0b4cec54a8e425ac4640230f085f1f937b7be90cd017aa3794e87b0fa7eacd18

Analysis

max time kernel
104s
max time network
156s
platform
android_x86
resource
android-x86-arm-20240506-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240506-enlocale:en-usos:android-9-x86system
submitted
13/05/2024, 20:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3c7244dbdf0d7797d774264e6415c631_JaffaCakes118.apk
Size

7.7MB
MD5

3c7244dbdf0d7797d774264e6415c631
SHA1

fb3f6ae18fd5cc8da975153a0ad87d89564d1e10
SHA256

0b4cec54a8e425ac4640230f085f1f937b7be90cd017aa3794e87b0fa7eacd18
SHA512

6e81ba15a799925dde69116f10d310638fc8654efa5484bd529ca96cdb3d4d139cd05ad6dd5f85cf3a80ef4d3acc43c69c7e39b6cb52b641903f3dc5c96b052a
SSDEEP

196608:U9hiYSn/9G6odpgYG4hRdJB7E0EGKOauNrRUuCcknoawsx:U9hiYSn7odKYG4hj+Oj5Sysx

Score

7^/10

discovery evasion impact persistence

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.kingkr.ksadkud

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.kingkr.ksadkud

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.kingkr.ksadkud

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.kingkr.ksadkud

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.kingkr.ksadkud

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.kingkr.ksadkud

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.kingkr.ksadkud

com.kingkr.ksadkud
1⤵
- Checks CPU information
- Checks memory information
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4281
- /system/bin/sh -c getprop ro.board.platform
  2⤵
  PID:4314
- getprop ro.board.platform
  2⤵
  PID:4314
- /system/bin/sh -c type su
  2⤵
  PID:4400

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.kingkr.ksadkud/app_tbs/core_private/debug.conf

Filesize
101B

MD5
ee59b7222dc55bd3a1ecbaa78d317e0f

SHA1
1674cc2e8cedbd9b8c2ed95f02e048223b35f60c

SHA256
2f53083748a9640c97605f520d42b9bdfd256c8b31863ad872016a7f6f4c18e5

SHA512
bb33efc4be33e01bbed3551060dd26c21acaf8ee9cb4eb0cb5ef369adcdb6a021107574fc259bd62b703027f65a2edfe46fada39b216579a051eb969bfc252ac

Download Submit
/data/data/com.kingkr.ksadkud/databases/bugly_db_

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.kingkr.ksadkud/databases/bugly_db_-journal

Filesize
512B

MD5
3c3fbc4abd5a3a37dfbbce9145df598e

SHA1
eac4e43c12da73dcb98a5de5ecefa806e0645448

SHA256
f95d7d46646ba84257aedb66ec6cd6957b98006d296ff95b904cc8605cf5486e

SHA512
65c6512e9ad92ff88f1857d72a1bde35359c3adee9caf757b07e44f895e14a6a73a0094f879c6573efebe4ab6cfa1b0b4080516778f5d6a4749272699ee27c93

Download Submit
/data/data/com.kingkr.ksadkud/databases/bugly_db_-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.kingkr.ksadkud/databases/bugly_db_-wal

Filesize
52KB

MD5
6134d1aac5f2602b4c3e06a272d6c929

SHA1
be40dc9b7c5e1a7d3918845aa82f44facf15b09e

SHA256
51c56d2be99ff8bbd522896c31f9767f408a8f4dd0374180bb5f7dfaebc19f78

SHA512
1bab1dcbbd4c907844d3e35a373dc3fe89400a0a0194ce11b731a434c86e353474afa6d658dff5502ee8ef85facfe6bbf5f1fc0d134cf6ec24d53d38ed0eba38

Download Submit
/storage/emulated/0/tencent/tbs/tbslog/tbslog.txt

Filesize
1KB

MD5
0b4ea7a6e87d3b1ef26d10bf9dd72bab

SHA1
41c8c947e965c8ff1ebeca3979a9b219be1ab7fe

SHA256
a667edba1c213e6c2930e002a7a39fd3def01af3c161d0d982495b34617b95c2

SHA512
6d3d3337b6df9f2aa601aff61d2a61cb26e7fd2dc27af949a859b98f9c5f9b9380ca33eec2c1ca33b5bf8f38365bd6ef836489c4afad1d85878dea432716cfc8

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads