa85429006382ab2293e0423e7ff55ee84ddc932719d126

SHA512
4f596858276405aac890839e736ca99c4c2594ef63efa4f908c60c5282efe52434b28fa356f03c73a90d92034b5b7b3889a8c9c995646d95151e389fa954624c

Download Submit
/data/data/com.baidu.haokan/files/__local_stat_cache.json

Filesize
158B

MD5
02bd17b516d123799589bdd4c20d432a

SHA1
d56ec37451f27b833e8672785a2b107a608e0259

SHA256
d29173837dcdc0d85ccd6f03638b8c4efae690bb8aa42dbb282db957f59090f8

SHA512
66a5d55dc4d41801de9012c00b49509ec522bd4fed307b6882901f0fda1d20975e85b3a1705762d4bf954aa07a915bfd37bd3ee8a09dfa217b0b9b16e778dd93

Download Submit
/data/data/com.baidu.haokan/files/__local_stat_cache.json

Filesize
228B

MD5
1a1cdf5b4f4532355df2047fd4afd762

SHA1
78551f72119cfa3e2dab65c16b04b0adeb6f3452

SHA256
bc7f9bb41cb1573cbe81598b8e956fb73c26742d33fb341d1e2505815d273d8a

SHA512
06470b2a88471691797e9fd7372de3de0c98979578917735edfbf5c8e21fc83c6643e26f1a78512a227740c7f6cfbcd79eb3edf4fbb9b4f6959c5a8ace73b461

Download Submit
/data/data/com.baidu.haokan/files/__local_stat_cache.json

Filesize
312B

MD5
c29a2228955d00fc24e8498a9cc4dca3

SHA1
34d535b146ee646f2cb84cc0b58dfc67f09cb7e6

SHA256
891283bb63efb211278ba9a3198fef6fe93ab464376e55789f6119ed26165ecd

SHA512
b14473579019c3b77e53c8af088984ff29bf65f197fbe3bc5794be1d607887e69209f535e13678052ef1a827f9968f624b1f4969647cb2900d5f8b38ff4d4318

Download Submit
/data/data/com.baidu.haokan/files/__local_stat_cache.json

Filesize
94B

MD5
090f0afd46a98f194c918931be3575d4

SHA1
8121d1f71473110230c4ff52ede7c6e79223076a

SHA256
ef5056c60f032b882b5ea9eb4679c5ec094e97142662098fc05ade2959875622

SHA512
3995222928b8ff424083d72f7d0981a79763008fed936617772431f8aac1b444cbc724267a79198790a18034813e5ecd227d424afc4c0d4cabcb04a5f4083f10

Download Submit
/data/data/com.baidu.haokan/files/haokan__local_stat_cache.json

Filesize
64KB

MD5
926776634f695683eb9a86889066d2ae

SHA1
af50795c2d5016d5d3059fc1af1c0671f39d0f14

SHA256
d579ccfd2fc9e0e1c93a542b4cb5447fef7a229ce9beb1bbf8397babad123cbc

SHA512
d5aededc86d316a35e061f17ecd5b4020749373db853eb7611490c01dffaa283d1afcd61a451a7e4018cd22bfd0159725d6b1cd706ee894acf5f00bc97acf1b4

Download Submit
/data/data/com.baidu.haokan/files/haokan__local_stat_cache.json

Filesize
84KB

MD5
f534264287554252e7dd19a0a185e677

SHA1
06fb13dfe423b5c1eb698ee5484112d5e3d7e012

SHA256
49a7cfbb97bcd1816666d39d8862e3401e90d1e9ee2f24e15d2879166a79d4d9

SHA512
29464cb7c724386891ced0964c24282c61147cef92aff3c27dc1394021496980e56def4aaf2d386cbc9076c0292f483ad7d474f2f65d4daeed16178e69b97a7c

Download Submit
/data/data/com.baidu.haokan/files/libcuid.so

Filesize
32KB

MD5
8b9b6bfa4565b99bddab9f4b7bdab901

SHA1
c5a7fb0f137f7c175d9d731f74cf8702a69de73d

SHA256
6dda00d54f3f2648280ababee0adb43e63f7d0209c166d6919ad3c8c5d3fac3d

SHA512
aa32d2c9b96c9c474df16f733a0cbc90aac63b4a1a58785947ad0ed8d9693c96de3768caf00030aff75b9488c397000eee1740b0373caf126bff8b382cc4bddb

Download Submit
/storage/emulated/0/Android/data/com.baidu.haokan/cache/images/thumb/journal.tmp

Filesize
8KB

MD5
9a22f5dfcf2e6a89e7b243743d41c335

SHA1
0d363c2545e081f4ac1e0ec163056299c4d0ec11

SHA256
b19a8f9a714cce502686979e55b3df8b3bae3126cd22f8ccc6e95f63466c3f38

SHA512
fcd2d7e43f8652efe69b22426e1ac69401b11b8163b27a9ab2ed3938c40ef128d1a12cd2a345d35cb2d0b1d4308c743ec4726ae660c9c3f021407adc29faf437

Download Submit
/storage/emulated/0/backups/.SystemConfig/.cuid

Filesize
12KB

MD5
7fbc464a08e1b12cca77f62e3a7c85f5

SHA1
a3e5c9bc1825d622190a613f61b7f62f76fed622

SHA256
eade52089c0708c5be89f3b3c0700ed4ea42aa77a147eb30f372bf0288b94f4a

SHA512
ee6fbf7de7080c9883ce21a2cf2e8e9e5673fd5a2ce53272633116e68da1639d120d11472a9096d91a905d51decc396828e32a8d0cefc9cdb2074fa7f5ec20a4

Download Submit
/storage/emulated/0/baidu/.cuid

Filesize
129B

MD5
c88ec98fc471e259463a728cce626a58

SHA1
b2512048c7a6f91b37a89771dd8a2e627ffe6a44

SHA256
30a68bf2ae266a6b538c84d9b8037a3074d62136da6e56e8f9f811bbe3fe1f2f

SHA512
c8ce8be8b26c829f3aa6b9738adb6eb89ba0ea381fecfa123b16d14851dbc182be0d470ae041df1ed01b48c32443cc10c000cf90f3ceb0605ece9cd839ba5ba5

Download Submit
/storage/emulated/0/baidu/pushservice/database/storage/emulated/0/baidu/pushservice/database/pushstat_4.5.5.db

Filesize
24KB

MD5
bda19171b0668d428b4dc498c506ea07

SHA1
0edd4de4ff6facee8a529d425200b90e713b12aa

SHA256
9ec5e3de60ddf502f84b02e7052b6f8f873dad91688c0e4fdb3fcc32b731e40c

SHA512
99abf81f27c7b932f603f12bffd8749503d8d228fa3bcac68a44c87e16fa3b306fe05d10f93e68ca6704f43897d8349838c81df9fbea34e92a2d718fde418f7c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads