Overview

overview

8

Static

static

6

691fb5babb...18.apk

android-9-x86

8

691fb5babb...18.apk

android-10-x64

8

Analysis

  • max time kernel
    65s
  • max time network
    168s
  • platform
    android_x86
  • resource
    android-x86-arm-20240514-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
  • submitted
    23-05-2024 00:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    691fb5babb58e82181b7e7be7dc1d8f2_JaffaCakes118.apk

  • Size

    16.4MB

  • MD5

    691fb5babb58e82181b7e7be7dc1d8f2

  • SHA1

    5909cede2c403fa3b6517ae8103c06f8c9799f8a

  • SHA256

    304e454ae504b02dba1bc2cec7131dd8b393820a3590a089df0bbecc03670d4d

  • SHA512

    cdbe11f72cd595790a90caa73f59d3586635a41a33a4e89a7f53f843db8f6be115fee91e9cc04e8c84b0d290116ac4d9b1bf0c5d0529e5cd6622dbcf308d37a8

  • SSDEEP

    393216:3sYmWs03MzDeayBzgHMkJb6GaT+bHiz1FHqVuPGF5vDNgF48g:3sYmWs5TyZM1OnuCz1FALRrt

Score
8/10
collectiondiscoveryevasionimpactpersistence

Malware Config

Signatures

  • Requests cell location 2 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

    collectiondiscoveryevasion
  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

    evasiondiscovery
  • Queries information about running processes on the device 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
    persistence
  • Checks if the internet connection is available 1 TTPs 2 IoCs
    discovery
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
    evasion
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
    impact

Processes

  • cn.k3.k3
    1⤵
    • Requests cell location
    • Checks CPU information
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Listens for changes in the sensor environment (might be used to detect emulation)
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4313
    • ls /sys/class/thermal
      2⤵
        PID:4356
    • cn.k3.k3:pushservice
      1⤵
      • Queries information about running processes on the device
      • Registers a broadcast receiver at runtime (usually for listening for system events)
      • Checks if the internet connection is available
      • Uses Crypto APIs (Might try to encrypt user data)
      PID:4388

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • /data/data/cn.k3.k3/databases/k3.db
      Filesize

      4KB

      MD5

      f2b4b0190b9f384ca885f0c8c9b14700

      SHA1

      934ff2646757b5b6e7f20f6a0aa76c7f995d9361

      SHA256

      0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

      SHA512

      ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

      Download Submit
    • /data/data/cn.k3.k3/databases/k3.db-journal
      Filesize

      512B

      MD5

      fd62449e615cc64bfb0bfd87157c2b46

      SHA1

      e5322c0f01c68065f81395b9662858f2613e2cf2

      SHA256

      30c11bc3be59f190b333837b45d44fe461f539dd5ca9e21e49847e93320ee464

      SHA512

      0d6e842cd15938ed1ae72b4fd2c1962bfe10354a79c8fd3cd7f8d0340b1921aa72c80ebcf29fd2af5a13af865a7ee00b96326caa9d0b6121cd899fb21614746f

      Download Submit
    • /data/data/cn.k3.k3/databases/k3.db-shm
      Filesize

      28KB

      MD5

      cf845a781c107ec1346e849c9dd1b7e8

      SHA1

      b44ccc7f7d519352422e59ee8b0bdbac881768a7

      SHA256

      18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

      SHA512

      4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

      Download Submit
    • /data/data/cn.k3.k3/databases/k3.db-wal
      Filesize

      32KB

      MD5

      dfcb7a4a82e2d09804f047664be1a297

      SHA1

      50dd5b9de1db459ddab36e9ca9997abf908365af

      SHA256

      509f5d90f626e36fa988f9957c0c2872a623f38c733c095d26f25fa4945ba10f

      SHA512

      80adf94eb7f71cb279163c872c9e6a1a9ef4f583ea87cbcdc40ef222bb9615349af3591d0e6ede5f6d79e310b98b77329a6b1384740c58542f073cb0180b0cd8

      Download Submit
    • /data/data/cn.k3.k3/databases/pushsdk.db-shm
      Filesize

      32KB

      MD5

      bb7df04e1b0a2570657527a7e108ae23

      SHA1

      5188431849b4613152fd7bdba6a3ff0a4fd6424b

      SHA256

      c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

      SHA512

      768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

      Download Submit
    • /data/data/cn.k3.k3/databases/pushsdk.db-wal
      Filesize

      116KB

      MD5

      56d5cce20136f67d797f409e187156c6

      SHA1

      618eb7b589667e371b1804c6233d4381c5fd108d

      SHA256

      b41472504f66755033d0b72038707b1b7214d23d30909abdafed635c661538aa

      SHA512

      819fabd0f823fc98f8bd08f030e69a51e5ca01aaac4fec25dbdcdfb1ae58224139ad4bbfa7cd698398078161f6008436ba7c8aa0beffb7820ca0aac290993779

      Download Submit
    • /data/data/cn.k3.k3/files/Mob/domain_1
      Filesize

      14B

      MD5

      994736357872594fb6c09e400883bb39

      SHA1

      50f5864cfad7173b8c872ca7d6f2ba02d512f691

      SHA256

      08ed33259b3491178d7d853217dfff77e87910faeeb49610870ccde7a02aab7e

      SHA512

      24bb455ad1cd25b84ff5817567f88e259f6636f481bc2071cbb92948f587d5a49a650b35562d6c993f8d4a9390f8eeddbc56f748a7be3a2577e3ae8885a4eb67

      Download Submit
    • /data/data/cn.k3.k3/files/libcuid.so
      Filesize

      129B

      MD5

      86686f546467dd9dfcb41fe27004d401

      SHA1

      c2226d90b8d7b0034f7b175a2e06cf8bc9e3b7fe

      SHA256

      3d472c3d5a98f64811f1b2acede6420de383db466e4c7a3b9197f12383a1ca4a

      SHA512

      93b69bafdd26fd890b2385be1a6bfdca834c6cdba4c7c427c6359786e54a1ba32af5876fc5133a72dcad0b7ed82d224a40e5c77d3a1efaf222f31cd6d25b3082

      Download Submit
    • /storage/emulated/0/Android/data/.mn_410185822
      Filesize

      130B

      MD5

      f321656a466363e5192773d92000e401

      SHA1

      3a6abe9be1a6f4deffaa98fd27f3449c888d3c4a

      SHA256

      53efd5207de6ed80429ec3c7865eed2b64023a0ed66e0fd29e7f45b708a1751c

      SHA512

      fcf6884bf5ce8d10b3a3dd461fad96cb6cf0bc4129e01788de112551230fbc4d8ea6961b04411d1c7816e248437c4560277069d9c544e5450612abc0e2c0171d

      Download Submit
    • /storage/emulated/0/Mob/comm/.di
      Filesize

      57B

      MD5

      70a42cba408700f9a6c01c7941a8829e

      SHA1

      eab01cc2c0671538795fb0b1146017dc099d0984

      SHA256

      499576707ce2623293166979e59c832be5b8636c64ad39aa63ebcf961910c35f

      SHA512

      8900d4dc8eed0430babbacb72942401bd22ef7fe5430cad90d3ce0c2c53010220d666aa0e2eb1026f3ec81d574c7fa12585b49222a5f15b01637f6ba134fe70c

      Download Submit
    • /storage/emulated/0/libs/cn.k3.k3.bin
      Filesize

      79B

      MD5

      5252230abcaf40d161625ea003e9982c

      SHA1

      a0dea69e5889eafbd3784d7e4a16f0bccb70c357

      SHA256

      151550961c6b07bf5375e956a1dce1d6a65bc929f0d74e24132abbb1af42be0d

      SHA512

      6d3edc5075f70e4c777e0071a066c7e20d8973a814e1ff24e1087a08e8894a0966d49a6033976c3ce18963e08c8f7eb2e0a5cda99addaf9aad5cec8e1c7faade

      Download Submit