Overview

overview

10

Static

static

10

25308c7baa...18.apk

android-9-x86

7

25308c7baa...18.apk

android-13-x64

Analysis

  • max time kernel
    56s
  • max time network
    154s
  • platform
    android_x86
  • resource
    android-x86-arm-20240506-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240506-enlocale:en-usos:android-9-x86system
  • submitted
    08-05-2024 14:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    25308c7baa082dcb13e994801e1a9635_JaffaCakes118.apk

  • Size

    28.4MB

  • MD5

    25308c7baa082dcb13e994801e1a9635

  • SHA1

    e79eea0ea3e507f8ddfcb64f819ef2c1701952ad

  • SHA256

    76253fa1d97dd5a8e8a5c016e9b6492691b32bcffab7e67f4b3a36f6d010d870

  • SHA512

    f20928ff4d5ba7fea321e257cc94f3cd49f4bb90d08063590232d8053ad3c448b83a5e1294700ebad62e4eef1074096029241c72b983c56fe4ef410bc4b6ee82

  • SSDEEP

    786432:Z+TheO5EzBS9tP1ol9aaYiQ2pTqcGHAjfN4JCN:Z+TUO5YBc9ol9PKHy4JCN

Score
7/10
discoveryevasionpersistence

Malware Config

Signatures

  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

    evasiondiscovery
  • Loads dropped Dex/Jar 1 TTPs 4 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Queries information about running processes on the device 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Acquires the wake lock 1 IoCs
  • Checks if the internet connection is available 1 TTPs 1 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery

Processes

  • com.nkm.kp.hh
    1⤵
    • Checks CPU information
    • Loads dropped Dex/Jar
    • Queries information about running processes on the device
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Acquires the wake lock
    • Checks if the internet connection is available
    PID:4465
    • getprop ro.product.cpu.abi
      2⤵
        PID:4527
      • cat /sys/class/net/wlan0/address
        2⤵
          PID:4647
      • com.nkm.kp.hh:mult
        1⤵
        • Loads dropped Dex/Jar
        • Queries information about running processes on the device
        PID:4576
        • getprop ro.product.cpu.abi
          2⤵
            PID:4664
          • cat /sys/class/net/wlan0/address
            2⤵
              PID:4712

          Network

          MITRE ATT&CK Mobile v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • /data/data/com.nkm.kp.hh/.cache/cert0
            Filesize

            585B

            MD5

            b418b626c88955dfca839ccd095fda76

            SHA1

            0cbda4d8571097c22555dcc6cd45607b36b4e877

            SHA256

            d9272b0c043830adbb9f090aea1cdfe968d595f7536d34baace3fe2b4d0dce6e

            SHA512

            16b33b928c4c6e95e1255d63291ad1183bd1f161d4c5d4f395c98315a8070c4049936b40267986d8b075fecc325485ed847c1b2f5f8b0006eb7dbd5f06b3ca66

            Download Submit

          • /data/data/com.nkm.kp.hh/.cache/classes.dex
            Filesize

            5.7MB

            MD5

            80d2ba3f6aa9b6f4ed65e6e1bd33e6bb

            SHA1

            80c6bba82a58479cbad279ac0ffc0c177ccd1497

            SHA256

            eec45eaf9726e8d11ce856ea98dc7eca7e19c9bc03c00b6418bcd96eb7f4bf2f

            SHA512

            0a8ff4bad7300324c12f29eb00e0529271db6d4b6c77959d55e178e0f53122f6bb791ddcccafb8446b90d132da3cea07135d674d9ad918b07319cb5e1ef764d4

            Download Submit

          • /data/data/com.nkm.kp.hh/.cache/classes2.dex
            Filesize

            3.6MB

            MD5

            129e4ead54f7f92b33c5e897b4f69c3a

            SHA1

            a4c711f513e587f8b07c909e1e2bb472d0a5d310

            SHA256

            2926872f28cbab68c423c01babbb82e7366bb521387157e4de3ac94ce59b212c

            SHA512

            0c892b059aae2c8fa9c2a8f71e34d983e211a635fa4a061f731228d3fa6d5b5782e46b397e0dfabe97489b73f6afc68805a4aec4518ab1dc2551c8eba3fc4820

            Download Submit

          • /data/data/com.nkm.kp.hh/.cache/datarc
            Filesize

            19KB

            MD5

            bb321b633ae18d088a7536af34fa4bd2

            SHA1

            10496aa17258f9669839f3075e8017fb70fb1d39

            SHA256

            2d748db70dbecf252557ffa492057e5984ee6f2d40728359e2e5aa14e01a1929

            SHA512

            503acbac92faaf9ea84a0e6bbf80fd35d88b77fcecd18b25b64835705b1e69599905c44afea29ecd1d7b96a2558999f4d66d0090bb8026334458e664eb0505d4

            Download Submit

          • /data/data/com.nkm.kp.hh/.cache/libhdog.so
            Filesize

            13KB

            MD5

            b72b632e0dca729bbdc749105400e45e

            SHA1

            e8558a2f6f2fa63c123169ff984bed37f721e91f

            SHA256

            15e1bec27b8a87124b0073485eb1620a2b0997375892faa31cd42859a7dac4a7

            SHA512

            6cd455869d0e177ca0e4188ff01c6ba7d949aec7d78cfe534dad5c3029109c91e9c7ae9afb0c0ca756eec26733530fbb328412e9784c5a5fe3762ea33147e1df

            Download Submit

          • /data/data/com.nkm.kp.hh/.cache/libvdog.so
            Filesize

            1.1MB

            MD5

            313aa27ae5757f547ebc57f191da274b

            SHA1

            15b2d0ad88753a50e5e4a96f4d5fa05103fe7dfd

            SHA256

            b76acec05a7fcc9a9c7d9ef47e8deb34604c0b73b592da8cc661bd8165f0262e

            SHA512

            ec3dcf0b99d2c564625f61db6c96fa4b8c3c836725b06aee9394841e968c032dfdfe96528ce042b971237a077ec6a6fb50a97027159e09653b85813d5eae184b

            Download Submit

          • /data/data/com.nkm.kp.hh/.cache/main.data
            Filesize

            13KB

            MD5

            c90674f4d99bda7b2e858d5eb6c09142

            SHA1

            8874191623681805a29b68f1f7e27746507d198a

            SHA256

            59176e8531a559015c393998eec3eef4fe68b716fc69ff81c83645f988049688

            SHA512

            be40c8b79b83f5183afb08f5640abc0195fb81860e507e81b9ea83a2434a5215fdc4eb7e52009fb8e82b9536cc742ea8e5e124295e2fd97570231f453b456c73

            Download Submit

          • /data/data/com.nkm.kp.hh/.cache/res.data
            Filesize

            271B

            MD5

            08043dbd29ddf57937f2dbcda6be9a2d

            SHA1

            5d50fa1f3aab23f5a66a6781104d5ca20664c64b

            SHA256

            0a383d2399f10228041dec357058d4eb0da0ab4a81f5682460cfa48afd79e7a0

            SHA512

            da7895fa7469be6d5cbb6a430103e64a920d99461ee8fbfdcd38cc9f0e2ad0c12fdc15ea469e165952f8a1649d2fa5d6e702ec4b4f4b2c49ce5cb712b0c0340e

            Download Submit

          • /data/data/com.nkm.kp.hh/.meta-inf/enc.mf
            Filesize

            117KB

            MD5

            2abab397ac0f50564dc3b2b08a810a22

            SHA1

            6df75893d4e835250b6aa4c86d9c10f8288564cd

            SHA256

            cb41c427c0aabaab8a718d3ff9b637319679df6be97483821a97b29014798c6e

            SHA512

            efe8b9939dd93b43afa37a7ca0d3454bbcf78cbd13ca8a82e6c3ce73b9461b4281b641818a9634000b64218cfb5ef1b2b8a9ca60021ef05934567448e800a15d

            Download Submit

          • /data/data/com.nkm.kp.hh/files/AppEventsLogger.persistedsessioninfo
            Filesize

            495B

            MD5

            7682d25cb62aeceffb245304ddcb9eec

            SHA1

            7872eadf07e23548f0576e49dc80a81f48ee1aa8

            SHA256

            2b624cd311167d0fee460cbc36fc1689c769b4bbdba6d6db71c1453222263798

            SHA512

            d057d8df7505c5b78872eddc1946a7c4afc5c6bb460d87185afe0902410483ec3d6cc8671a9d48b696186a8c425102ebfe1529d174888c2579b19d933188d979

            Download Submit

          • /storage/emulated/0/Android/obb/com.nkm.kp.hh/main.77258.com.nkm.kp.hh.obb.tmp
            Filesize

            254.2MB

            MD5

            cea85453de66d6ce10a2184588b4e28b

            SHA1

            007e66444e2f2337b7fc995fb25f4df3b3a0dda1

            SHA256

            d9badd81739e03f17c59234e9ada98ce719991c067c8f643d022596327ac5508

            SHA512

            c4be3ce24e607e02b2d8501e397490cf49169f6da47cd7d2055aa2cc5160f35afed98da62f98c4b338bab4b4bc4dfaac2e66022eb463412787cd5aefda7e0a31

            Download Submit

          • /storage/emulated/0/data/.push_deviceid
            Filesize

            32B

            MD5

            bae9599939849ce83da8916388e15a91

            SHA1

            aa1486aab279006cf340b441051ce5f72ac89881

            SHA256

            fcd27cba7fe7fb91f99663970cedfd57a339be2b3186170477b9d230bc6c81d6

            SHA512

            8fc668a6052b2d68e90bd3fd652e28949b6caebc833d78bdcbcc7f4aac4436970c0d80cee6fefcd7e0176930f3e86b8d42a548bf6b9704d71eac85dd60ea0a31

            Download Submit

          • Anonymous-DexFile@0xd2f60000-0xd32ff2e8
            Filesize

            3.6MB

            MD5

            df57b168ac299637e9303b6230d415ff

            SHA1

            7ed97e2961d583dac9d4068cfe95cd2f71ac91d5

            SHA256

            52fb7dc77e2c514f9e1689a326ac5e8fa7078184461aaa3fc9e0c0f11f8ced39

            SHA512

            9ad89061ea77317aec5162cd4e04ad8b52f24971a27adea9d19703b18cbe39b590f85228c25b69920b71a87633c92d2ba4343d0e8df543e0f66924f197eaecd3

            Download Submit

          • Anonymous-DexFile@0xd3712000-0xd3cc7868
            Filesize

            5.7MB

            MD5

            a663f2d5bb6762e8d399877ca774bf9b

            SHA1

            d303ab4b9e48496d5b014984e252199aa893b21a

            SHA256

            aa415d521f9500e4928476e1f023607550c9dda07cf53b012c7112e196163b55

            SHA512

            073803bf49073050a7907e270a1a7a1c58a8885c4de9899adfd964ea10113bdbed32c891b0bf2b2295796c704e6d8b1866b8f3f75dd91c9adea00c9df5746c6d

            Download Submit