Analysis
-
max time kernel
152s -
max time network
178s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system -
submitted
24-05-2024 02:16
Static task
static1
Behavioral task
behavioral1
Sample
6d0a365fa5822d00ac52aac793dff111_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
6d0a365fa5822d00ac52aac793dff111_JaffaCakes118.apk
Resource
android-x64-arm64-20240514-en
General
-
Target
6d0a365fa5822d00ac52aac793dff111_JaffaCakes118.apk
-
Size
8.4MB
-
MD5
6d0a365fa5822d00ac52aac793dff111
-
SHA1
d8c7d060dccd6a4d11c7b1afa2a998ee6ba4c77e
-
SHA256
3e9e5e4eefb712fa9f8eccc89123b1232c696c7d43bbbfbe37e262429eaff39b
-
SHA512
d58a78457e6b77b74cb8587e024d4212d2d45224058cd6ad9561536075f58b2857948d5c9b3ed3f1ac03a1c475d56b8de29301e2608d53e8c6af990a055f2b85
-
SSDEEP
196608:38siY+jl9G6odpg7c9KshRdJngbZlpHDOKb2IcX661f7VXo9wH:38siY+jtodK7cThjxKZOKx6zXomH
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
Processes:
com.kingkr.ktihupi/system/bin/sh -c type suioc process /system/app/Superuser.apk com.kingkr.ktihupi /sbin/su /system/bin/sh -c type su -
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
-
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
-
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.kingkr.ktihupidescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.kingkr.ktihupi -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
com.kingkr.ktihupidescription ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.kingkr.ktihupi -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.kingkr.ktihupidescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.kingkr.ktihupi -
Checks if the internet connection is available 1 TTPs 1 IoCs
Processes:
com.kingkr.ktihupidescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.kingkr.ktihupi -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.kingkr.ktihupidescription ioc process Framework API call javax.crypto.Cipher.doFinal com.kingkr.ktihupi
Processes
-
com.kingkr.ktihupi1⤵
- Checks if the Android device is rooted.
- Checks CPU information
- Checks memory information
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
-
/system/bin/sh -c getprop ro.board.platform2⤵
-
getprop ro.board.platform2⤵
-
/system/bin/sh -c type su2⤵
- Checks if the Android device is rooted.
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.kingkr.ktihupi/app_tbs/core_private/debug.confFilesize
101B
MD58302516293045720c89f9bcef20ffc95
SHA1e6637f8e4e5a280d03725f89d2d2f30af95209f2
SHA256275371afbb68afb3c7ba4ac5e0374bcc7fc336f49713163c44e4d1e6b3d4b686
SHA5129fd78a6b44679dad503799a0364c24505a6b8289676648627340d708d7256680a4a880ccc90a2fc75b7c7e817ab9a7134727b5f83c44754c31b394e31d39b619
-
/data/data/com.kingkr.ktihupi/cache/image_manager_disk_cache/8e2e87c131782d28f2f870f259cb36c3c2281beb68fdc8428623dd2b35c7e82c.0.tmpFilesize
7KB
MD520e73ca74cd85ebf3e2b56142d9bba44
SHA1410925a8386bea0116a6f93adaedda6b8754512d
SHA2560817cc58e4cb3ed5bba9e6d29b42fac1066be24853bdf01eb702ce5636f4e46f
SHA5120d7632663ba4c7cb35880e9d5f5c786478f720e67aae34f3a6117313f6ecb7d2835f15774685a35b5c5a0a2319b75430ffa08b3b91f3d9809434b31cb9d483ce
-
/data/data/com.kingkr.ktihupi/cache/image_manager_disk_cache/journalFilesize
178B
MD517892a590d8df274e10500e12ea89ea4
SHA1d4cdadb2c192efcca9b89c21a1fd320a51585a68
SHA2567a817f2b3677b302c572a15ba1b7e5210078aa4f4b437fc56ae5f154374c4ce4
SHA5122c7d1245dd22636ba4dc24d589562f182e460dde36c6287743d8c3ca2773aa5e7274b7963b410f1a65f2b11e95995f03b74627c1bd541fad6a85058b61c549ec
-
/data/data/com.kingkr.ktihupi/cache/image_manager_disk_cache/journal.tmpFilesize
31B
MD58c92de9ce46d41a22f3b20f77404cc1d
SHA18671a6dca00edb72be47363a7071be65cf270373
SHA25668bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA51230f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56
-
/data/data/com.kingkr.ktihupi/databases/bugly_db_Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
/data/data/com.kingkr.ktihupi/databases/bugly_db_-journalFilesize
512B
MD513ab35ddd55916349ae9dc3735aa0924
SHA1cc1aa50bbe0865a75e2847280b831a6a3902fd5c
SHA256947e8bdd14e5c5f0d0d04f8af225f47966f2fcce5849b8629ce8bb6ae952b70a
SHA512f60dc401b6e351ab7a0f951dbc9883e33e1cf16372061cfdc92f8ae4a957c99f632810b2932ffd3430bc058af9df581c2babde407f2999c2211f58676b5dd6c3
-
/data/data/com.kingkr.ktihupi/databases/bugly_db_-shmFilesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
/data/data/com.kingkr.ktihupi/databases/bugly_db_-walFilesize
52KB
MD5414e487aa715cf847adef859ae70e75c
SHA1a73ae3a8c94b451810338d2fb3f9016ae6ad0627
SHA2562a819d61e97d35293487afefc143a92661ae6513a68ba7dabfabf021f864c233
SHA51277679be352ee82615a3644f7f087fede059576a23b75c88c00624ff2b255638aaaf7722065ae969d131b3f33141a2186ed8eb3ee040fe020da57893a6f0aa626
-
/storage/emulated/0/tencent/tbs/tbslog/tbslog.txtFilesize
1KB
MD52749e40da3325196cd09f76f9c8a4892
SHA1b11b0971849d54e5f32b0d5ff3c9918a569b4f85
SHA2560919d27daa53fee76ce6156936d91b90491b000801be4ed1649dc3de1cdb522c
SHA5122add198f8c6692acbfbeb5171ae0de5090e037131f98c2816e57033ec64dbb0b080a86ff1dae99f8a9418738624ea54fb838eb31805e5cf00839d9ca9702ec36