3e9e5e4eefb712fa9f8eccc89123b1232c696c7d43bbbfbe37e262429eaff39b

Analysis

max time kernel
161s
max time network
186s
platform
android_x64
resource
android-x64-arm64-20240514-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
submitted
24-05-2024 02:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6d0a365fa5822d00ac52aac793dff111_JaffaCakes118.apk
Size

8.4MB
MD5

6d0a365fa5822d00ac52aac793dff111
SHA1

d8c7d060dccd6a4d11c7b1afa2a998ee6ba4c77e
SHA256

3e9e5e4eefb712fa9f8eccc89123b1232c696c7d43bbbfbe37e262429eaff39b
SHA512

d58a78457e6b77b74cb8587e024d4212d2d45224058cd6ad9561536075f58b2857948d5c9b3ed3f1ac03a1c475d56b8de29301e2608d53e8c6af990a055f2b85
SSDEEP

196608:38siY+jl9G6odpg7c9KshRdJngbZlpHDOKb2IcX661f7VXo9wH:38siY+jtodK7cThjxKZOKx6zXomH

Score

8^/10

collection credential_access discovery evasion impact

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 1 IoCs
evasion

T1426

Processes:

com.kingkr.ktihupi

ioc process

/system/app/Superuser.apk com.kingkr.ktihupi
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.kingkr.ktihupi

description ioc process

File opened for read /proc/cpuinfo com.kingkr.ktihupi
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.kingkr.ktihupi

description ioc process

File opened for read /proc/meminfo com.kingkr.ktihupi
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
collection credential_access impact

T1414

T1641.001

Processes:

com.kingkr.ktihupi

description ioc process

Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.kingkr.ktihupi
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

com.kingkr.ktihupi

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.kingkr.ktihupi
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.kingkr.ktihupi

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.kingkr.ktihupi
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

T1471

Processes:

com.kingkr.ktihupi

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.kingkr.ktihupi

ioc	process
/system/app/Superuser.apk	com.kingkr.ktihupi

description	ioc	process
File opened for read	/proc/cpuinfo	com.kingkr.ktihupi

description	ioc	process
File opened for read	/proc/meminfo	com.kingkr.ktihupi

description	ioc	process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.kingkr.ktihupi

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.kingkr.ktihupi

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.kingkr.ktihupi

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.kingkr.ktihupi

com.kingkr.ktihupi
1⤵
- Checks if the Android device is rooted.
- Checks CPU information
- Checks memory information
- Obtains sensitive information copied to the device clipboard
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4523

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.kingkr.ktihupi/app_tbs/core_private/debug.conf
Filesize
101B

MD5
dc0c6bed4e2b65d3191577c95488d1e5

SHA1
9a8414e7fd544275f07cd65abeca12c5301933a5

SHA256
d1ac3f1fecbe65e092dd65d8aad29900bd5b098074bc942e3eb2cd7c4992c71a

SHA512
b0f895f308a6d5ccce61688a57a7dad97e325d2ec13a08a9a325887bad65551f7ac387335901d602a833187a8375b608ea30c4e578d3a806d6f70a28c0a3bcd4

Download Submit
/data/user/0/com.kingkr.ktihupi/cache/image_manager_disk_cache/8e2e87c131782d28f2f870f259cb36c3c2281beb68fdc8428623dd2b35c7e82c.0.tmp
Filesize
7KB

MD5
20e73ca74cd85ebf3e2b56142d9bba44

SHA1
410925a8386bea0116a6f93adaedda6b8754512d

SHA256
0817cc58e4cb3ed5bba9e6d29b42fac1066be24853bdf01eb702ce5636f4e46f

SHA512
0d7632663ba4c7cb35880e9d5f5c786478f720e67aae34f3a6117313f6ecb7d2835f15774685a35b5c5a0a2319b75430ffa08b3b91f3d9809434b31cb9d483ce

Download Submit
/data/user/0/com.kingkr.ktihupi/cache/image_manager_disk_cache/journal
Filesize
178B

MD5
17892a590d8df274e10500e12ea89ea4

SHA1
d4cdadb2c192efcca9b89c21a1fd320a51585a68

SHA256
7a817f2b3677b302c572a15ba1b7e5210078aa4f4b437fc56ae5f154374c4ce4

SHA512
2c7d1245dd22636ba4dc24d589562f182e460dde36c6287743d8c3ca2773aa5e7274b7963b410f1a65f2b11e95995f03b74627c1bd541fad6a85058b61c549ec

Download Submit
/data/user/0/com.kingkr.ktihupi/cache/image_manager_disk_cache/journal.tmp
Filesize
31B

MD5
8c92de9ce46d41a22f3b20f77404cc1d

SHA1
8671a6dca00edb72be47363a7071be65cf270373

SHA256
68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

SHA512
30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

Download Submit
/data/user/0/com.kingkr.ktihupi/databases/bugly_db_
Filesize
32KB

MD5
a5917db17003768733f8e91aaa1acca3

SHA1
da9130407ed592014afa414ad78ac7e1eaeb02f2

SHA256
34a16c2b404dd64437f807cf1c9dc80345c8792e009ede28b7322b16b65caf30

SHA512
9cbfbecce14b12ef4527e3f106b9b44ac7d2ddedc8f9a79102373ddd0f4ac48fb6c3c8cfd44d44a77dfdb02d4cbf0d7ce1dd3d63ad14179d4ea8291eb92a0db3

Download Submit
/data/user/0/com.kingkr.ktihupi/databases/bugly_db_-journal
Filesize
8KB

MD5
23d2bc8bbb33172605b9474ad55fe010

SHA1
ec1dc5d5ca72f685839ed220cb8c39ffa75c1fd4

SHA256
3f767043ca634d1a738912b3a0784b5dbb61495590f1ae3eadc46db4e61371fe

SHA512
968b2b96b0f55285ac8b1bf90e178ec8a3309de07af37d93095736faa05d951e520c971af6e2d21477719ea33f89899b0707e7187bd90a64ff9d2bcf29cfed59

Download Submit
/data/user/0/com.kingkr.ktihupi/databases/bugly_db_-journal
Filesize
512B

MD5
fd0e84f446501880bd97cd114b701010

SHA1
b645497ac5324e8ba3f9274da9e33727f9cdd070

SHA256
8bfb88d9bda94cf16c7af9fb0f02a12a31f961b12e58163f067473d2f40ec7dd

SHA512
b936e5f720271785c1e9c5674c59fe2be5b55179611d53050c345ef0bd92fc0e63c90dadd623f7ea708815bcfed90a71f6b01546e42e92e83e3b93f74b7cd477

Download Submit
/data/user/0/com.kingkr.ktihupi/databases/bugly_db_-journal
Filesize
8KB

MD5
d4c4fd3eb1d766577f22139027530a9c

SHA1
3f9776a92ea0573e9190b608bcd1bd9b0a0f3d24

SHA256
1d1a1e42550190028a38278ab6b0f3cc0c3cccfba9c94ddfb57ff70534d09fc3

SHA512
df248900ab42032ecab09aa56c9f56d7f31cfd7c7e39b00115d37d3ad516a31a5d4a5a406839d1c701a657618d8280e7794ff1618ddc23433d76f16a2dcffcd4

Download Submit
/data/user/0/com.kingkr.ktihupi/databases/bugly_db_-journal
Filesize
8KB

MD5
02f98a07eea47f3b1bd91b6919b110e2

SHA1
0a25ea0e4a58325e91561bdee8b0c4ab42d4df67

SHA256
47cc94666b3b51938e4bcaa7cf768b7652a03c823cea31c33ddf39684550d244

SHA512
4f5eae7ef34f1805ce499bf8f854226fbe98f150344b5b75870dee5387f9d80cb6c8343d5994472050fff26a51793729e748ae1499a405e9b59a28c1a282b525

Download Submit
/data/user/0/com.kingkr.ktihupi/databases/bugly_db_-journal
Filesize
8KB

MD5
f13887fc8030bd4a242a7c4a9101dec5

SHA1
e98bbaa5b7a0d3c8f99aba57ca40d0618eb986b9

SHA256
6496a7cec2a9ccd5e715fc6ef35a6db65d6f2de179680bd1cedd9112331976ec

SHA512
54b7308d1573cb4bd62d668414051421f0e46c557f9a2009a51c4d936ff1dcccb13ad8cf5c26cf6f0c8c2754282cb71e253ea597f905f9820fd84d7e05db2ac4

Download Submit
/storage/emulated/0/tencent/tbs/tbslog/tbslog.txt
Filesize
1KB

MD5
a0d66f6166390f267489d0b3dcf5054f

SHA1
e99821dea09ffa1971f18f65121bac25a535eab1

SHA256
7b593ede4aed2c640b4b650f2a984036bb43fc93c7b89dea7b1986f6f1a17c02

SHA512
4fb25fbc794091a40d6b27c2ed06b905d581da9cac746b9c94e55cf5f573e6fd3ba96bb7150caf823b7e265944a0ddad503d08e029c74a942eafe32b31188555

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads