Analysis
-
max time kernel
100s -
max time network
153s -
platform
android_x86 -
resource
android-x86-arm-20240624-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system -
submitted
03/11/2024, 03:24
Static task
static1
Behavioral task
behavioral1
Sample
8967b0c24602559c25ca6a402bf2977d_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
General
-
Target
8967b0c24602559c25ca6a402bf2977d_JaffaCakes118.apk
-
Size
5.9MB
-
MD5
8967b0c24602559c25ca6a402bf2977d
-
SHA1
1c51669d23721f938cf6aa01866fa3f7e0ddb186
-
SHA256
a884eb0221e989a8f7197e7b8feb6887735f16c1688f46b44060234a76405afd
-
SHA512
6daa8c3d34cf1a28686ea9a43e7b39f3ce10a0c8784284d5ab7f19d2d95925755380a94946c89fa1bef07fb4f4d12f2227d95ba4041be8d77f1afbbedf63c2c4
-
SSDEEP
98304:DI8YYD3bQlNKFa1mTePr1OOp2UtSDu6H1QdmGFqn46ByIzNtlSziQYViGUPo0xkE:k8jMloE1mSxOSGjHuAGUwIzNtluiQDGi
Malware Config
Signatures
-
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.baidu.appsearch/app_push_lib/plugin-deploy.jar 4384 /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.baidu.appsearch/app_push_lib/plugin-deploy.jar --output-vdex-fd=48 --oat-fd=49 --oat-location=/data/user/0/com.baidu.appsearch/app_push_lib/oat/x86/plugin-deploy.odex --compiler-filter=quicken --class-loader-context=& /data/user/0/com.baidu.appsearch/app_push_lib/plugin-deploy.jar 4354 com.baidu.appsearch:bdservice_v1 -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.baidu.appsearch Framework service call android.app.IActivityManager.getRunningAppProcesses com.baidu.appsearch:bdservice_v1 -
Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
description ioc Process Framework service call android.net.wifi.IWifiManager.getScanResults com.baidu.appsearch -
Reads the content of photos stored on the user's device. 1 TTPs 1 IoCs
description ioc Process URI accessed for read content://media/external/images/media com.baidu.appsearch -
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.baidu.appsearch -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.baidu.appsearch -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.baidu.appsearch -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.baidu.appsearch Framework service call android.app.IActivityManager.registerReceiver com.baidu.appsearch:bdservice_v1 -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.baidu.appsearch Framework API call javax.crypto.Cipher.doFinal com.baidu.appsearch:bdservice_v1 -
Checks memory information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/meminfo com.baidu.appsearch
Processes
-
com.baidu.appsearch1⤵
- Queries information about running processes on the device
- Queries information about the current nearby Wi-Fi networks
- Reads the content of photos stored on the user's device.
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
PID:4251
-
com.baidu.appsearch:bdservice_v11⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4354 -
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.baidu.appsearch/app_push_lib/plugin-deploy.jar --output-vdex-fd=48 --oat-fd=49 --oat-location=/data/user/0/com.baidu.appsearch/app_push_lib/oat/x86/plugin-deploy.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
PID:4384
-
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Execution Guardrails
1Geofencing
1Virtualization/Sandbox Evasion
1System Checks
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
112KB
MD5d6784443b8b2e1d8fea54c81fe5203ec
SHA1fbcd72feb243159a7012e6c40caf10039067eb29
SHA256e3c709ec5314f6bdbd9b346de6c3cb8a597f00cbfc6f36ac89676ec9a9e5c40f
SHA512acb770dc42325cda620948d7dd032c71c94ca3807fba4ce9405ede4917dc32460b666bf880be144ab52605653d820f0906045c389871c6dd4140c36d8b2ddca0
-
Filesize
512B
MD5c018d2cdc6ee261a877e018c6e8db8bc
SHA1363cbd30ff0e0d8238ff9161fee8c6ae423ffe6f
SHA2566cdaa19074ae8870cc33b05d90053b17f288769a9d358fc7f96be9d20018c865
SHA512832d70282acfb591b7d6264b07be652f50b7dda64e1e232eaa0ea7814ce79d6a7e3ffec46e985e7575a677a1ca722853be1769a990cf9601972da9843ad0de12
-
Filesize
410KB
MD5452197ffef3778aa29bfe148dae3724d
SHA11e8c1fe6664ca0b535945c17b1b080cc10fca195
SHA256bf58e162353d33ee7ac070f7575757c69637702ca89d14fd6e9b9b429f4b45e3
SHA512ee8211896742775810114add0f3b27381d68ff363cabcf10a495edbf577d5cccd3f5579200ae101cbd403f21fdcb1b092b01cb2b91f3a35260847e7a9c4b6657
-
Filesize
512B
MD5c3f63579503b3d8014bf2423c4638e8b
SHA1185d031b26426dfdcd172a5028dca4821d7bfd44
SHA256fde789df42b19fca094178dd298405152fd4f243f920903cd15c40eee4183a52
SHA51267c47470a0f21d7db87a35c219c63eab6f20ba96eadfe7b1c827069907d9451b008435ad129042ad3b271367d8211aca2f8f72ca9ca1700ffc646431b7dccb19
-
Filesize
32KB
MD5f29b690fd95d30689c005b7274a14721
SHA17ab3f15cf5ce963d7acd358de6d1fbafbb727727
SHA2566742d60be718444835884fe204e99265341e09b172b4f761af69e34175b15b0c
SHA512e9599156a53212bc00ecf47beaa52d46bad4c13446f88a0e0573bda091998d3781c7f860802540e33af5098e1863073a74fd6862d8d1747d31f2e6b5d95d2307
-
Filesize
4KB
MD513d66dcaa4900bf1338c49d6c641ec22
SHA10b6e91a604767125ea16f16a8bb5c1a63ae88214
SHA256c91a383f08cbe8a893063986842bb96aee00cd3d525e424385a79d445ed9be49
SHA5123e9a1facc576ccbf8a55ee28d71e377fa4e9047c81361aea3ce1a7cfa3c1d75e5bd7ff7329f34787977acb1c91b406225d649a2ef1d88b0286b719a082877bf5
-
Filesize
32KB
MD5e2860f4b54f9ab58081afe77d795a543
SHA112fe65740491042857c51b96f3ffd931c5f1d802
SHA2568a74c004682d95fc744be4bff8ca71686a24a759fa22f6cfc76f8685618d4eca
SHA512c14333d9933f0ae53abeac1e951d55a08c026f74852dfc64c233f4799caa40ae48c9458340d6670be12daaf3ccf03ca0646194ad57caae26afd4241392d0e592
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
32KB
MD5a0128237b9cdf55dad207db2a6909925
SHA14c55b99ed8b3cad0c439e3b43a82b8e859bccac4
SHA2565e98fa080ae68246ee4acaa731a4c9c6451781b23c4616c0edb95b2ea844a97c
SHA512c989839bbf8dd7264b17923a4a3ecd6c3f06938b1cbd42d38084fa3ffbf7f785a6c240b6f67714241e904b3a8b61ae6ce7445dd898e03a87e13a4233750d0dd8
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
36KB
MD5af07b1bb96ccc3f13e35f5d890c4e0f5
SHA147b73ff23939eb53ddcaa84f63724f5aedf1f883
SHA256b7e7dd712e33b45facaffbc0d1e08063a3c808b5cc1926b6fcb1b775092304f1
SHA51231ea7548c76a8a5bcfe56c2970a2d424e5607427f8508c35c5a7f8c5ed268233c76057787f1991b8ccdeb775463ea5c51d2c3368cbf0b11806a49e042ef3c66a
-
Filesize
32KB
MD52f194e54548372de9c563133420f44ab
SHA108dfcf85b1d9e091bc0816ca0d250fb6cefaa4f0
SHA2561c308675d4a32473b98a704063471009ca624f49e2f90c56b4460984288050fe
SHA51263bde02b24ca3a3f6e908fed401f21612628a119ea82fa11c7a327c6e4ca6ba888cf0df18f6373ce13f786f67505691fddc2bef45132af0ec3d25a2af5336703
-
Filesize
143KB
MD5620d26032a28c561acb391d5dc482c26
SHA1f96767965ffd37e376d33513b031dbddf6ebf7b0
SHA256481475e8f4ae993769950f11acfa0869743efdc307cb5fba97119227c68c6837
SHA512d9ea0d794c8d4971ae5375e10e569f8ecede318be85b278e6de5a7f4139ad9a470103a195ff2b844c310d648c0f5057dd0a03789888b101fd5dde3a9c7525106
-
Filesize
348KB
MD56ce90c3fbf4ce3b10bf1b95cbc322e00
SHA1dde49f2742bfb0846146a118af9806816bff8330
SHA25646cabbfe0687c36c1fe3768a03b7e39b5cb489ccebf60a3371b8e17051347ae9
SHA512b9216c2c24e699b3a4b1e1ed54be3eaf06d22bff260e4f5980a69f83e7a7b4cf90359b736c267df990bb539ac3a2c86617911aa626aee0165941e6a884769e09
-
Filesize
348KB
MD5bc54b34b069b698d60fe64012a61cb1a
SHA17cd06c33eb7dc91721609bf7d8e45dba8462772c
SHA25623a5802902a515fbd38fa47d408e635f476c7bccd2c77eafe58b80f0e85ba7a0
SHA51250c0168b149f0d0d1190a22b14beb041d0f84cefa97021616caa451a893302861757a902732461c4327bd3a7ec4659ea3628c7f0ad1c7e7ba7eadcdce12b79f4
-
Filesize
89B
MD544188e8fe329a88e295aba6e1c350055
SHA153325ab0173780ee837443690500a1658ac46335
SHA256c957a6296f672a91597ab595193d1fce3006cd457b401926e92f1ff0c24fe6c1
SHA512822549330abedfb8ff1756674bce92d6c359503827ae1b8d0ab73ae404a50a83fd8275973c31d2dd5fd422d1cf5eee5eb7a4ab0cceb48224a98c5f823d807067
-
Filesize
512B
MD59645a2d442b0a0a42da4138f4fc9a2b9
SHA11fa222717cd38c2a726203b4e897ab9cfd01e4a6
SHA2569f7d847648ae5bdfc6bef6a4b4961eb554ccc78d4986be439838ce4bc15a09ee
SHA51263b621a01ef0816d58bbd5e84dbbfdabf7d89fb4c70361a563cb0d04916bcc83d8223b4c49989a69e55e7683952e3aa86f0e21da1c8538749ecf658f1e31280b
-
Filesize
32KB
MD55c435ccb27cf00d68f2315992a6eb177
SHA1517dfa672a05f38adca9c59336a848c88198a104
SHA256d04eb9cc384e225dfdcbb66103cb63de181752b0bf998b9d2697972af9ebccf4
SHA512b013868420c25f5bbe5d7e5d1cf270beb4ea4003a87ad97f1493830268226927c008e6a7e876f9f4fb2bf3ffa15d24e14864992f152183d003992012cbbbb2fe