81b7004621fdea626b1e3ddaca0a25d9e1dc3e27c71230cab1aad261cee9c099

Analysis

max time kernel
124s
max time network
129s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
27/05/2024, 06:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

KingUser.apk
Size

724KB
MD5

026d6c196f1094dc16c77626d9cf1df3
SHA1

088e23bcdd74c40847d710d2dccb8e54dec6ef39
SHA256

d59d74cfc89a9f5c0027aaa43d05f8a80c1fa2057b17dc0c3b6ecafadd8ca4c0
SHA512

618d6a69ab76373e317da972c420168e7a7001c9b0dd195f6f2078343ee2c7ea8139d4e293d7497bf4737e9d9354a5215478fe3ea5089086b5e3ee54e2df6b62
SSDEEP

12288:sHzN6DvaGYBYUcrYYFA6O2Ng3l6O+tRVrFoOz5nQ4TeG9kpGhHbgEFsUC1/jDp:sTtYUcFFADqg3l6RRVywa4SSeGhHluUa

Score

7^/10

discovery impact

Malware Config

Signatures

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.kingroot.kinguser

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.kingroot.kinguser

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.kingroot.kinguser

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.kingroot.kinguser

com.kingroot.kinguser
1⤵
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4261
- sh
  2⤵
  PID:4332
- - chmod 0771 /data/user/0/com.kingroot.kinguser/applib
    3⤵
    PID:4353

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1424

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.kingroot.kinguser/applib/libNativeRQD.so

Filesize
69KB

MD5
63c832207eb51ab05a71f2546279ff4e

SHA1
008ecb333fbfca079673aba627a12cd9b7eda220

SHA256
b3b833f5f3843b49a7291e59e8a92fcc39b87ccebb157a397011b206d4001e74

SHA512
3bfe5b50f930f101855d19daae305cf2c026569d48e655816ce80a0d8c3e7aa1eef0d93b7f39866abad21ea11c00b25bc387eea1373099183c2679c556d8612a

Download Submit
/data/data/com.kingroot.kinguser/databases/eup_db

Filesize
44KB

MD5
ea25a44c5f7c3d2763b0cec8ea033906

SHA1
d4fd1e205f7ea89a879d8ac5bd8b0251da78f8a3

SHA256
f0319d89aea03a0cc6295b5a43c784cc4f91954e141c520c2b9e8070f9171837

SHA512
8f13640208499d841e6c0007909d2bab4f14e33ba20cc6e6440c429a7245bf352cc3fe9bd0538033668348415fbc20c9807fcee7201dba48e1070f56ab859cdd

Download Submit
/data/data/com.kingroot.kinguser/databases/eup_db

Filesize
16KB

MD5
1d789f8ac122b10b82b3470cce66e005

SHA1
0fbaff1ed3f5a22732124f0375e2e16e5696b0a5

SHA256
0a40f377cc050aeeb7245b099fbb963bd25386e44181f69f0fb3cb88ea13bdf8

SHA512
48ffd6ce84d71ce2a8a8f203981b3326f95962fd7540ba66e32f5d911390307469511577515781ab63db251f7b6ee75bf26d6ec30a37e20580ef1c7942c240f2

Download Submit
/data/data/com.kingroot.kinguser/databases/eup_db

Filesize
16KB

MD5
ba471630ff59fdf0618fe13a73a75d2f

SHA1
56a39f6a9a5e1695f7618642549cfb98db94c310

SHA256
b9b9b4f36ed0bc847a9cf5ca8a08a5a200629aafeee2e8d712ac168c74d8ce27

SHA512
37f3bfaf137433feabdc1722551a5369adf19256988d4bfb8c9cc3b9388e0c64ed8d5094d2c89800abc98d02530c1fd6a45d092a15ef83aff27f057149448be2

Download Submit
/data/data/com.kingroot.kinguser/databases/eup_db

Filesize
16KB

MD5
b169a2392613378052f1e77489fd81ae

SHA1
20c156bf27e6f2697855ae199bf5e61994c9207f

SHA256
19041e1e8d0217030912a7e1c581cd8e6e13cd249e55e880ff323e865e7ab192

SHA512
9ec7807b0e465272272bc8b191c51be3699dfb67b907c243cee56c54a27611c6ee14f7acb170877ec89ab649bdaba5c635788c27b7da88f7a974e300c99c5e6e

Download Submit
/data/data/com.kingroot.kinguser/databases/eup_db

Filesize
36KB

MD5
52fd00c65e93889bc8fe9a3b1f00ddc5

SHA1
bca5fd1d6717dc79c7f70caa538b121bce7b954b

SHA256
4497a5965989397c168f0b01039a0d8e71726f5c0ec3908cccd3d713f023371a

SHA512
c9b95aa549ac521f860aeed77f257b36e61673efae0ed7bc742e60becdcb2073bc795f2f89209c5a60d91bcc5486733f14743e44a5ef72692627e32103f8a509

Download Submit
/data/data/com.kingroot.kinguser/databases/eup_db-journal

Filesize
512B

MD5
34eda5ae9ae3b6b984a1991390ccbc79

SHA1
c22ee3d726ab48a1aececff8a86c07e5b42d18b6

SHA256
6a3a2b2ce2acefb6709a057be3d13b39efd2ea862d9624612636e9b0eb2233ef

SHA512
4dd7a11f281b6c5d04469807c7dbead3af585a6a7e7b9c412e8d1574074b54f8ed7d27bbc66b61849dbee291c40a1bc6074b82665477fd827bdae168e7d57ede

Download Submit
/data/data/com.kingroot.kinguser/databases/eup_db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.kingroot.kinguser/databases/eup_db-wal

Filesize
8KB

MD5
4684c2948804e6d6ea3489ebd634f953

SHA1
6df0cfbe314f5ebb3a4054208cdf565b06051d89

SHA256
3e21f7bd5eaeed9a1372ebfa6d33a08a4c7bc8605b7681f4f57d4fce3da8800b

SHA512
343d0d2ecc7ef7d834234bc8e4dc6c30a58653beb902493804b6bde045296b6155bd86d36976f39bfe6aa18126a23f1211d0ddcee28cd29da86d9a72475f2195

Download Submit
/data/data/com.kingroot.kinguser/databases/eup_db-wal

Filesize
8KB

MD5
9cb5002b8270ab3475a2538269e2c099

SHA1
a164d9f57babfb93735d4b18edcfe0012afd9ad0

SHA256
f917e76e89a05e8d46ca9be0b018901b9f04156ffe4bf8a1e5b0553044a67b8a

SHA512
817ebfd992509a9a07b70da47721a2e018de4c4dd57e8cfbe8ecbdd12dc3c95992e77ee9bc4fb13cabb82acb2b82704d60cdace551bfc801231c50f3d0865cc8

Download Submit
/data/data/com.kingroot.kinguser/databases/eup_db-wal

Filesize
56KB

MD5
a9909df10b47ba96ee7dc9f506f5a0d4

SHA1
5005242b773ef1e2280cf31b5b3fb83aef4cd963

SHA256
6e9816b04065cd84edff7765b1212568a9a237eba6ddaded8f8d5724b429036b

SHA512
20cbeb8130e42b19eb8f1bedf0cf637bffd55870e92d2e402f0a6427430a4b4930471408defa6923988c7b862f829714ac91b79bfce807b576cc54a2adf4ebfe

Download Submit
/data/data/com.kingroot.kinguser/databases/eup_db-wal

Filesize
4KB

MD5
5864c595484d8cec8f93f9d724613da5

SHA1
9d81d8bd0b8c6f0f264a6d76312a826f31563e78

SHA256
0b5ee0437aa60d0c53e731b1f8d4173319133c7ea914c4fb2cda5d0e3f87b4d6

SHA512
bd3f47d57f4d103c15b0c8ea32d1fbaec5ce4ca8adf7896ca3babf35b1d1051762524980cec5283df3be1866d453f1f4fb64077704c4c08dd336392a8e579538

Download Submit
/data/data/com.kingroot.kinguser/databases/eup_db-wal

Filesize
4KB

MD5
dba5d19fa2776965171618c94ccc2ad3

SHA1
2de4113ee7e66e497a778f37529a3d70570aa2ef

SHA256
0e33a6d99014aa8873c51a186c6c7814f6647f59b9e22e68f70e069a200f7f02

SHA512
a66df0acd9a85f681f42144aa2faa60187ef79be009cb7098142d85f3f41fe058aca919a52429abf848df3e0c55b03a2b37511e0426598195d8d55b321fc24a9

Download Submit
/data/data/com.kingroot.kinguser/databases/eup_db-wal

Filesize
12KB

MD5
b1a6cbfabe1483362c35537fb02509f5

SHA1
37ac3d340aaf164100fb9d40583aa540b78a30fb

SHA256
b4e9eaab60d833f167b07a928f25bbed60fdac90201529d87fd1d4a6de3cfb51

SHA512
59ecea9328c8ad41a0169747f7be8dad0aa29ba49f0ce13ca1de6d9bde91436e09da4cf8d3d7bf518b5f373d3607695e0b88648bc3c9a999fc6762bce45c5444

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads