a3652077eb49ef8d995d11af1960fa4764e6c1e0210609706ad0b2ec6c3fe4be

Analysis

max time kernel
179s
max time network
149s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
24-05-2024 18:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6f6230d958943b2e9e38c6db2fbb744c_JaffaCakes118.apk
Size

13.2MB
MD5

6f6230d958943b2e9e38c6db2fbb744c
SHA1

beea9d7157bf814213c52cbd3d126ff906b0b550
SHA256

a3652077eb49ef8d995d11af1960fa4764e6c1e0210609706ad0b2ec6c3fe4be
SHA512

3717b21f42920bcc969cf29f8c8fb67785371c8158143a87ec6a3159b729bda32b2d67922475a68e17edfcc35690c94750fc562e6c7a383ec0fe4a13999814e5
SSDEEP

393216:zJvlJhEEUjs7lwAn9aR01eL1lKOoRP//LbzmH:BlJhEE9Tn951ehlKOAP//HyH

Score

7^/10

discovery evasion

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.kuangsu.ksfcmod

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.kuangsu.ksfcmod/files/data.jar	4269	com.kuangsu.ksfcmod

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.kuangsu.ksfcmod

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.kuangsu.ksfcmod

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.kuangsu.ksfcmod

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

flow	ioc
6	alog.umeng.com

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs

evasion

User Evasion

T1628.002

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.kuangsu.ksfcmod

com.kuangsu.ksfcmod
1⤵
- Checks CPU information
- Loads dropped Dex/Jar
- Queries information about the current Wi-Fi connection
- Acquires the wake lock
- Checks if the internet connection is available
- Listens for changes in the sensor environment (might be used to detect emulation)
PID:4269

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Hide Artifacts

T1628

User Evasion

T1628.002

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.kuangsu.ksfcmod/databases/license_data.db

Filesize
32KB

MD5
ca2bcc7a502ebe854deae37d6952b481

SHA1
29d9cacf79b5eaea6db50402bdb19fd17454ad1f

SHA256
b8c2639c6e290d8880b1ecc74cd61838439860efa104c9d68c578d8fa3da85d2

SHA512
0a6b1cb290da5bfc7641cf4df4df4a6b332f0cfc9db45a8bfe36379c8dbfb06ed6267792ef397be193d601e472b8607f441035e9a05b85546b626b90346443f5

Download Submit
/data/data/com.kuangsu.ksfcmod/databases/license_data.db-journal

Filesize
512B

MD5
26c61a5fcbc05e5c0e9831159b773fc8

SHA1
6b43a8bbb678d3b8739170608505d384d699ca35

SHA256
648cdb08fbfd364dbb87a773b6716a5352636e6b0ab5b22e1b62bfb221c905b4

SHA512
7207dbe067f6bf74be7d8b90124ab68bccd0e1b401fb41d319eb34a7b06ef32191a8c7304e781ad2efe499d6a6572a9a7025b93b1dfcbe1ea17a716e50ac3adc

Download Submit
/data/data/com.kuangsu.ksfcmod/databases/license_data.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.kuangsu.ksfcmod/databases/license_data.db-wal

Filesize
44KB

MD5
55cccf1d1145b9ef1fe0f7d948c89e4c

SHA1
d9a5dba2a5d58cdd462d222a7a906ec075c3037c

SHA256
28c5e9445b5e9d8042e20d1da82aae267c5e77fb004d9b728ecc773195e710ad

SHA512
ae969960d4e0b16d3ac2af5eb7ef478ccbd8b5951f8b41d4a6104eb95b5e612a84efe5caf1fd37f658010ad7360038efccf9bb3b710a5e538ab7ea36f981c525

Download Submit
/data/data/com.kuangsu.ksfcmod/files/.um/um_cache_1716573967812.env

Filesize
609B

MD5
2eb39f920e78d21599cfe2c18e7b71b5

SHA1
4eb7340bc8499b731a82683197d0edf4aee963f7

SHA256
b30561cb4948edabf7bf02f934e07961a517e3544dd83f8c28ee5c132e804b22

SHA512
22f04aaca2b3495c013e42d80918a4cc677e5366b34b9ed85bbdeee3ae6eaef30b8f13e3f2a67153747ce8bce786d39cbc53b9e9eb36739f115990e2f4e97c1b

Download Submit
/data/data/com.kuangsu.ksfcmod/files/data.jar

Filesize
97KB

MD5
43aa6e671437df7e21ada10b9ca9c76e

SHA1
21603addc58ee1aacd36fc5a065a6c28d8348957

SHA256
bfb16339a70adf336c93d4eff1854ce69ec2f23e8473743721bb83e6c2816bc4

SHA512
42e9caa35a717e4522bc4f2c69db219762338d66ae68d3b413e1c369952e9d05e5651d9b7c52e13f4beccb597c909c4d71884ec8cdb36323094cbeada9cf05e6

Download Submit
/data/data/com.kuangsu.ksfcmod/files/iapSplash.dat

Filesize
3B

MD5
c6f057b86584942e415435ffb1fa93d4

SHA1
8aefb06c426e07a0a671a1e2488b4858d694a730

SHA256
2ac9a6746aca543af8dff39894cfe8173afba21eb01c6fae33d52947222855ef

SHA512
bdc247a1a0e28a586ed40744d281993d519abe981aaef33277d4877d167e1150816e9723d068a59509991ed0cdd8c5cea0f9ecd0ef23664db7cb85db5a0dbe12

Download Submit
/data/data/com.kuangsu.ksfcmod/files/oat/data.jar.cur.prof

Filesize
300B

MD5
ae2658c0d69bcbf5ab11bba9c723f1f5

SHA1
bd5a78425dcf9ce3bfe6ff34deae00adf40a00e9

SHA256
659064bdd65f5bd77f51c5e33c02001506fabde6d1348215bba7e81f56b17274

SHA512
f90ffb5587288ede5f39fa05ccece93b50baa3e4226c174798b20333d109ffb4d8f8aed672a864e0e1e0015e97a343dbe25aa7be17556421ffcb9e2edf9a7bab

Download Submit
/data/data/com.kuangsu.ksfcmod/files/pay.data

Filesize
97KB

MD5
b3318d0f9efefa37d789745f55ec3b6a

SHA1
62794c6e107c5d6bd248fd1c883a5ab02da2d7df

SHA256
62e0bdbf50e5684c6ebf48c10491b662f1662d26c9594e852c34849bcaec856a

SHA512
bbbb19ed4c7f427e1399c2d18a4e104812514feea1bbdcda927c593e9d9d987a72051e133c94fe4c3d15d24716299dae53f172eb32b02c79f0d3c885fe748f1d

Download Submit
/data/data/com.kuangsu.ksfcmod/files/umeng_it.cache

Filesize
310B

MD5
7f073eea8b1482fb7ec178ff899bf3d0

SHA1
03622789b9e67981073c5fb104740684bbc59eeb

SHA256
552cb80ff6789d2ae9acbf05c3eaef54ed6d7bae1f8f134374ea1efadc24da4a

SHA512
3661ea61412d3b1295702cb8e4d51031d4a241b4d444adfaa3deabc6488f50317cd4eda88520e879c215fe516e6e1adf16d92e03710b3931613a6ce145e60bd5

Download Submit
/data/user/0/com.kuangsu.ksfcmod/files/data.jar

Filesize
238KB

MD5
1cc8518346734dd6224a76390abdcc47

SHA1
6b008b0bfaeb1f96b7e146cf90e6d5cdea251405

SHA256
f57bd8ca4cd7c881b8c304dad6e2530613bb287296888f5ffe1bdd39ad1d4f1d

SHA512
7c824d52c4ef673f437811315d2e2aab4fa9c84050a5814cba780eeca21ed2a82759e88d9bd36f9a402a53f64188ada8c78718d26919f14a8954624e9e939248

Download Submit
/storage/emulated/0/InAppBillingLibrary/log

Filesize
89B

MD5
e89f7cdf1a48c61afa4d11235350a7ee

SHA1
0eb1b05cd82ad06014764c10fc00f2f4c5dbc448

SHA256
56a2bf62c0314b8a0b2d9fc7013143d759304cafa9d8d8374753d6451b6234d5

SHA512
e2122d9dd5e1b92f8553f949a65c117625341b98ab1cfda73ca7351ebd591a3d07dfd52567a978748a4cca883c9e9d9d09316ea9032106e28d269f3d2a7dd349

Download Submit
/storage/emulated/0/InAppBillingLibrary/log

Filesize
82B

MD5
fdc401d14bd379b29e26c5193edf05a4

SHA1
3c8c12f28ccaebd95fb43d2252e03b103ba6823f

SHA256
747c61bb13dbb96a06376bb81df90ff45557e24836e71722d629ac96758add94

SHA512
027238b130f1c8d9d3dadf0002e5b62a2fe31bcc35c2d1c4ac6f0ba9f07c4c28d8c1d9dc6ab8f5cd9dcbe6193c4e2b205d791ed01c2219620a29a9700ae4851a

Download Submit
/storage/emulated/0/InAppBillingLibrary/log

Filesize
79B

MD5
7a1c3d6c425e111686cf742a22b608e7

SHA1
c8096dadd0b3e84900fb92c07db6ebf7fa4bf298

SHA256
a8c13768052f71912f9e7f1d957056fa94a1aaa9873700a9c94aaa66a979eee8

SHA512
a2021b5335debbf5b5dbc4a772bd63d7b32b7282e9ecff50be784a4cd5521a4b34d4dc91b5c8a4fc8fbe74a1a92479830d50007becb8a564cb4a328641fb6f5a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads