Analysis
-
max time kernel
161s -
max time network
186s -
platform
android_x64 -
resource
android-x64-arm64-20240514-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system -
submitted
24-05-2024 02:16
Static task
static1
Behavioral task
behavioral1
Sample
6d0a365fa5822d00ac52aac793dff111_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
6d0a365fa5822d00ac52aac793dff111_JaffaCakes118.apk
Resource
android-x64-arm64-20240514-en
General
-
Target
6d0a365fa5822d00ac52aac793dff111_JaffaCakes118.apk
-
Size
8.4MB
-
MD5
6d0a365fa5822d00ac52aac793dff111
-
SHA1
d8c7d060dccd6a4d11c7b1afa2a998ee6ba4c77e
-
SHA256
3e9e5e4eefb712fa9f8eccc89123b1232c696c7d43bbbfbe37e262429eaff39b
-
SHA512
d58a78457e6b77b74cb8587e024d4212d2d45224058cd6ad9561536075f58b2857948d5c9b3ed3f1ac03a1c475d56b8de29301e2608d53e8c6af990a055f2b85
-
SSDEEP
196608:38siY+jl9G6odpg7c9KshRdJngbZlpHDOKb2IcX661f7VXo9wH:38siY+jtodK7cThjxKZOKx6zXomH
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 1 IoCs
-
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
-
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.kingkr.ktihupidescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.kingkr.ktihupi -
Checks if the internet connection is available 1 TTPs 1 IoCs
Processes:
com.kingkr.ktihupidescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.kingkr.ktihupi -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.kingkr.ktihupidescription ioc process Framework API call javax.crypto.Cipher.doFinal com.kingkr.ktihupi
Processes
-
com.kingkr.ktihupi1⤵
- Checks if the Android device is rooted.
- Checks CPU information
- Checks memory information
- Obtains sensitive information copied to the device clipboard
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/user/0/com.kingkr.ktihupi/app_tbs/core_private/debug.confFilesize
101B
MD5dc0c6bed4e2b65d3191577c95488d1e5
SHA19a8414e7fd544275f07cd65abeca12c5301933a5
SHA256d1ac3f1fecbe65e092dd65d8aad29900bd5b098074bc942e3eb2cd7c4992c71a
SHA512b0f895f308a6d5ccce61688a57a7dad97e325d2ec13a08a9a325887bad65551f7ac387335901d602a833187a8375b608ea30c4e578d3a806d6f70a28c0a3bcd4
-
/data/user/0/com.kingkr.ktihupi/cache/image_manager_disk_cache/8e2e87c131782d28f2f870f259cb36c3c2281beb68fdc8428623dd2b35c7e82c.0.tmpFilesize
7KB
MD520e73ca74cd85ebf3e2b56142d9bba44
SHA1410925a8386bea0116a6f93adaedda6b8754512d
SHA2560817cc58e4cb3ed5bba9e6d29b42fac1066be24853bdf01eb702ce5636f4e46f
SHA5120d7632663ba4c7cb35880e9d5f5c786478f720e67aae34f3a6117313f6ecb7d2835f15774685a35b5c5a0a2319b75430ffa08b3b91f3d9809434b31cb9d483ce
-
/data/user/0/com.kingkr.ktihupi/cache/image_manager_disk_cache/journalFilesize
178B
MD517892a590d8df274e10500e12ea89ea4
SHA1d4cdadb2c192efcca9b89c21a1fd320a51585a68
SHA2567a817f2b3677b302c572a15ba1b7e5210078aa4f4b437fc56ae5f154374c4ce4
SHA5122c7d1245dd22636ba4dc24d589562f182e460dde36c6287743d8c3ca2773aa5e7274b7963b410f1a65f2b11e95995f03b74627c1bd541fad6a85058b61c549ec
-
/data/user/0/com.kingkr.ktihupi/cache/image_manager_disk_cache/journal.tmpFilesize
31B
MD58c92de9ce46d41a22f3b20f77404cc1d
SHA18671a6dca00edb72be47363a7071be65cf270373
SHA25668bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA51230f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56
-
/data/user/0/com.kingkr.ktihupi/databases/bugly_db_Filesize
32KB
MD5a5917db17003768733f8e91aaa1acca3
SHA1da9130407ed592014afa414ad78ac7e1eaeb02f2
SHA25634a16c2b404dd64437f807cf1c9dc80345c8792e009ede28b7322b16b65caf30
SHA5129cbfbecce14b12ef4527e3f106b9b44ac7d2ddedc8f9a79102373ddd0f4ac48fb6c3c8cfd44d44a77dfdb02d4cbf0d7ce1dd3d63ad14179d4ea8291eb92a0db3
-
/data/user/0/com.kingkr.ktihupi/databases/bugly_db_-journalFilesize
8KB
MD523d2bc8bbb33172605b9474ad55fe010
SHA1ec1dc5d5ca72f685839ed220cb8c39ffa75c1fd4
SHA2563f767043ca634d1a738912b3a0784b5dbb61495590f1ae3eadc46db4e61371fe
SHA512968b2b96b0f55285ac8b1bf90e178ec8a3309de07af37d93095736faa05d951e520c971af6e2d21477719ea33f89899b0707e7187bd90a64ff9d2bcf29cfed59
-
/data/user/0/com.kingkr.ktihupi/databases/bugly_db_-journalFilesize
512B
MD5fd0e84f446501880bd97cd114b701010
SHA1b645497ac5324e8ba3f9274da9e33727f9cdd070
SHA2568bfb88d9bda94cf16c7af9fb0f02a12a31f961b12e58163f067473d2f40ec7dd
SHA512b936e5f720271785c1e9c5674c59fe2be5b55179611d53050c345ef0bd92fc0e63c90dadd623f7ea708815bcfed90a71f6b01546e42e92e83e3b93f74b7cd477
-
/data/user/0/com.kingkr.ktihupi/databases/bugly_db_-journalFilesize
8KB
MD5d4c4fd3eb1d766577f22139027530a9c
SHA13f9776a92ea0573e9190b608bcd1bd9b0a0f3d24
SHA2561d1a1e42550190028a38278ab6b0f3cc0c3cccfba9c94ddfb57ff70534d09fc3
SHA512df248900ab42032ecab09aa56c9f56d7f31cfd7c7e39b00115d37d3ad516a31a5d4a5a406839d1c701a657618d8280e7794ff1618ddc23433d76f16a2dcffcd4
-
/data/user/0/com.kingkr.ktihupi/databases/bugly_db_-journalFilesize
8KB
MD502f98a07eea47f3b1bd91b6919b110e2
SHA10a25ea0e4a58325e91561bdee8b0c4ab42d4df67
SHA25647cc94666b3b51938e4bcaa7cf768b7652a03c823cea31c33ddf39684550d244
SHA5124f5eae7ef34f1805ce499bf8f854226fbe98f150344b5b75870dee5387f9d80cb6c8343d5994472050fff26a51793729e748ae1499a405e9b59a28c1a282b525
-
/data/user/0/com.kingkr.ktihupi/databases/bugly_db_-journalFilesize
8KB
MD5f13887fc8030bd4a242a7c4a9101dec5
SHA1e98bbaa5b7a0d3c8f99aba57ca40d0618eb986b9
SHA2566496a7cec2a9ccd5e715fc6ef35a6db65d6f2de179680bd1cedd9112331976ec
SHA51254b7308d1573cb4bd62d668414051421f0e46c557f9a2009a51c4d936ff1dcccb13ad8cf5c26cf6f0c8c2754282cb71e253ea597f905f9820fd84d7e05db2ac4
-
/storage/emulated/0/tencent/tbs/tbslog/tbslog.txtFilesize
1KB
MD5a0d66f6166390f267489d0b3dcf5054f
SHA1e99821dea09ffa1971f18f65121bac25a535eab1
SHA2567b593ede4aed2c640b4b650f2a984036bb43fc93c7b89dea7b1986f6f1a17c02
SHA5124fb25fbc794091a40d6b27c2ed06b905d581da9cac746b9c94e55cf5f573e6fd3ba96bb7150caf823b7e265944a0ddad503d08e029c74a942eafe32b31188555