Analysis
-
max time kernel
149s -
max time network
154s -
platform
android_x86 -
resource
android-x86-arm-20240624-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system -
submitted
15/10/2024, 21:23
Static task
static1
Behavioral task
behavioral1
Sample
4a124f29f5b9c878a4b5567ffaa2b97b_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
General
-
Target
4a124f29f5b9c878a4b5567ffaa2b97b_JaffaCakes118.apk
-
Size
5.7MB
-
MD5
4a124f29f5b9c878a4b5567ffaa2b97b
-
SHA1
253d705d2d157e0a7730670968f68fcc118a066d
-
SHA256
9b5ac1f58b6e5e6b3afdeae483260790ce667b78a64f322941ef45f9bb9607d7
-
SHA512
495f602d4a6f61cf01540952b0d6897e433047ccf8e34d0854b1d8b0b4f5521fc9c7dd17c78e5cb3727983715d113861757ae838d953f844494a436be8253ca5
-
SSDEEP
98304:70ZXX4zEvQ+E7M76ixTFaVhMxdCPs19QkOecUCztyXKwp+6zPhwQeVKrUMphXz:7+w9+4CvT8ExdCkFOecpyH5wQKKrU6hD
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
ioc Process /system/xbin/su com.baidu.appsearch /system/bin/su com.baidu.appsearch -
Makes use of the framework's Accessibility service 4 TTPs 1 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
description ioc Process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId com.baidu.appsearch -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries information about running processes on the device 1 TTPs 3 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.baidu.appsearch:locationservice Framework service call android.app.IActivityManager.getRunningAppProcesses com.baidu.appsearch:bdservice_v1 Framework service call android.app.IActivityManager.getRunningAppProcesses com.baidu.appsearch -
Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
description ioc Process Framework service call android.net.wifi.IWifiManager.getScanResults com.baidu.appsearch:locationservice -
Reads the content of photos stored on the user's device. 1 TTPs 1 IoCs
description ioc Process URI accessed for read content://media/external/images/media com.baidu.appsearch -
Requests cell location 2 TTPs 2 IoCs
Uses Android APIs to to get current cell location.
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.baidu.appsearch:locationservice Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.baidu.appsearch -
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
description ioc Process Framework service call android.app.IActivityManager.setServiceForeground com.baidu.appsearch -
Queries information about active data network 1 TTPs 3 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.baidu.appsearch Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.baidu.appsearch:locationservice Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.baidu.appsearch:bdservice_v1 -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.baidu.appsearch -
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 3 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.baidu.appsearch Framework service call android.app.IActivityManager.registerReceiver com.baidu.appsearch:locationservice Framework service call android.app.IActivityManager.registerReceiver com.baidu.appsearch:bdservice_v1 -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.baidu.appsearch Framework API call javax.crypto.Cipher.doFinal com.baidu.appsearch:bdservice_v1 -
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo com.baidu.appsearch -
Checks memory information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/meminfo com.baidu.appsearch
Processes
-
com.baidu.appsearch1⤵
- Checks if the Android device is rooted.
- Makes use of the framework's Accessibility service
- Queries information about running processes on the device
- Reads the content of photos stored on the user's device.
- Requests cell location
- Makes use of the framework's foreground persistence service
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4311 -
/system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq2⤵PID:4428
-
-
su -v2⤵PID:4587
-
-
su2⤵PID:4609
-
-
com.baidu.appsearch:locationservice1⤵
- Queries information about running processes on the device
- Queries information about the current nearby Wi-Fi networks
- Requests cell location
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4393
-
com.baidu.appsearch:bdservice_v11⤵
- Queries information about running processes on the device
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4503
Network
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Defense Evasion
Execution Guardrails
1Geofencing
1Foreground Persistence
1Input Injection
1Virtualization/Sandbox Evasion
2System Checks
2Discovery
Location Tracking
1Process Discovery
1Software Discovery
1Security Software Discovery
1System Information Discovery
3System Network Configuration Discovery
1System Network Connections Discovery
3Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
100KB
MD5f26c4664ce76edb7431ae801209025b6
SHA19c7b529341560d32e01935cbde85d23eec191dc4
SHA25657ec899a1270ca6dee52d76568128fef3ecef71174663bbd5bdb4d997d5efe96
SHA51263afd36e5978e87bc7e46a979fcd694f74f519e8e0b914a24dadb1f3fbfc73e3d1943edcfdc6d501a768d5b33dc60fd68abbe5ba6e7946e81b32b9d00d7dc2a4
-
Filesize
512B
MD59fbde5a50bf7a3b7af72b1da39e1d396
SHA1c602875e992e0e02ccb1acdcbbbfa36a560f3f44
SHA256559e6fbe538f4f2eb73c5c42dd4ff14208eb0e4f8eef28720eb42e2acf5dc808
SHA512e45fd2317c0f6a084ea5bed531c6ff44ffbac4cff4057f4db55bb683e408be38ec8a34eebba97a779f0f6363e3a42c7a18f0b64404f014e6c4cc20c0c401d707
-
Filesize
410KB
MD50e8c76e0b21ab8200dae565e939b2eca
SHA1c94ecc3d523de2d8e7340205f053e3502e74e1eb
SHA25678f147af6f778d8b2cefdf6ad41b101c9349d9665a2b84a59fce7fa35f0fae5c
SHA512381f09eb44a2ef06d45f4a44c9529281339f186cbd2ffc058d2fd9dcf7167cf71496c3b131f0d97ba8efc2ac6b77297367273120d47d6b4d4fbfb50db2e7d17f
-
Filesize
512B
MD5ec42c5380688b53c31a46867f5c00cbb
SHA1f9f6dba86c24f7a0dc7b5e67ed00eb5c8addf912
SHA2566b814ab683b6a0070c4622cbc67eb95ec07525f91219c0e90d407eaf0e5d8da7
SHA51224db4137bfe4fdeabbb6e86375723da10ad8105940713597c46344e3539fe23f088a9087c983ac7a5c902ccaffc35971498aa650edf54e9a1c16c9715368cb54
-
Filesize
28KB
MD5035cd170c3eff975a4eb771a2246601c
SHA1e298809ca3105c5ef9de487223f80f48ad3963de
SHA256520886f3c732c46fc8edfa71d771a368cc4190ca95a7e2da6face49482ddaa28
SHA51264d3fd4045427c45b5ae66fdbebcb63be3372f5fc0cf44ecbffb90fc978a5ce6ece187308cdd0d90b322210c0616c69c15b55e856697864a7d429e3bed97a500
-
Filesize
48KB
MD5cd780f1263f45045046508f134dcced6
SHA1b4e221342aa54f42c21b221f77b87e1219ded088
SHA256dd8d813c308a95dce8bae2034de1ccdb75cbe60c8ecb2adb171307df0f5fa0d5
SHA51226cf273f752bea09add20dcbfa2f74fc599881e4139130d5da2c3500523fa8af06d0527336f246ddda2c4767e46512893db6736ba15a73ea9517f694b87436c7
-
Filesize
512B
MD50f4b78ffc632a27c1ba90e62a84c41af
SHA179b361234cf766100ab7a993d236f91c0e614b4b
SHA256d016d689398cdcfe194a913a2fef8f166dddbf30109ca30b9be3c06395746f53
SHA5126e95ac8ff6d7854cc9be295f2b41a9dcb75d49ff2fc79eabc8e195c94f7b7063be7b75553b8171cf43783abede2ffdacc453d97b47cea1cbe5f823dab516f7dc
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
32KB
MD51c994ef8aef0caa6682b9d126fabcab5
SHA178f5e399634009b5ea108561f5f2f9cc9e5774aa
SHA25667ff7bfbe76a79a07ab845dc38d7a5ee7d888f0b7b2defff6c937b7411e5c55d
SHA512eb7bc9d466768a2b6c75357fdb97f16c24f8d702f0390be0ba7d68e0d22c55b2b31775f0e88532b9bf81374d9d00075fc0f820ac2fc96b6ff6f0fbf390fbcdc5
-
Filesize
4KB
MD5de0a177f4eb10b6a813c2f47320cc3e0
SHA17f8ecbf982114da77571d5f7fa610e34c418d23e
SHA256eaa8e1a8da2b9c37a09bcd07b0783d504e1c38e61decdb7e5cd3f6a86182f9b9
SHA512fadee46091ecb7bcd0d0d1b5626a6e58f8e80250aac922b9026d3bcc5ca9fd39749284017d278125bfa7d73136b1cd015e2b61ec338346c2afcc07e5ff028b72
-
Filesize
84KB
MD5b6701513175d9981d69dd95c2b96828a
SHA1f942c47de679ece2a98afb47e514a8d51e670bac
SHA25635bbb8f02d555cc16a373c09b6798f25e4c251654581e5c46f7d42a88446aab2
SHA5121b29e1aea1d4aded3915b1ce0003d6fae20b417e1c609fb8d3b160ad3a97bc6f172a0006b4586dd4a153d2c1efc2166933405dd1c317e539da46a4a1645486ff
-
Filesize
32KB
MD5e1caec098df4d8830b1257af6951a1f4
SHA153431f5b2f054c9460bdd2ccba65453090aca8af
SHA2569099cfc123c9a3386a10735206302b9350cee281b61e38d2b493392f7feeb5f9
SHA51245038eff856237d3f344dff91dfa9ab510a7fcc99ff874c3892c68e5947af3f4331f612d62b40c8488303d9281030fb179ecd26faf6055c10398a9049bd11637
-
Filesize
32KB
MD5e1e20e602c08f7d26df9185a3daaa9ea
SHA1188b546433b01d5faefd956e6d35f1a8910193d7
SHA2569c44def790869b51badeaf8aab581182fbeb592588fc53f9254edf25a09b734f
SHA512b7a0f0123d90a6224bc53a2a9a9fe7eeba45eb76c67835d19d0d225cf0df9dd17e0eea0eafd3b69ce49fde974f30fe7ed71a74219775478db7feae0a156d85c8
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD56c603b0f3de29c3889d997877205f1f1
SHA10471904bac3677a787d2a222a4b460943227a9bb
SHA256b005f6535a7afa7b23d038b3f000b8dc892b7bbb168370dccea8a2af2e0fdba8
SHA512150245150b5522d392996e641c1273af2ac3010f15a084a020561ed98d6035bce2ab0b63dc9cc6af747ad9f0cddc6cdb5172d544f728d23422a8050dfd0650d7
-
Filesize
32KB
MD542805051ed37583c8f7130e4f1929870
SHA1c517236ba3012c39ea72d12cda2e3095f88570fc
SHA25652e1010818170e694678c53076d07792ccc227e54d7418db3e2162b10348d8aa
SHA512aea605299d88e03c49cd75f7d6a523c659bbab9027815e7471a20eee311974cb596738688a4005701342a57360106835e744346816245912b653a97913f66218
-
Filesize
36KB
MD5a3fc0112b8291527434a379378beb0fd
SHA19605b11e13d531737226d3cb066f124f0b84fcad
SHA256f73d358197f6e80dc75b632fda4bb09d6b45512cd90c5aa5d01830d9f85474a9
SHA512dc781b73ed4c6843ac50e4467bbff88dd39f36521d7aae40881b86e7debfddc4da75d83a6f9a9599b9c88663238280364cfd53c963e0d68006f4ceccaed71dc4
-
Filesize
512B
MD5bc8f679cb4701e8ea85412f24d9bfd1e
SHA12106586044183a70199532ac08386547abfeb4ce
SHA2568df7a66043a96d2edca90f12ecd76fd60ef28598d551cd7d71ff7acbcf3b2b8f
SHA512bdd184625b7670425a228eb37b4c56f3093d110a3f1a52bc4c41a593342c85bb710251091076486c2a71fbf49067815d36a20f2ecb41e6bc49a36a0bb223baf6
-
Filesize
32KB
MD5b118dc6a7bd2f340f73e6187f79d24ba
SHA1cbe42661e3d4a2bd209692740f185c550fe9dfea
SHA2560c01a8f9130814da7d609ba7252a2cca50034727a288183531ac829a3e8a875d
SHA512a168d515c0fed739ca858e06d069b542b1e32d307e6f03bf325bc9bb480f535f8fa2b06712414628f5058aab9841d955a6ff2e832359998ff74933292f4a252a
-
Filesize
512B
MD5fd1d8c7a0fc0e22f407273083262e829
SHA119b64275dceadb71c41c546513d9b36311203b28
SHA256ed7d2fe0291eef01d74d46b2c6e66cb7d92f6cd07aa6c0429d86181277435997
SHA5125b9a2ce209e80fb94b2a674c36a3a16343436a9c9afff3d578b261f5919190963f969f459740030dc10ea10f72f980008bd61c9c0cbd65328a05576437484ffb
-
Filesize
32KB
MD585e3336fa6695b7d8838708ec35aebb0
SHA10c0e74423d6fcf43887ce1fee8237368df17250e
SHA256baf2e9ddd7198da0671839e7e50f5d1684384020c7978c51f90c33c612eb52fc
SHA5124313eb16a692a1c9d4b8a5a9cef1c046ff55b84d86adb0b424dab46c04339cd126ed872ff37dcbdfb8f404cc7fc4819cf62ce77cc31d65dd980eccb2ea6e79ca
-
Filesize
512B
MD5e50a9c8f47188c72f2b5bd9e5ee677b9
SHA16c891da813559bb14e7ebcb1070baf124f1acde8
SHA25692b7c0a393be57932dfd7e7adfdeee25a92f076296623dc6abe99d2ee0f78225
SHA5128fc84262cc471f4e53d3c27d50c4d930d7a87d0719ffcb206ca7f2d21ae32e7fb087cfd089fdbcd91c551441ea8513470f18d300edd419f21d8309d87db6aa94
-
Filesize
36KB
MD54527001f2ff6deeaaa75b577113c5abc
SHA14f59bf647290266e6e4b243f833336ce791790d7
SHA2564376bd287b4a301ca6ac90d4a4fd0e75010d999bff87c9959c6bc2c88fbf38b1
SHA51230a755a0a17083fec541d179636407711c047d8648dbc4c726fb8b26929ce77a658011ab5b86c6025e8a6ead00bd4a3a9780f30cefbff8b00e6fcb6ca6f4ab64
-
Filesize
32KB
MD52777a5f8411bde993f803a2185755251
SHA136940d46bd90520f9f66865e6bd842d17ba422f1
SHA2560a144b44e570ff580ff5e073e08beeee789d392f6542655898d73e81baee9a68
SHA5124802200d18e873716a1384096f630e177f87f35b6e32623807b825b2b41b6d900b60463fea79cb0c1beadca306f7a028fc0e819820ee636ef5a15dc16c4976df
-
Filesize
512B
MD5c695611b4a31aa6a7d5ac2f05cfc2f8b
SHA12d1382ed782d6a41cc066f8f6d4c7871202b9927
SHA2568da18f8e34a29ec781fa1cc0c3f76007808a52a8a7a7b2dd18592bd40b67f370
SHA5127c17873766740c36e291d70db6781f0458b9416254f550c898bf312ea597fde008231e3dcb6715d7287214b3c4b2ea3bc9b367d296356646a8df3d407cd0144b
-
Filesize
32KB
MD54b3a89f2a11e11399c3b6416db6f96aa
SHA1ca2ebc7e178794b5e1c8c237c64c72378fc9f58d
SHA2567d8cb481fa05440a3ee2a555fbe5b6c900c5b46cef256d17f5d88d070ce6eb4a
SHA5124d2cf87df28c7ea1e84b66f0a331bdd2ed924358cd3d1ef8b870758211fa1364251d42db55cb16292569d16997e49e033ac97fc493f7ff540dcd8e1c6b6a8faa
-
Filesize
28KB
MD5bf7c831ff5378b762451d82889eac67f
SHA12a1b4b741d5fa9dfc505b4bfc2cdcd56ed41eecd
SHA2563516bbba51007d0d9801994b7b284af2fe79369178a325fbff1f32f7a91e0455
SHA5122c6f04c1243f46e9e09bbb233648305ce6940a44b471d113f11078ef5dc130f0eaea638d2fedb80bf6c212380f08a1567c4234f66e9b6d3e016788ed1bbafcf5
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
25B
MD52d805b13f2f28dc3ca9bbcc000f49bb5
SHA19eac165b4d81258fd3967cde5cc53b53b1dabcb1
SHA256c8a6624f390568f0ddcb9841336aec6a564460fdaf6624e562b32935b8956f19
SHA5125db8c57bab36bcf9db698c1dce70318cbffc156dd1d1c1e09e5b7ba60aff07b598ebbf26c4bd8a2b03bd6e59ef2dde2d944a22a8d8a19ecc8378e83afb7c83b0
-
Filesize
13KB
MD543c5217651372a37db368d96fde6b34e
SHA137c83eacf170376111abd63777df294037b9d025
SHA2567c3a5087335525e948545711628985deb818a5da3a62748d564208f9ffbb1dcc
SHA512268b851261962e8146f4ffc9f61baeb7f81c02b7ca8035438f910a0bb8ed33e76c43f1df16e15cf4ae571b9566472d3d1b84d2b02c2076df07977dde44a036ca
-
Filesize
89B
MD5986a08ab6a38c270da13505099af2fd7
SHA1ba197d731335528b13f79b9a7ab07aa8abba46c8
SHA25609473b34093e05318a290d906d06004da4a741e93da049934d52ec80d7b72924
SHA51299fe1b49f1986228cdcfd948bdbcddeda35ae710a9658e4b31cee43becefda203bf8dc10897af4e45b357c6ce8d357db981d9f296a23e8ef2180b9b8e4c54fe2
-
Filesize
713B
MD52ea6ca757b8239d54b1a6d98464d2b8c
SHA1949cc30475dfa70442aae60f00a5cd669a4ffbf0
SHA2562d31d44a4a7ef9e18503df4486b9d4cf8d683e61995639c0b861cfef2393f4ae
SHA512a49a5c60789630d3ae9acc904719b477e4f26d3b91c455ad2e2973c391309f476551aa03a098feb22c078bf7dcacd2b2097e53d6da9d7a28889a4be79343fa43
-
/storage/emulated/0/baidu/pushservice/database/storage/emulated/0/baidu/pushservice/database/pushstat_4.5.6.db
Filesize64KB
MD5f2fbb635bdc8b3b38e5c696289610193
SHA1bedf750f0b00791d6d045764f484df935ac1d8dd
SHA256ca50ecbbecbfd01130a70dd8db3b59888707a2b8741c1458f2b0056951b5fdf2
SHA512bb19c27702cb7e35fd8b977765752dd9a2a448fdd125dc0045feca20f6e32120cb7126c7b5e421c256f72ce740a65674eeac80b7522d3343911448696ed64298
-
Filesize
89B
MD5fe52d5882ae20c97740bfbcfdb64b3b0
SHA103e2e2967cb8e1a0cfe586d27405462cd2ab0593
SHA256f516f88b49a3bd0be29702c7f5fa2330e531d76e72ba8fd5109f44ad055ccf9d
SHA5120806f4465474f482c47e4a5a5fc5271a06a2df217be680b5f61fece3afd7a49f9c7faf301e1c4642fdb0376814cb2b72017fe63cf8f95411ff3fec154f8a3aff
-
Filesize
303B
MD5b4f40c20e67e2db6c782196e849c5f00
SHA1d7c0e86e9f28c0c071b7efbd66eac2c0bc5eb470
SHA25632331e32d464c749a68186dc0c12a5638d7c41266c07bc5e7dd5edcbde7079a7
SHA512fcdc2f5a6b9a5b7e7b1fd11c8eb601897cbcbffdb2c1c74133f0ce1c1f126a540db7059f73568fa65e689bbf7910b5db08e1922f4ff3951896c73be06582d62a