Analysis
-
max time kernel
65s -
max time network
168s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system -
submitted
23-05-2024 00:21
Static task
static1
Behavioral task
behavioral1
Sample
691fb5babb58e82181b7e7be7dc1d8f2_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
691fb5babb58e82181b7e7be7dc1d8f2_JaffaCakes118.apk
Resource
android-x64-20240514-en
General
-
Target
691fb5babb58e82181b7e7be7dc1d8f2_JaffaCakes118.apk
-
Size
16.4MB
-
MD5
691fb5babb58e82181b7e7be7dc1d8f2
-
SHA1
5909cede2c403fa3b6517ae8103c06f8c9799f8a
-
SHA256
304e454ae504b02dba1bc2cec7131dd8b393820a3590a089df0bbecc03670d4d
-
SHA512
cdbe11f72cd595790a90caa73f59d3586635a41a33a4e89a7f53f843db8f6be115fee91e9cc04e8c84b0d290116ac4d9b1bf0c5d0529e5cd6622dbcf308d37a8
-
SSDEEP
393216:3sYmWs03MzDeayBzgHMkJb6GaT+bHiz1FHqVuPGF5vDNgF48g:3sYmWs5TyZM1OnuCz1FALRrt
Malware Config
Signatures
-
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
-
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
-
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
cn.k3.k3cn.k3.k3:pushservicedescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses cn.k3.k3 Framework service call android.app.IActivityManager.getRunningAppProcesses cn.k3.k3:pushservice -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
cn.k3.k3description ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo cn.k3.k3 -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
Processes:
cn.k3.k3cn.k3.k3:pushservicedescription ioc process Framework service call android.app.IActivityManager.registerReceiver cn.k3.k3 Framework service call android.app.IActivityManager.registerReceiver cn.k3.k3:pushservice -
Checks if the internet connection is available 1 TTPs 2 IoCs
Processes:
cn.k3.k3cn.k3.k3:pushservicedescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo cn.k3.k3 Framework service call android.net.IConnectivityManager.getActiveNetworkInfo cn.k3.k3:pushservice -
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
Processes:
cn.k3.k3description ioc process Framework API call android.hardware.SensorManager.registerListener cn.k3.k3 -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
Processes:
cn.k3.k3cn.k3.k3:pushservicedescription ioc process Framework API call javax.crypto.Cipher.doFinal cn.k3.k3 Framework API call javax.crypto.Cipher.doFinal cn.k3.k3:pushservice
Processes
-
cn.k3.k31⤵
- Requests cell location
- Checks CPU information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
-
ls /sys/class/thermal2⤵
-
cn.k3.k3:pushservice1⤵
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/cn.k3.k3/databases/k3.dbFilesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
/data/data/cn.k3.k3/databases/k3.db-journalFilesize
512B
MD5fd62449e615cc64bfb0bfd87157c2b46
SHA1e5322c0f01c68065f81395b9662858f2613e2cf2
SHA25630c11bc3be59f190b333837b45d44fe461f539dd5ca9e21e49847e93320ee464
SHA5120d6e842cd15938ed1ae72b4fd2c1962bfe10354a79c8fd3cd7f8d0340b1921aa72c80ebcf29fd2af5a13af865a7ee00b96326caa9d0b6121cd899fb21614746f
-
/data/data/cn.k3.k3/databases/k3.db-shmFilesize
28KB
MD5cf845a781c107ec1346e849c9dd1b7e8
SHA1b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA25618619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA5124802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612
-
/data/data/cn.k3.k3/databases/k3.db-walFilesize
32KB
MD5dfcb7a4a82e2d09804f047664be1a297
SHA150dd5b9de1db459ddab36e9ca9997abf908365af
SHA256509f5d90f626e36fa988f9957c0c2872a623f38c733c095d26f25fa4945ba10f
SHA51280adf94eb7f71cb279163c872c9e6a1a9ef4f583ea87cbcdc40ef222bb9615349af3591d0e6ede5f6d79e310b98b77329a6b1384740c58542f073cb0180b0cd8
-
/data/data/cn.k3.k3/databases/pushsdk.db-shmFilesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
/data/data/cn.k3.k3/databases/pushsdk.db-walFilesize
116KB
MD556d5cce20136f67d797f409e187156c6
SHA1618eb7b589667e371b1804c6233d4381c5fd108d
SHA256b41472504f66755033d0b72038707b1b7214d23d30909abdafed635c661538aa
SHA512819fabd0f823fc98f8bd08f030e69a51e5ca01aaac4fec25dbdcdfb1ae58224139ad4bbfa7cd698398078161f6008436ba7c8aa0beffb7820ca0aac290993779
-
/data/data/cn.k3.k3/files/Mob/domain_1Filesize
14B
MD5994736357872594fb6c09e400883bb39
SHA150f5864cfad7173b8c872ca7d6f2ba02d512f691
SHA25608ed33259b3491178d7d853217dfff77e87910faeeb49610870ccde7a02aab7e
SHA51224bb455ad1cd25b84ff5817567f88e259f6636f481bc2071cbb92948f587d5a49a650b35562d6c993f8d4a9390f8eeddbc56f748a7be3a2577e3ae8885a4eb67
-
/data/data/cn.k3.k3/files/libcuid.soFilesize
129B
MD586686f546467dd9dfcb41fe27004d401
SHA1c2226d90b8d7b0034f7b175a2e06cf8bc9e3b7fe
SHA2563d472c3d5a98f64811f1b2acede6420de383db466e4c7a3b9197f12383a1ca4a
SHA51293b69bafdd26fd890b2385be1a6bfdca834c6cdba4c7c427c6359786e54a1ba32af5876fc5133a72dcad0b7ed82d224a40e5c77d3a1efaf222f31cd6d25b3082
-
/storage/emulated/0/Android/data/.mn_410185822Filesize
130B
MD5f321656a466363e5192773d92000e401
SHA13a6abe9be1a6f4deffaa98fd27f3449c888d3c4a
SHA25653efd5207de6ed80429ec3c7865eed2b64023a0ed66e0fd29e7f45b708a1751c
SHA512fcf6884bf5ce8d10b3a3dd461fad96cb6cf0bc4129e01788de112551230fbc4d8ea6961b04411d1c7816e248437c4560277069d9c544e5450612abc0e2c0171d
-
/storage/emulated/0/Mob/comm/.diFilesize
57B
MD570a42cba408700f9a6c01c7941a8829e
SHA1eab01cc2c0671538795fb0b1146017dc099d0984
SHA256499576707ce2623293166979e59c832be5b8636c64ad39aa63ebcf961910c35f
SHA5128900d4dc8eed0430babbacb72942401bd22ef7fe5430cad90d3ce0c2c53010220d666aa0e2eb1026f3ec81d574c7fa12585b49222a5f15b01637f6ba134fe70c
-
/storage/emulated/0/libs/cn.k3.k3.binFilesize
79B
MD55252230abcaf40d161625ea003e9982c
SHA1a0dea69e5889eafbd3784d7e4a16f0bccb70c357
SHA256151550961c6b07bf5375e956a1dce1d6a65bc929f0d74e24132abbb1af42be0d
SHA5126d3edc5075f70e4c777e0071a066c7e20d8973a814e1ff24e1087a08e8894a0966d49a6033976c3ce18963e08c8f7eb2e0a5cda99addaf9aad5cec8e1c7faade