3e9e5e4eefb712fa9f8eccc89123b1232c696c7d43bbbfbe37e262429eaff39b

Analysis

max time kernel
152s
max time network
178s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
24-05-2024 02:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6d0a365fa5822d00ac52aac793dff111_JaffaCakes118.apk
Size

8.4MB
MD5

6d0a365fa5822d00ac52aac793dff111
SHA1

d8c7d060dccd6a4d11c7b1afa2a998ee6ba4c77e
SHA256

3e9e5e4eefb712fa9f8eccc89123b1232c696c7d43bbbfbe37e262429eaff39b
SHA512

d58a78457e6b77b74cb8587e024d4212d2d45224058cd6ad9561536075f58b2857948d5c9b3ed3f1ac03a1c475d56b8de29301e2608d53e8c6af990a055f2b85
SSDEEP

196608:38siY+jl9G6odpg7c9KshRdJngbZlpHDOKb2IcX661f7VXo9wH:38siY+jtodK7cThjxKZOKx6zXomH

Score

8^/10

discovery evasion impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs
evasion

T1426

Processes:

com.kingkr.ktihupi/system/bin/sh -c type su

ioc process

/system/app/Superuser.apk com.kingkr.ktihupi
/sbin/su /system/bin/sh -c type su
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.kingkr.ktihupi

description ioc process

File opened for read /proc/cpuinfo com.kingkr.ktihupi
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.kingkr.ktihupi

description ioc process

File opened for read /proc/meminfo com.kingkr.ktihupi
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

com.kingkr.ktihupi

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.kingkr.ktihupi
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

T1422

Processes:

com.kingkr.ktihupi

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.kingkr.ktihupi
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

com.kingkr.ktihupi

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.kingkr.ktihupi
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.kingkr.ktihupi

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.kingkr.ktihupi
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

T1471

Processes:

com.kingkr.ktihupi

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.kingkr.ktihupi

ioc	process
/system/app/Superuser.apk	com.kingkr.ktihupi
/sbin/su	/system/bin/sh -c type su

description	ioc	process
File opened for read	/proc/cpuinfo	com.kingkr.ktihupi

description	ioc	process
File opened for read	/proc/meminfo	com.kingkr.ktihupi

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.kingkr.ktihupi

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.kingkr.ktihupi

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.kingkr.ktihupi

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.kingkr.ktihupi

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.kingkr.ktihupi

com.kingkr.ktihupi
1⤵
- Checks if the Android device is rooted.
- Checks CPU information
- Checks memory information
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4277

/system/bin/sh -c getprop ro.board.platform
2⤵
PID:4344

getprop ro.board.platform
2⤵
PID:4344

/system/bin/sh -c type su
2⤵
- Checks if the Android device is rooted.
PID:4441

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.kingkr.ktihupi/app_tbs/core_private/debug.conf
Filesize
101B

MD5
8302516293045720c89f9bcef20ffc95

SHA1
e6637f8e4e5a280d03725f89d2d2f30af95209f2

SHA256
275371afbb68afb3c7ba4ac5e0374bcc7fc336f49713163c44e4d1e6b3d4b686

SHA512
9fd78a6b44679dad503799a0364c24505a6b8289676648627340d708d7256680a4a880ccc90a2fc75b7c7e817ab9a7134727b5f83c44754c31b394e31d39b619

Download Submit
/data/data/com.kingkr.ktihupi/cache/image_manager_disk_cache/8e2e87c131782d28f2f870f259cb36c3c2281beb68fdc8428623dd2b35c7e82c.0.tmp
Filesize
7KB

MD5
20e73ca74cd85ebf3e2b56142d9bba44

SHA1
410925a8386bea0116a6f93adaedda6b8754512d

SHA256
0817cc58e4cb3ed5bba9e6d29b42fac1066be24853bdf01eb702ce5636f4e46f

SHA512
0d7632663ba4c7cb35880e9d5f5c786478f720e67aae34f3a6117313f6ecb7d2835f15774685a35b5c5a0a2319b75430ffa08b3b91f3d9809434b31cb9d483ce

Download Submit
/data/data/com.kingkr.ktihupi/cache/image_manager_disk_cache/journal
Filesize
178B

MD5
17892a590d8df274e10500e12ea89ea4

SHA1
d4cdadb2c192efcca9b89c21a1fd320a51585a68

SHA256
7a817f2b3677b302c572a15ba1b7e5210078aa4f4b437fc56ae5f154374c4ce4

SHA512
2c7d1245dd22636ba4dc24d589562f182e460dde36c6287743d8c3ca2773aa5e7274b7963b410f1a65f2b11e95995f03b74627c1bd541fad6a85058b61c549ec

Download Submit
/data/data/com.kingkr.ktihupi/cache/image_manager_disk_cache/journal.tmp
Filesize
31B

MD5
8c92de9ce46d41a22f3b20f77404cc1d

SHA1
8671a6dca00edb72be47363a7071be65cf270373

SHA256
68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

SHA512
30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

Download Submit
/data/data/com.kingkr.ktihupi/databases/bugly_db_
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.kingkr.ktihupi/databases/bugly_db_-journal
Filesize
512B

MD5
13ab35ddd55916349ae9dc3735aa0924

SHA1
cc1aa50bbe0865a75e2847280b831a6a3902fd5c

SHA256
947e8bdd14e5c5f0d0d04f8af225f47966f2fcce5849b8629ce8bb6ae952b70a

SHA512
f60dc401b6e351ab7a0f951dbc9883e33e1cf16372061cfdc92f8ae4a957c99f632810b2932ffd3430bc058af9df581c2babde407f2999c2211f58676b5dd6c3

Download Submit
/data/data/com.kingkr.ktihupi/databases/bugly_db_-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.kingkr.ktihupi/databases/bugly_db_-wal
Filesize
52KB

MD5
414e487aa715cf847adef859ae70e75c

SHA1
a73ae3a8c94b451810338d2fb3f9016ae6ad0627

SHA256
2a819d61e97d35293487afefc143a92661ae6513a68ba7dabfabf021f864c233

SHA512
77679be352ee82615a3644f7f087fede059576a23b75c88c00624ff2b255638aaaf7722065ae969d131b3f33141a2186ed8eb3ee040fe020da57893a6f0aa626

Download Submit
/storage/emulated/0/tencent/tbs/tbslog/tbslog.txt
Filesize
1KB

MD5
2749e40da3325196cd09f76f9c8a4892

SHA1
b11b0971849d54e5f32b0d5ff3c9918a569b4f85

SHA256
0919d27daa53fee76ce6156936d91b90491b000801be4ed1649dc3de1cdb522c

SHA512
2add198f8c6692acbfbeb5171ae0de5090e037131f98c2816e57033ec64dbb0b080a86ff1dae99f8a9418738624ea54fb838eb31805e5cf00839d9ca9702ec36

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads