d3528158eef6b0529aeabf168cfafc5ac01acfd7616d43de0ac953645cc298ae

Analysis

max time kernel
87s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
22-05-2024 16:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

67e87219fc9ae32e7e99ff15b63b0e9a_JaffaCakes118.apk
Size

6.0MB
MD5

67e87219fc9ae32e7e99ff15b63b0e9a
SHA1

17393e329b9326aa7f2b1b73a4f334ddae521068
SHA256

d3528158eef6b0529aeabf168cfafc5ac01acfd7616d43de0ac953645cc298ae
SHA512

3c0385d0c950b81511042af2fb56fc49b847c2df7e1bd22a30871997afdae3a6fce6b5d4225dbd3f99ff824fa3ee862736cacd061d55f64aed6d9dfac72bbb15
SSDEEP

196608:6SS+n/oPlNaJ7tw5d9G6odpg71PoUHBpP:vS6/+lNYu5VodK71Po8

Score

7^/10

discovery evasion impact persistence

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.kingkr.kfqhwek

description ioc process

File opened for read /proc/cpuinfo com.kingkr.kfqhwek
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.kingkr.kfqhwek

description ioc process

File opened for read /proc/meminfo com.kingkr.kfqhwek
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

T1422

Processes:

com.kingkr.kfqhwek

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.kingkr.kfqhwek
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

com.kingkr.kfqhwek

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.kingkr.kfqhwek
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.kingkr.kfqhwek

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.kingkr.kfqhwek
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

T1471

Processes:

com.kingkr.kfqhwek

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.kingkr.kfqhwek

description	ioc	process
File opened for read	/proc/cpuinfo	com.kingkr.kfqhwek

description	ioc	process
File opened for read	/proc/meminfo	com.kingkr.kfqhwek

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.kingkr.kfqhwek

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.kingkr.kfqhwek

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.kingkr.kfqhwek

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.kingkr.kfqhwek

com.kingkr.kfqhwek
1⤵
- Checks CPU information
- Checks memory information
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4324

getprop ro.product.cpu.abi
2⤵
PID:4526

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.kingkr.kfqhwek/app_tbs/core_private/debug.conf
Filesize
101B

MD5
fc6c0b6009dba39def892a365051007c

SHA1
a4d0c96965e566f5d889f630f9fb5f5ca01f2698

SHA256
8418a57f31f5537110d25bf64b35b40b3e9c8f9816ee9b7b4df6c02bbf2c668a

SHA512
02bb9770669185ee01e3d5c5bc9545cc020f1355ebaec7502684ceaaae8b02b9cd17763161b61f70c02318125050f2063d09f982f56b049544628f1686fc2f27

Download Submit
/data/data/com.kingkr.kfqhwek/cache/image_manager_disk_cache/a6dcd3d49292b10a519c184949a138204a20ae45dd947162eedcfe2d63f6eecc.0.tmp
Filesize
28KB

MD5
d4e42d0b7075c5d677820cdcaaf86a2f

SHA1
829a9414e2b8be4c2ebe31013c5bf42df39a9c49

SHA256
21a8964782ddbc2f110075f5813d8cb588a2d41b76979925070f6227caf68367

SHA512
9c4974e350da5654a9b26e391dc19ac3343cef31f70e767e79892d4f87379becd90351f5305520f09c7a7862345571022ea387f8690878ae2ca63db6b80fc6c4

Download Submit
/data/data/com.kingkr.kfqhwek/cache/image_manager_disk_cache/journal
Filesize
179B

MD5
f4ce75a0e6cb2a3dd19e0dd912a23295

SHA1
10adb2cd53bbf7df598ef68da501ba5086c6f6e8

SHA256
45685c21a0462bd12877b2294475b6d05dea1dd87a2940a86d78192704ca1502

SHA512
c6cb91e5366d8c617e4ed9d9dca42d1bb8bfb17125e3fda6e54a6e546a22aacb3b5ea4687c476100a5a81e859fffdad2816325ffdaf0187ada11750a3fdc16b9

Download Submit
/data/data/com.kingkr.kfqhwek/cache/image_manager_disk_cache/journal.tmp
Filesize
31B

MD5
8c92de9ce46d41a22f3b20f77404cc1d

SHA1
8671a6dca00edb72be47363a7071be65cf270373

SHA256
68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

SHA512
30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

Download Submit
/data/data/com.kingkr.kfqhwek/databases/bugly_db_
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.kingkr.kfqhwek/databases/bugly_db_-journal
Filesize
512B

MD5
9b2304b8158575a5851df256d19ecec2

SHA1
411a9f16d620a1bf2ff5a5e9a41954bfdc609d89

SHA256
d1bbc2552f87fdb9b74230daf4f7ceae0e34b01c293d82bbb54178bba208e8a0

SHA512
104f1b4a2fc760c18cd3a9591788c9401fac8cf19bde6c0258d8dcf1735706c0459ebd94328e73b9cda327f275f77a80bbb3a86bc46945db28eb393910b12a3a

Download Submit
/data/data/com.kingkr.kfqhwek/databases/bugly_db_-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.kingkr.kfqhwek/databases/bugly_db_-wal
Filesize
52KB

MD5
e0639c78168fc9591cc730f77076118e

SHA1
e5dce446c2c8fcf1322286570c1729f7326d4d5d

SHA256
4e5badd58e48f5bf90858f4f103572a2c32d2fac141f99a3d7fa96d44016e924

SHA512
94f6d42e9d692f1eb1668f3a2d95b905a74e5aa34eaaacf48b2efdb91b8d38d74646668692acaae3ca2c4ba50d7493c754e4792f062677b1f7c482eda87dd10d

Download Submit
/storage/emulated/0/Android/data/com.kingkr.kfqhwek/files/tbslog/tbslog.txt
Filesize
7KB

MD5
2e81461b0a5d12bffa9958c91853142b

SHA1
934445908515218a7e6dc3490db5f5a27128a773

SHA256
78e69b46a759e3427f79a7a28d99c8103bc3d6caba129c3179698db7764311f1

SHA512
4a584a9710ee4342676338b82ac633413b5e839e084e19a0fe1f1a5e2793cbfb2a1e21d6a906cdd79e67a5bbf4014342e8a07e1b178052ca4c4284913e81f8e4

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads