Analysis
-
max time kernel
66s -
max time network
172s -
platform
android_x64 -
resource
android-x64-20240514-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system -
submitted
23-05-2024 00:21
Static task
static1
Behavioral task
behavioral1
Sample
691fb5babb58e82181b7e7be7dc1d8f2_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
691fb5babb58e82181b7e7be7dc1d8f2_JaffaCakes118.apk
Resource
android-x64-20240514-en
General
-
Target
691fb5babb58e82181b7e7be7dc1d8f2_JaffaCakes118.apk
-
Size
16.4MB
-
MD5
691fb5babb58e82181b7e7be7dc1d8f2
-
SHA1
5909cede2c403fa3b6517ae8103c06f8c9799f8a
-
SHA256
304e454ae504b02dba1bc2cec7131dd8b393820a3590a089df0bbecc03670d4d
-
SHA512
cdbe11f72cd595790a90caa73f59d3586635a41a33a4e89a7f53f843db8f6be115fee91e9cc04e8c84b0d290116ac4d9b1bf0c5d0529e5cd6622dbcf308d37a8
-
SSDEEP
393216:3sYmWs03MzDeayBzgHMkJb6GaT+bHiz1FHqVuPGF5vDNgF48g:3sYmWs5TyZM1OnuCz1FALRrt
Malware Config
Signatures
-
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
-
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
-
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
cn.k3.k3cn.k3.k3:pushservicedescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses cn.k3.k3 Framework service call android.app.IActivityManager.getRunningAppProcesses cn.k3.k3:pushservice -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
cn.k3.k3description ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo cn.k3.k3 -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
Processes:
cn.k3.k3cn.k3.k3:pushservicedescription ioc process Framework service call android.app.IActivityManager.registerReceiver cn.k3.k3 Framework service call android.app.IActivityManager.registerReceiver cn.k3.k3:pushservice -
Checks if the internet connection is available 1 TTPs 2 IoCs
Processes:
cn.k3.k3cn.k3.k3:pushservicedescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo cn.k3.k3 Framework service call android.net.IConnectivityManager.getActiveNetworkInfo cn.k3.k3:pushservice -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
Processes:
cn.k3.k3description ioc process Framework API call android.hardware.SensorManager.registerListener cn.k3.k3 -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
Processes:
cn.k3.k3:pushservicecn.k3.k3description ioc process Framework API call javax.crypto.Cipher.doFinal cn.k3.k3:pushservice Framework API call javax.crypto.Cipher.doFinal cn.k3.k3
Processes
-
cn.k3.k31⤵
- Requests cell location
- Checks CPU information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
-
cn.k3.k3:pushservice1⤵
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/cn.k3.k3/databases/k3.dbFilesize
20KB
MD5f71ad72003befbb5cfc38c657713c99e
SHA190bcbeebf981200a90cab850d746bf7a504fbdd5
SHA2566a4ae3622a3453bae216d9387e448569288f7bcc5ea66a94583957f9b691f40a
SHA512a91ab806e1b28161ee9aa15210c2cce5ac927611ad3400af6871ffbe3fa5cf063ad6947ccba1b2a7fe1e998e144c3f339352d11537fb1ed7e5a45ba48c3d8917
-
/data/data/cn.k3.k3/databases/k3.db-journalFilesize
48KB
MD5a1eb63ac32a0c9baf2457c6a3b314ec3
SHA1c83ebc1391438db145581282bcc266e580b61b65
SHA256643a47eea34d9053044cba4595e0ec29f6326716f5bf62ef5228298b11b44c72
SHA512d1229ec425045d8b98c91d84de89143449e034c1ff2bca4e009d479065d50d8446b6aa24e90b302a44f625e54266da7bcd325b3f1ff81d6630562a7eb9996067
-
/data/data/cn.k3.k3/databases/k3.db-journalFilesize
8KB
MD5f4e35c245e7153d817f65d4d0ed67a7c
SHA1287d36604af4398d8f16dcc67199387d180390c8
SHA25668e257eee7611f136bc6815417062e9ab35a31c8916451958330e6b8499f66b0
SHA512dd0910f92e8f82084b776ca7c7645245ede9050036b57e5896b796ebdc1531cf0d7f421a66aa6e0a136c2e36fbb035d4af58fe01ab71265e74f5156ecfc05bff
-
/data/data/cn.k3.k3/databases/k3.db-journalFilesize
8KB
MD508c9b4527f4bbb7378cfbf7791be619c
SHA1cb0c03216f52e29f2940fe1f391c36e2f2cccac4
SHA256e1b0494e59e6232a7cc5295b0481bfad39d902b70a9368f4638bd6f864697bd6
SHA512ca87dabb15685416325bd05fa2fc35051deea0ea67ece3419847cb1d3e66db3127a9274f1c2f21e712cf1ce22516b1a5c3a2923d4b6957b246602506f68db1fa
-
/data/data/cn.k3.k3/databases/pushsdk.db-journalFilesize
4KB
MD586c9c012f600848d357365bfc6836663
SHA1b32da61586954d673294012eae585acab6f1f9bf
SHA25619f8fc423869fd63ae56ea0cfd0cae447d3b63071f5adc7fe2f32c449dbed324
SHA512ac7119cb44986c6b0b9016984c18291201b9158bec6f340868c05464939c9111020caaa2b7f37845b7e03d31d64955f13043289f2a366f337b46a7c986a4db3c
-
/data/data/cn.k3.k3/databases/pushsdk.db-journalFilesize
8KB
MD5ac6880f561823cae8cb522590a082e2c
SHA141e37bb94dfddbf8b00a858b981b56ce56151a15
SHA256add3c20b03dda15ff4c2bb02076eedb099e0a2089236d632b60dfae63bb8ede5
SHA512d31d37fc5cda2013e58c816f0dab8d739d682c8c3c194b1f914c1615853fd5b75fa9c00408b21b03aab99656cddf325364e3d06deafd2ee711604856270094ca
-
/data/data/cn.k3.k3/databases/pushsdk.db-journalFilesize
8KB
MD533fa0ff029b5083ea43c6a0b67f8e588
SHA1519dee94cbc091800fe7c56c0825820d05da920d
SHA256a569d32d992303d9dca04e6ea8d44f66006533302e1facff0e700f1f995a6ae5
SHA5123ed2c8b48c5b31816b21f01b9c25f3b3459f62db8a35cf70c435029366ef4dce812e07411688d35587fe2fb10f5a76918f84b9081fbf188278009e4d35901f3d
-
/data/data/cn.k3.k3/files/Mob/domain_1Filesize
8KB
MD5f26222646f22320ffa5ff6fb5dbe17b9
SHA17eb544ba63a608142681c1ce8ff45a675418eae8
SHA256bb1d7f333f5fabe04b2950e8a5bb941b6126b630f5ee534550a874d417f6bcf5
SHA5124d736868cebfdab9511a029059fed650b20d41ad877348c5e3b87607645982e4eae3e321f2823fa8f931632ded0fb392ddbebfe8e4f2b766880efba735f76d2d
-
/data/data/cn.k3.k3/files/libcuid.soFilesize
109B
MD5dad06519e75e18bf074cb7e7be825a43
SHA19d1393d8af9f9ac3cc51405e02a90c1ce3dc30c0
SHA2566a4e79f41a3cd873ff9421d61a6a9886f03c0d51b2d1ab45e3d3b34a46b47538
SHA5127c23e93e2e747b7bb8dbb02b23e3ab46d5b39a0e68b73f1c9c17b7f664464b5ea5434c21166ae6eb8fe843130dad266e9b36630d4a86e0753777abed37466e93
-
/storage/emulated/0/libs/cn.k3.k3.binFilesize
79B
MD591caa8d4394d1bec718ab71ea468b094
SHA19f5c50c5019a8cb67e5c0947b101deb6796345f4
SHA256318c14014dc914fed89af61e37aa2a65eefc81f4fc3b207d892f3dc26d7628ce
SHA5125519b15916d6c3a49e09fcba73e7c4b5934810b5175687653c9a86c0c33074a5baf9b751168a08f0b578e550620eb1a466393180904902d10ac79981543d0507