Analysis
-
max time kernel
87s -
max time network
131s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system -
submitted
22-05-2024 16:39
Static task
static1
Behavioral task
behavioral1
Sample
67e87219fc9ae32e7e99ff15b63b0e9a_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
67e87219fc9ae32e7e99ff15b63b0e9a_JaffaCakes118.apk
Resource
android-33-x64-arm64-20240514-en
General
-
Target
67e87219fc9ae32e7e99ff15b63b0e9a_JaffaCakes118.apk
-
Size
6.0MB
-
MD5
67e87219fc9ae32e7e99ff15b63b0e9a
-
SHA1
17393e329b9326aa7f2b1b73a4f334ddae521068
-
SHA256
d3528158eef6b0529aeabf168cfafc5ac01acfd7616d43de0ac953645cc298ae
-
SHA512
3c0385d0c950b81511042af2fb56fc49b847c2df7e1bd22a30871997afdae3a6fce6b5d4225dbd3f99ff824fa3ee862736cacd061d55f64aed6d9dfac72bbb15
-
SSDEEP
196608:6SS+n/oPlNaJ7tw5d9G6odpg71PoUHBpP:vS6/+lNYu5VodK71Po8
Malware Config
Signatures
-
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
-
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
-
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
com.kingkr.kfqhwekdescription ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.kingkr.kfqhwek -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.kingkr.kfqhwekdescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.kingkr.kfqhwek -
Checks if the internet connection is available 1 TTPs 1 IoCs
Processes:
com.kingkr.kfqhwekdescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.kingkr.kfqhwek -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.kingkr.kfqhwekdescription ioc process Framework API call javax.crypto.Cipher.doFinal com.kingkr.kfqhwek
Processes
-
com.kingkr.kfqhwek1⤵
- Checks CPU information
- Checks memory information
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
-
getprop ro.product.cpu.abi2⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.kingkr.kfqhwek/app_tbs/core_private/debug.confFilesize
101B
MD5fc6c0b6009dba39def892a365051007c
SHA1a4d0c96965e566f5d889f630f9fb5f5ca01f2698
SHA2568418a57f31f5537110d25bf64b35b40b3e9c8f9816ee9b7b4df6c02bbf2c668a
SHA51202bb9770669185ee01e3d5c5bc9545cc020f1355ebaec7502684ceaaae8b02b9cd17763161b61f70c02318125050f2063d09f982f56b049544628f1686fc2f27
-
/data/data/com.kingkr.kfqhwek/cache/image_manager_disk_cache/a6dcd3d49292b10a519c184949a138204a20ae45dd947162eedcfe2d63f6eecc.0.tmpFilesize
28KB
MD5d4e42d0b7075c5d677820cdcaaf86a2f
SHA1829a9414e2b8be4c2ebe31013c5bf42df39a9c49
SHA25621a8964782ddbc2f110075f5813d8cb588a2d41b76979925070f6227caf68367
SHA5129c4974e350da5654a9b26e391dc19ac3343cef31f70e767e79892d4f87379becd90351f5305520f09c7a7862345571022ea387f8690878ae2ca63db6b80fc6c4
-
/data/data/com.kingkr.kfqhwek/cache/image_manager_disk_cache/journalFilesize
179B
MD5f4ce75a0e6cb2a3dd19e0dd912a23295
SHA110adb2cd53bbf7df598ef68da501ba5086c6f6e8
SHA25645685c21a0462bd12877b2294475b6d05dea1dd87a2940a86d78192704ca1502
SHA512c6cb91e5366d8c617e4ed9d9dca42d1bb8bfb17125e3fda6e54a6e546a22aacb3b5ea4687c476100a5a81e859fffdad2816325ffdaf0187ada11750a3fdc16b9
-
/data/data/com.kingkr.kfqhwek/cache/image_manager_disk_cache/journal.tmpFilesize
31B
MD58c92de9ce46d41a22f3b20f77404cc1d
SHA18671a6dca00edb72be47363a7071be65cf270373
SHA25668bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA51230f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56
-
/data/data/com.kingkr.kfqhwek/databases/bugly_db_Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
/data/data/com.kingkr.kfqhwek/databases/bugly_db_-journalFilesize
512B
MD59b2304b8158575a5851df256d19ecec2
SHA1411a9f16d620a1bf2ff5a5e9a41954bfdc609d89
SHA256d1bbc2552f87fdb9b74230daf4f7ceae0e34b01c293d82bbb54178bba208e8a0
SHA512104f1b4a2fc760c18cd3a9591788c9401fac8cf19bde6c0258d8dcf1735706c0459ebd94328e73b9cda327f275f77a80bbb3a86bc46945db28eb393910b12a3a
-
/data/data/com.kingkr.kfqhwek/databases/bugly_db_-shmFilesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
/data/data/com.kingkr.kfqhwek/databases/bugly_db_-walFilesize
52KB
MD5e0639c78168fc9591cc730f77076118e
SHA1e5dce446c2c8fcf1322286570c1729f7326d4d5d
SHA2564e5badd58e48f5bf90858f4f103572a2c32d2fac141f99a3d7fa96d44016e924
SHA51294f6d42e9d692f1eb1668f3a2d95b905a74e5aa34eaaacf48b2efdb91b8d38d74646668692acaae3ca2c4ba50d7493c754e4792f062677b1f7c482eda87dd10d
-
/storage/emulated/0/Android/data/com.kingkr.kfqhwek/files/tbslog/tbslog.txtFilesize
7KB
MD52e81461b0a5d12bffa9958c91853142b
SHA1934445908515218a7e6dc3490db5f5a27128a773
SHA25678e69b46a759e3427f79a7a28d99c8103bc3d6caba129c3179698db7764311f1
SHA5124a584a9710ee4342676338b82ac633413b5e839e084e19a0fe1f1a5e2793cbfb2a1e21d6a906cdd79e67a5bbf4014342e8a07e1b178052ca4c4284913e81f8e4