8ad864ddc75ba205972098718a9ddbda60478f9a04fc3479f80b9bef087a4ba1

Analysis

max time kernel
148s
max time network
157s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
29-11-2024 11:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b0df5b7059fa379d5ee2401b98eb685a_JaffaCakes118.apk
Size

5.5MB
MD5

b0df5b7059fa379d5ee2401b98eb685a
SHA1

0c0a130a2136e30c4e7297176a0e8097be68aeb3
SHA256

8ad864ddc75ba205972098718a9ddbda60478f9a04fc3479f80b9bef087a4ba1
SHA512

c1006f187e1e03fa6d1908ce0441fa6184eed97fe8683cbe0b159664c54c5af365b3e476c67521a9b982c812ff348d68c115b631b0deb33abda7f5616b8cb21e
SSDEEP

98304:WkNRl+IhfPt5AcinzMfhJCBP7j3A7AvPW1bC+msxMRHDOMT9t/AGQ6:WkNOILiQfZQPWN46g/Aq

Score

8^/10

banker collection credential_access discovery evasion impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 1 IoCs

evasion

System Information Discovery

T1426

Processes:

com.baidu.androidstore

ioc	Process
/system/app/Superuser.apk	com.baidu.androidstore

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

Processes:

com.baidu.androidstore

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.baidu.androidstore

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

Processes:

com.baidu.androidstore

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.baidu.androidstore

Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

Processes:

com.baidu.androidstore

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.baidu.androidstore

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

Processes:

com.baidu.androidstore

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.baidu.androidstore

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

Processes:

com.baidu.androidstore

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.baidu.androidstore

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Reads device software version 1 TTPs 1 IoCs

Uses Android APIs to read software version number for the device (IMEI/SV for GSM devices).

discovery

System Information Discovery

T1426

Processes:

com.baidu.androidstore

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getDeviceSoftwareVersionForSlot	com.baidu.androidstore

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

Processes:

com.baidu.androidstore

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.baidu.androidstore

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

Processes:

com.baidu.androidstore

description	ioc	Process
File opened for read	/proc/cpuinfo	com.baidu.androidstore

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

Processes:

com.baidu.androidstore

description	ioc	Process
File opened for read	/proc/meminfo	com.baidu.androidstore

com.baidu.androidstore
1⤵
- Checks if the Android device is rooted.
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Reads device software version
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
PID:4967

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.baidu.androidstore/databases/baidu_androidStore.db

Filesize
96KB

MD5
27caffe753dc0e7d21857a270f546683

SHA1
82b98c1bbd767431a12f0514b4317518bd5b435a

SHA256
ca3b5eec01c258f57c1d020ea3583cf6a1d5e650e97acdab2685768d4d7b83b3

SHA512
7f592b6294f669d63136e983c8f05ca3e2951be0a78eacc60ba939a9704e9fdd930db8681fe94205296cea44357771fa9d12936b7a8526ab213e53c2a4fabb29

Download Submit
/data/data/com.baidu.androidstore/databases/baidu_androidStore.db-journal

Filesize
8KB

MD5
a5ca10ede6add1d6dd437c89685cc8a8

SHA1
2f51d6215bd1a57610a63dd47a83c28c32365094

SHA256
cc8c12cfa001619a0e3ad69d658cc9644b7acbc93a27c9364070feed933b1551

SHA512
3fed27d3b344ce107aaf48b539f63750fb7b63377026ee8088fd34dfa37bdca9a4cef320e8ec5e780d5004982203fce8d795687c88338aa48308397a1b10f93b

Download Submit
/data/data/com.baidu.androidstore/databases/baidu_androidStore.db-journal

Filesize
8KB

MD5
fe00f886c9fc1191b29f2ad87483836f

SHA1
61854a64c8aa714ccb2ff3ab70627df262c13f37

SHA256
32403fef1a597899d07c194a3a53a59ec8574f6e55dba3635f2e176cd83b99c8

SHA512
900851b7326edce14c7740f73a8f38e836ff4bf6c3e870e101b11066580a84a4d527c6d8e9f43c613d506b146ef631f9f54e6a22cf31043d4891eb92f24aea3b

Download Submit
/data/data/com.baidu.androidstore/databases/baidu_androidStore.db-journal

Filesize
16KB

MD5
9cd531f710fcea831b56aa9ad2b4f298

SHA1
9a62d01a44a873c81eb99efc249340d127dbfc93

SHA256
ee9b220a783f2c4b365aa6293b86d47efdf2e956ba734dbfaa2a3358accac03e

SHA512
983a4d79f5b66f49e88590c2c4635de466953822ee3ed4018d542901321de0d11ff167c4596ba19e0b9c1b8dd947ac5fde1f996adf25a432249d647ae6c485cc

Download Submit
/data/data/com.baidu.androidstore/databases/baidu_androidStore.db-journal

Filesize
12KB

MD5
836ca6e1ae6f4d9994839e850d04b661

SHA1
6e616586e17c6d56bd798113c9ca4e54fbdffb04

SHA256
4123616f95b9d9e7301e476b76b912bc9dc331b1481fb2a55a15b1e450455dec

SHA512
92d06f307eb60b66334b7b127b350a8969f00338ff7dec9e4693d5748b53226a73fbf3086820b7336b78c3719a3eb4f26bef9ba19a1801481f36c40f47d704e9

Download Submit
/data/data/com.baidu.androidstore/databases/baidu_androidStore.db-journal

Filesize
8KB

MD5
dd6ac486dae9db0ffa59f5efd6c9b7c8

SHA1
00c301a136efea008677f37a3f308053365e3641

SHA256
eb8e20f26d1d27697887184f79ecdd023e22242e2585aa38b3988f30ed633c12

SHA512
3158f4f711cb4818d39119f87b2cf89241e07131a0cb3a774dafeeb37ac0def84d3f5b00d37d7c6ca1072bd1c9d78b689accfbfd452a109692be6f50a4c3c00e

Download Submit
/data/data/com.baidu.androidstore/databases/baidu_androidStore.db-journal

Filesize
512B

MD5
a917240f86adfe8fea78993d2051514e

SHA1
c7c467282a3b715404f160fe18f42344f1f435ea

SHA256
ed5a2b59dc52d77340b84ee48ea973a304efb2ac48df3384c2120542defe7282

SHA512
7ec23ad6520e74962a144ad20f133159abdfcd284e892eca24129177980f1d80f540f070b4da28c58d379082c760b9811feb1376f7769f6382a7087f9df3ab84

Download Submit
/data/data/com.baidu.androidstore/databases/downloads.db

Filesize
24KB

MD5
d1c8668170683152a040e4478695227b

SHA1
44aa79e299e7b5f0e4143c7f4fb22b17f157b8a3

SHA256
5f3766e5ec9db3b0a7e3bcb4e7a59698187cd91a331f98dacf4284c7b15bf5d9

SHA512
d0718e91a7b9baf5214d9811b0e25ad171e09438d692478a4644503bb110ba5e979397d4c8067ff410d9485e755f78b74efa777a44589da0d5ab17f03e60208b

Download Submit
/data/data/com.baidu.androidstore/databases/downloads.db-journal

Filesize
512B

MD5
44d02ffc43b527482b51ceab948b7e67

SHA1
a12d54647ba7d9eb8fccf8bf52d1d28c93e4d8de

SHA256
64ebea973641e6b944eeef8e4ae86338651fea8fab7eac697ee630e23784dade

SHA512
d63464373b319561eb5c156621a3d715db2bffbe6c5c5cbd89614b8fac50925e2ce33c4caa3d25e3b0437dc821ed25371c2f1e1074dc95e334c0465bf4f5f6b8

Download Submit
/data/data/com.baidu.androidstore/databases/downloads.db-journal

Filesize
8KB

MD5
9c2bafe31930ba4a5cf2196961ba2e49

SHA1
b723fe306a07eb32efc1925651cfd9a813a60277

SHA256
edab7c036fcf758ea34650a7e5ddd95fc7a11baa518730845dc9518f56384c2d

SHA512
b709b9a9cc415d415d4bb2df77701bf43a13d62c6dfeee9d7a3081a9eae9a4476bfbe436c74be047af4282870582dd1aa439e04c7e0da97271dcc2d9562ed303

Download Submit
/data/data/com.baidu.androidstore/databases/downloads.db-journal

Filesize
8KB

MD5
856cc504b044a3e6de69f7c362756526

SHA1
65ae4b21829a5473c818ccc400172b91f91cc40c

SHA256
f2e1015129910cdd72540bdafe8cbf38322493ff0895aba0a665e11f2e8ef87b

SHA512
2ff49028653c0bd30fd01dc47eee0336c796a6aa67c815cf5775c7e11e93976f4ec9b2b20bc4339035705c39d7c84a2e7bb644147cda73f54cdad97d53f78b2f

Download Submit
/data/data/com.baidu.androidstore/databases/plugin.db

Filesize
20KB

MD5
67e500be295e483443b8974f9eee16a8

SHA1
5d094255cee4f9d584980a1075fa48ef4a5867a2

SHA256
950be8760a2e8322e6484e7f987320ce478e7aa57eb713b38f62a1ece21e696f

SHA512
35da86f4e43b26b71882837605eb41446166c6379ba2eee6b767db5803c4b4667121e32a30d9848fa759a32a1f1a535f879d9e60455c6db497e3c8b367f4c91c

Download Submit
/data/data/com.baidu.androidstore/databases/plugin.db-journal

Filesize
512B

MD5
a9e5c2fb5169b0c42d27c3b5b076978f

SHA1
7d38abb5219e31070ca551ed8a3768541be3cf11

SHA256
685da33fc788c156978ae8f777b135472f0b0cdbdd1b11a12d87dbf798ca3d9d

SHA512
eb8b268d9c5456f55837e1551769da93d953841089226365324fed3318c370b4eb8d58fb035b5974c9dfc4b86e6bcf43ae90c32e4ec9746e5854776f04304e70

Download Submit
/data/data/com.baidu.androidstore/databases/plugin.db-journal

Filesize
8KB

MD5
19f96f30d9e238faca12acddd0f6b70d

SHA1
7836714622d3a7229d2931b5374c744529dab1fd

SHA256
5b4871f5034191e4704ee6e3860751f4cc91813db740ce5a04bc3dc255cd663a

SHA512
dcbb3f7b71ea91a232918143d5efd470df5f69db20b007c3c5a25f673ddc2704a2c87b791d2cb0eb29a1ab8822fd28dd66f8ffeb3196e0b03adf6d90f4c5feb0

Download Submit
/data/data/com.baidu.androidstore/databases/plugin.db-journal

Filesize
8KB

MD5
54d8e03e3b0f0817bc58c915e5954a78

SHA1
3d4715063e348b2f06b35cfd512f324226df75a9

SHA256
1f7dbab4442aa614123b93f6f6c0c9811036f8b9916f0ea413abecec2c325179

SHA512
1a60dd35c21b2dd481c8097fc4327e9ffe06a10ed6a3c5e9f6a2eb73443a2589efb8e0ecde5340760171c5ecad6f6249300413c0fd66eebf508a54a83923bd06

Download Submit
/data/data/com.baidu.androidstore/files/.FlurrySenderIndex.info.AnalyticsData_JPRCQJSP38RX9ZQJZDCR_159

Filesize
42B

MD5
1707b12251e42d4bae9778cf2a59b2d3

SHA1
4a92774aa646bed3721f2a357429bb7f706d2881

SHA256
732d80741794ab4ffc36e995759b77e621ee78bfbd5661ae0f24605c9407cbd8

SHA512
b3bde8acce14a8d1d94cdce51650f88331378ded0274f034712e21650aca327baefc1e68a84d7917ad30baf3ec7b9ee0b9a4644540cbd654f8a3bae2d3595d42

Download Submit
/data/data/com.baidu.androidstore/files/.FlurrySenderIndex.info.AnalyticsMain

Filesize
44B

MD5
a3fc4f8aca67441e92697926e7e303c8

SHA1
0ae8e0ad8f29955d584c542b999617389be05bcc

SHA256
f6c1146581ec1a151690e46cfa64093d4889c9df61621c8e64cc19ae347a4228

SHA512
a1379fb23c371abf4dc7b01625dd5e309da4dcbb64a214ac325cdd0334f4117c7f0c68eff8335d5b5e680df039a34d184061e38accb8ade10b4fde9242b17cba

Download Submit
/data/data/com.baidu.androidstore/files/.flurryagent.3a4e6cb

Filesize
58B

MD5
27be3928f0abe328465dfdde8ee6d070

SHA1
e6522c145cb970e08f03c218b5b918b4744dac00

SHA256
ffa72c49559e8791b0449387e8ca18a6aeaa7a63efa35d69b19a8cf675ed7b7d

SHA512
71d851b4e46f075183a18392b7d4f988286d775f81bc51b72ccec7cee69cf104476ae06db26fad1ed014a03853bc37d9b7ed25b975473c19de2776f86dedd7bb

Download Submit
/data/data/com.baidu.androidstore/files/.flurrydatasenderblock.486f525a-b4d7-48e4-817e-fc81d367f37f

Filesize
260B

MD5
958e6d345d0c1786a0a5239120d9a3d6

SHA1
41b21b551a63c6089e5b0d4b1a107f5319f31d93

SHA256
b78677dd089bc7f8aeb6f2a18c28cd09bb4f2307aff514cc5b4f37721b38623a

SHA512
0560a44dfbc6b0a79fe7ee941e2d44ea48a6dfef0b4ba1f26a7cac1af8a2e0a723c3774bf041f1674586a73680e5479615b4888150401e259f9de2522200640b

Download Submit
/data/data/com.baidu.androidstore/files/AF_INSTALLATION

Filesize
33B

MD5
84bdfd1e9147889b4bdcca81e72e600c

SHA1
d00661d23ca33f98c5633cf0d6da8f3516373886

SHA256
7a10cd1c0bf2064e5bbc18697e026670ff8254cf8316b490482058a93c375cee

SHA512
73e30fde9a4695e665bd69ba570690f7f5f87d0efa4a82072e9be04ec3429953d3b1735e0b3ae2ece9d155f2f2e385cad835423b239ac23f4cd5c5cac8e43a5d

Download Submit
/data/data/com.baidu.androidstore/files/action

Filesize
50B

MD5
186827e94edb58fc0debe254ca4de0d6

SHA1
d9bf153ec0264f631cf45d2d39679741bab9fd9c

SHA256
b807d32beaa651fe8626c2a9111d2e27da1272363a6b14032bdf16258c080e43

SHA512
d364648bd191ffea69648a12acc1fd37199a31e0f7322a829a62342fe33967098e5106b9a1c054d4316d0d03a62c88d5d6126aba39087ee165e46125d8efc7cb

Download Submit
/data/data/com.baidu.androidstore/files/action

Filesize
42B

MD5
130837ccb14cdc4215320de4d11838bf

SHA1
9ef7908f301c7283b35b26327d3cf763f8e47aaf

SHA256
cd5bd3b1e92f0ecd5ef550176faaeef265b7a80d87e6929b23e6528643ad5738

SHA512
be1eb0065ec08aabfcc5619cff2a92d8fa761cd9591b5e03b89546c948f9a051a10a2899bddfdfbf1df66e7de69dcc218868ad8f9ef28a96739233a604d72cfb

Download Submit
/data/data/com.baidu.androidstore/files/action

Filesize
134B

MD5
8c74761722acba71e64fc6ae0d530f04

SHA1
7236df8a69a0750bc618c94abacbd39e381c0130

SHA256
a39100ecf648096e186f095ab0de655ac45a2847c513c43b2261363560190aed

SHA512
6142e3983023a36e3050431f82a3b69327f5c08fd99d83efc123698ef7a8f301a89c8083cbcec2d97bb63ceb8f54a98f32affa58581fe9d419ae423d83b5ea11

Download Submit
/data/data/com.baidu.androidstore/files/action

Filesize
42B

MD5
c8a8e7ba925e53f3a8cc9c81d40db748

SHA1
73dfb921211b624ec7d115ddf19e95c866bb9f6c

SHA256
f96d1bb23006cd7fe8ec4adfef8fae891bb59a0f0ba8e50bfe9e1f17516725c2

SHA512
5d319ab9b30c23921e05edb6bd1ef62431be3f5b65b98f46fc4ab812da9e5577e54c315a69de022f9e6c3e60b4ca04cee7c2551002a243d0b5796246933c55bd

Download Submit
/data/data/com.baidu.androidstore/files/action

Filesize
42B

MD5
21e2b60f2fedca55f5c33880461ec36b

SHA1
8f66831812c48c5a5a54578ce762aaa3f072aa41

SHA256
fc848ac25a016194b40381c87c0ba2b64c63beb8ef0c05cc6bee3bc2ef2c2b93

SHA512
f0bf34b5d6659bd801ff600f3ace848451ca36fc24a6cfb0724c4ce168969b16a6cba8c52e1cb542bf1f88da24df0e3bc5293eb203d9317708d0ef9b90b89e8f

Download Submit
/data/data/com.baidu.androidstore/files/action

Filesize
950B

MD5
eda8d336cade2a128f1cc66d7eee8666

SHA1
9a9f5dba78f4663c1805e9e4c24982e224df0e54

SHA256
2cf34d77e45b52b8c478c7426669eaeea282ce76b1eec7c57f06410533a20a59

SHA512
2d8e74efe9acc692bfa517135a25afd5f11a86dd73cb9e24485f5a9ad2e6df44524dd61485472e98e9975c93cc7a892ad1529e890561bf7e2fad5a3808659d93

Download Submit
/data/data/com.baidu.androidstore/files/basicdata

Filesize
496B

MD5
a7efba8fbdae054bf5d39441a16c03b5

SHA1
139eb382b02389f67539fb7480b2f22f66c2af08

SHA256
6c6ffe243a5ac6b9d39d0181af3a620bf973e37d1399548f619ef19c63181d02

SHA512
721a312a4cae1d3f7214c11d7ef7e2307ebabe285935e01b00a948ae1209d6dabff3fa68a7db37b489525d6ed03eb67387977b67446719af630877d059e210e7

Download Submit
/data/data/com.baidu.androidstore/files/basicdata

Filesize
1KB

MD5
135fb1e7b2fd5dd9476493f8ffe440c8

SHA1
be10ac04e1872c9e5c1e873674a6367190e6d00c

SHA256
3dd5cf136f02c93935b97d7cc49d135814c8dd6adf8fbb822557c9a00ff6668a

SHA512
089d816c157ec0e444d52556f06043319a6d459b3801fff57eca75e402231e835ecfe11e1bfe478d730fc393a9d97cdffdc8fa0869bd4655c58ef608cf61e04a

Download Submit
/data/data/com.baidu.androidstore/files/libprocmox_v1_4.so

Filesize
5KB

MD5
8eb10043948109601f47ebcfef9efeaf

SHA1
98b1d03a9533086c3b60dddc46378cee601f1d5d

SHA256
78df1b79b59165733d01dba7cebbc518861a6bb8a1282598dfac0391dba85604

SHA512
216c4a2da6ec0f96dfa2c217fe08b462f2fa7ed072fc5e1a25418a86c7730e208c930918d4ff23129100f1b904163c1c1cd1ecd7d9b52fd50dae5a18b4423d9e

Download Submit
/storage/emulated/0/Android/data/com.baidu.androidstore/cache/uil-images/journal.tmp

Filesize
31B

MD5
8c92de9ce46d41a22f3b20f77404cc1d

SHA1
8671a6dca00edb72be47363a7071be65cf270373

SHA256
68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

SHA512
30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

Download Submit
/storage/emulated/0/baidu/AndroidStore/channel

Filesize
5B

MD5
bfe279945c6109d067bcd295b5189d86

SHA1
9969230fa9c65716f6f82a97c9ba7c7007609014

SHA256
a89151ba4b5ac0f22e96b71b963db927791d3808f5175f06ae4a60de5891bf0f

SHA512
c843adbb98d263d02ce3f9d3d9c684b9cfd8e61e8b155d8349317f122fa9089119e8eeced1a0f0f134db68a0b88ce095273acb863c86c1be6f9b8e4682eb00e9

Download Submit
/storage/emulated/0/baidu/AndroidStore/http_cache/journal.tmp

Filesize
35B

MD5
49b6c209156618d0d45a2cb493e2bb32

SHA1
7804fbc9e5638290648d45ae514a02734d859233

SHA256
49e3398c68645a4911c4f4c8edb113943fb421bb7783e949a00d56eec3b925d9

SHA512
c19e07fe3790dc082a6c421d742b1f3c51558154a555e1fd7d154e61db2046cc83eb9a26889159982b5afdbaf98442761d6fc24536c8ce97168bd2e51a55ebd6

Download Submit