8ad864ddc75ba205972098718a9ddbda60478f9a04fc3479f80b9bef087a4ba1

Analysis

max time kernel
145s
max time network
142s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
29-11-2024 11:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b0df5b7059fa379d5ee2401b98eb685a_JaffaCakes118.apk
Size

5.5MB
MD5

b0df5b7059fa379d5ee2401b98eb685a
SHA1

0c0a130a2136e30c4e7297176a0e8097be68aeb3
SHA256

8ad864ddc75ba205972098718a9ddbda60478f9a04fc3479f80b9bef087a4ba1
SHA512

c1006f187e1e03fa6d1908ce0441fa6184eed97fe8683cbe0b159664c54c5af365b3e476c67521a9b982c812ff348d68c115b631b0deb33abda7f5616b8cb21e
SSDEEP

98304:WkNRl+IhfPt5AcinzMfhJCBP7j3A7AvPW1bC+msxMRHDOMT9t/AGQ6:WkNOILiQfZQPWN46g/Aq

Score

8^/10

banker discovery evasion impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 1 IoCs

evasion

System Information Discovery

T1426

Processes:

com.baidu.androidstore

ioc	Process
/system/app/Superuser.apk	com.baidu.androidstore

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

Processes:

com.baidu.androidstore

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.baidu.androidstore

Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

Processes:

com.baidu.androidstore

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.baidu.androidstore

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

Processes:

com.baidu.androidstore

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.baidu.androidstore

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

Processes:

com.baidu.androidstore

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.baidu.androidstore

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

Processes:

com.baidu.androidstore

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.baidu.androidstore

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

Processes:

com.baidu.androidstore

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.baidu.androidstore

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

Processes:

com.baidu.androidstore

description	ioc	Process
File opened for read	/proc/cpuinfo	com.baidu.androidstore

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

Processes:

com.baidu.androidstore

description	ioc	Process
File opened for read	/proc/meminfo	com.baidu.androidstore

com.baidu.androidstore
1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4309

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.baidu.androidstore/databases/baidu_androidStore.db-journal

Filesize
512B

MD5
4fc4ca4dd111621a3413f5c8b38619ad

SHA1
d24d6aef1793d9090c74178ef6bb983d3a00c949

SHA256
22244dd28b64a3fc4492f2e7fe6537fec614d2bf10f6c2b921998c1343b24616

SHA512
811204f093013f428c99cc043bf80968b7415e6cffab137bda45299690b03ee0873cd43ae2040a9fdc9cfd8d0c1b6e4497c74f1235aa5543bdc7777fec5651e8

Download Submit
/data/data/com.baidu.androidstore/databases/baidu_androidStore.db-wal

Filesize
169KB

MD5
904db5b21d567a09511d4cf7e2d79495

SHA1
624e72a9b77bdce3feae703d29ba286e26ecccf8

SHA256
a305789d81eb8270d3ddb99d44c9fb3c819033f77dd6b07b12eb06d6f84dce0e

SHA512
9fafe60d585f121fb1c90e213a94ea86a0bb92dd88e15668f83c06f1c5fc66762799d9262cf27a8607addaf7c9a2c12484bf92bfe45e9f814c91d282225f94dd

Download Submit
/data/data/com.baidu.androidstore/databases/downloads.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.baidu.androidstore/databases/downloads.db-journal

Filesize
512B

MD5
cb3442d49049d724eebc86d43b0df78d

SHA1
ecf5a65c17141471d43bd8a80220aa0cf3ccdbec

SHA256
9180d6989694f3c76d3a209a3b0e22702723f5561974e7308b21ecbb8b0d04e8

SHA512
39a18a62b551e15aea31f2de345c234aa9907f03c222ae31fc32bdedb6c6cd45efcbef7fbd7e97fd5084d85021c036bdde4c94c577e98e99db2ea65658f70744

Download Submit
/data/data/com.baidu.androidstore/databases/downloads.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.baidu.androidstore/databases/downloads.db-wal

Filesize
36KB

MD5
243fdde66419df0e9204a180a4151a85

SHA1
fd46ac1caf2092ac435cde928e5d3cf911ace2db

SHA256
670aa1099033bed04cd1abc6084b54e809c6f301a44bf6c5fbad78ea740608cc

SHA512
af9f2bf0c1968cc9d97a199f3d2f8ff5ad4b89dab30d906fd78faa0d38bda591b3be8ae244da57a58a9acae120ee4e3b5b2e818885b96bbc40fa68f792588b3b

Download Submit
/data/data/com.baidu.androidstore/databases/plugin.db-journal

Filesize
512B

MD5
9c0611c0b4444d297a48a7ec9c29c930

SHA1
7243430403f72277610379e05ca759cbf1ddc95d

SHA256
a516eec05a2837d665560a6078b78a1e30f398028178bb85a2029c47b790415a

SHA512
f04ee423c833c17d7dd451c9dda748b4e97ebd5a338f34b1f726d9262fb5e0a27037e30dcd5fa37134e3ed6f57b924892ec8a81d9c81d884a1de1544db7db9ce

Download Submit
/data/data/com.baidu.androidstore/databases/plugin.db-wal

Filesize
32KB

MD5
48456d0632431cb0c1501d460f9fb90a

SHA1
52ada34ac74606938277c972cecf5f5de49d01f0

SHA256
d9404ad39cb3272c3801722aa05fdd90be1c53fdaacbb63618149fcba6742b23

SHA512
7f86eb96e5e2b7e15bf3c0f253e5b838f51d311da2237f1bcba9a0e1248f23e706afb9cc06f89763683765d2e518282e40099f20fbaff0be81b5731e9e6d57b9

Download Submit
/data/data/com.baidu.androidstore/files/.FlurrySenderIndex.info.AnalyticsData_JPRCQJSP38RX9ZQJZDCR_159

Filesize
42B

MD5
7aaa402f2a01abf032a5ffbff852bbaf

SHA1
976346afbf0b54a16c0cc02fcbf5bd23b81206bf

SHA256
a0af1c91d005cc02aae7776c7e81e5fe8cb07dea2763a6297a30778a640957c0

SHA512
5b24615fceed62e3cc1c528698996de12ea845723dac4193ed3004d562b1cb8e5431514c9a47429c3e74adc72826f0ad7987cc4615a03236b6000b2455aaec54

Download Submit
/data/data/com.baidu.androidstore/files/.FlurrySenderIndex.info.AnalyticsMain

Filesize
44B

MD5
a3fc4f8aca67441e92697926e7e303c8

SHA1
0ae8e0ad8f29955d584c542b999617389be05bcc

SHA256
f6c1146581ec1a151690e46cfa64093d4889c9df61621c8e64cc19ae347a4228

SHA512
a1379fb23c371abf4dc7b01625dd5e309da4dcbb64a214ac325cdd0334f4117c7f0c68eff8335d5b5e680df039a34d184061e38accb8ade10b4fde9242b17cba

Download Submit
/data/data/com.baidu.androidstore/files/.flurryagent.3a4e6cb

Filesize
58B

MD5
f24b20dd9c7713fc32abafcd23645b7c

SHA1
07aa2f9bf4afa5061598cd142c41b57fb8d17db8

SHA256
5e68f1a3ba0fe57d5427b88629f613a7ade3cd43ba16b4c4726f2d39898c0635

SHA512
3efaf1ac8fad5463b9b41e96b85df1d4a86d480af40fbb6e09274272d3446362e480e36ff53da87c7cc79492ce453328913e6948df1b334d6d578426a7f8a8b8

Download Submit
/data/data/com.baidu.androidstore/files/.flurrydatasenderblock.917b2a6d-64ef-479f-a512-43233796b793

Filesize
283B

MD5
c6e53328a89aebad836345778c377173

SHA1
1ddeadb90934caedcc1a2fd46a19d4c803eff956

SHA256
4ad03220cb60b86991f37a624c1b702f7bb72d074295a259175b4946f31f2ee8

SHA512
ba2b9fdd03670c7d6f6dc451f0362f78db6bfd41015c8e9274fd11c72804d8474a1b83bffb0a0b3405a5302bf1111af842d9cec2c4ceed7637cad56e5acc65e5

Download Submit
/data/data/com.baidu.androidstore/files/AF_INSTALLATION

Filesize
33B

MD5
a64fa0efd779ec77f1a4754240be7bd5

SHA1
9dfbba1e20cd2049ad67baa0e910ee4fa9da387b

SHA256
2c4b9d99dfdbee860bca69aa9383e7e494376b8e082766147e1a2cbb383600e9

SHA512
a9538a185e4e71c0355da5e0b2c547c63fd2c60033a5e2df82389965be69903a335132fd9322e9874e35e36f54083f25efbe27469dd1bae152508592b62b78d5

Download Submit
/data/data/com.baidu.androidstore/files/action

Filesize
50B

MD5
186827e94edb58fc0debe254ca4de0d6

SHA1
d9bf153ec0264f631cf45d2d39679741bab9fd9c

SHA256
b807d32beaa651fe8626c2a9111d2e27da1272363a6b14032bdf16258c080e43

SHA512
d364648bd191ffea69648a12acc1fd37199a31e0f7322a829a62342fe33967098e5106b9a1c054d4316d0d03a62c88d5d6126aba39087ee165e46125d8efc7cb

Download Submit
/data/data/com.baidu.androidstore/files/action

Filesize
306B

MD5
a9ec76125298c0c2eb5271438b841ba7

SHA1
b247f8789a421e8d7f6351da5d57281c947d2a99

SHA256
771159f7258915244eba6cd9168e9db2d3a06045fe262d252a5d985410f8963b

SHA512
93734f188eda10e3d008ff3143686cd6dbf1c08b0ae109db22abfd7e2b21ae9e926df41620104b3e1c794ec3d7b3ed0104b201447e8c1551aa7d0dd1bab483ab

Download Submit
/data/data/com.baidu.androidstore/files/action

Filesize
84B

MD5
dd8db5d23b99355587193e84998e5985

SHA1
4006cb5816aa5c1be957f701b54c3a49227f6d85

SHA256
c68619b45e0227fcfb5d4dffd6327c9869f62a2fe7dcf338850d6f8cdf87867b

SHA512
f59d2d91816a7a8ca26e6921e71923681417dca921a25f11aded4bb89060ef5f7c73a53e1cea8c8492152b7ae5b5d9b1c9b85b8d39308ef77302850acb2761a2

Download Submit
/data/data/com.baidu.androidstore/files/action

Filesize
158B

MD5
1f002c320982f7242b2d8505042dc68e

SHA1
98412d7b40acc397ee99196dc9d7dc9e59ffb2bc

SHA256
b6d73257d4a9ad608c2a8a9ac2fd2d7667a8c84e5c7da03097e9f88b16c18e8f

SHA512
fc9a2bfb03ea01aeaa964334e4792762cd967b98e07238e033d033681e8a33ff0036b3fbb0c23af5367edea19db867e072fac102905eccf898d30f7d444b894d

Download Submit
/data/data/com.baidu.androidstore/files/action

Filesize
351B

MD5
bdb4530f90393b485b4fa7817ea74b7f

SHA1
4be74f8a3fbe27cf49a67ba47e849262b36dc229

SHA256
113d54504634b664b517957ff5ddebb8a36fd52054b04843f2fe6efebc00a96c

SHA512
cb9fb9ffda4c410bc9474a35e986b3e3b9313e4b6e7a44d3d7f9db63ed023f295623d2f914d287218fee20eeebf0000ded1ed1d6cb368dcfcd7e9529c40297e3

Download Submit
/data/data/com.baidu.androidstore/files/action

Filesize
1KB

MD5
14088b2bacb89c330632778f759ffc5d

SHA1
5e625abe83f8063d9db49788a6fdd394690d4735

SHA256
8d7afef58377d4c3a63bf6a9ac95ae5427482b3e8da05c95eb515d222a07c0ed

SHA512
f33949e2ec55647d26a08ce226dab725c9dc387b13747dd38280e8f06fa42af7e3205aae9d0c0520b351e81585dff63070fe77da58034b94f91253c797cb7765

Download Submit
/data/data/com.baidu.androidstore/files/basicdata

Filesize
516B

MD5
eb00f1a84d14ed5ceb95b4fedb3d9af6

SHA1
de90249ffe63911627cd6f5438e93c34d723b510

SHA256
b41a418cea9b8521560bf1493b54e24ca443e363aa5f97ae8cfaa362637e041f

SHA512
b199a537d2755eda31ec262aff6daa33a943e0280f9d5bb3cd8aba3672e020735e6fda50f2f63d4dade8275bd16681ad6db14553354aacb60cc5a2bd35328ae4

Download Submit
/data/data/com.baidu.androidstore/files/basicdata

Filesize
1KB

MD5
61eeeb87adda832329b18a8ce40be74e

SHA1
c997b3e3e7f0e9c928156f56ddd4e7feaa505340

SHA256
6f6365c14e7fe3cda5469d6ebee1bd6b0d72378894c8e1a6b678be2b894c44aa

SHA512
191541036af7525c54b11b179e906c3de81c6580206048bdbc581603a2a1742856796bf6e1f230933a87702b3af584ae3020eb044b4d474c3c673210aa13d35d

Download Submit
/data/data/com.baidu.androidstore/files/libprocmox_v1_4.so

Filesize
5KB

MD5
8eb10043948109601f47ebcfef9efeaf

SHA1
98b1d03a9533086c3b60dddc46378cee601f1d5d

SHA256
78df1b79b59165733d01dba7cebbc518861a6bb8a1282598dfac0391dba85604

SHA512
216c4a2da6ec0f96dfa2c217fe08b462f2fa7ed072fc5e1a25418a86c7730e208c930918d4ff23129100f1b904163c1c1cd1ecd7d9b52fd50dae5a18b4423d9e

Download Submit
/storage/emulated/0/Android/data/com.baidu.androidstore/cache/uil-images/journal.tmp

Filesize
31B

MD5
8c92de9ce46d41a22f3b20f77404cc1d

SHA1
8671a6dca00edb72be47363a7071be65cf270373

SHA256
68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

SHA512
30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

Download Submit
/storage/emulated/0/baidu/.cuid

Filesize
89B

MD5
fdd01bb7c254109993babc7e99eb13f5

SHA1
2177efcb5d383718158a4b80c26c0e49ec66bb9f

SHA256
a8bee69a153864c2947a0849340db437ff7264fba4a0c2e322a3deca1326fc71

SHA512
60377be181e43b65bdf2c5400f6378510d5a33fad57df03f73927ef89a78f285fdcd17317dbf3118c66c5c33c407d168ea9ebdf34bb66cfdad4a033a7d27e801

Download Submit
/storage/emulated/0/baidu/AndroidStore/channel

Filesize
5B

MD5
bfe279945c6109d067bcd295b5189d86

SHA1
9969230fa9c65716f6f82a97c9ba7c7007609014

SHA256
a89151ba4b5ac0f22e96b71b963db927791d3808f5175f06ae4a60de5891bf0f

SHA512
c843adbb98d263d02ce3f9d3d9c684b9cfd8e61e8b155d8349317f122fa9089119e8eeced1a0f0f134db68a0b88ce095273acb863c86c1be6f9b8e4682eb00e9

Download Submit
/storage/emulated/0/baidu/AndroidStore/http_cache/journal.tmp

Filesize
35B

MD5
49b6c209156618d0d45a2cb493e2bb32

SHA1
7804fbc9e5638290648d45ae514a02734d859233

SHA256
49e3398c68645a4911c4f4c8edb113943fb421bb7783e949a00d56eec3b925d9

SHA512
c19e07fe3790dc082a6c421d742b1f3c51558154a555e1fd7d154e61db2046cc83eb9a26889159982b5afdbaf98442761d6fc24536c8ce97168bd2e51a55ebd6

Download Submit