Analysis
-
max time kernel
125s -
max time network
177s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system -
submitted
02-06-2024 02:52
Static task
static1
Behavioral task
behavioral1
Sample
8caa3427932ea23a8dd107152dccc910_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
8caa3427932ea23a8dd107152dccc910_JaffaCakes118.apk
Resource
android-x64-arm64-20240514-en
General
-
Target
8caa3427932ea23a8dd107152dccc910_JaffaCakes118.apk
-
Size
3.6MB
-
MD5
8caa3427932ea23a8dd107152dccc910
-
SHA1
ebcdc641284da1864ca37a8aa7fd07cce2ac65ba
-
SHA256
3a12f0528a4379b52b6cb07832c1d577d58b2f9559e6844775579cac7c0d9a8d
-
SHA512
10bee6e12c88973f9569ebe4e4133218a4ae430c36361d00c20ceefeec7d54b9b1a3cb029a37483ccdebaa55d77ac1c76f5ad1b83ff192feb29cd09a77190111
-
SSDEEP
98304:GccnaVv95Utqy/+7gg688dLW4g2SRQwzof8m7p:GccaVv4z/+7U88tW4uQw684p
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
Processes:
com.kingkr.kxegohs/system/bin/sh -c type suioc process /system/app/Superuser.apk com.kingkr.kxegohs /sbin/su /system/bin/sh -c type su -
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
Processes:
com.kingkr.kxegohsdescription ioc process File opened for read /proc/cpuinfo com.kingkr.kxegohs -
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
Processes:
com.kingkr.kxegohsdescription ioc process File opened for read /proc/meminfo com.kingkr.kxegohs -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.kingkr.kxegohsdescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.kingkr.kxegohs -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
com.kingkr.kxegohsdescription ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.kingkr.kxegohs -
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.kingkr.kxegohsdescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.kingkr.kxegohs -
Checks if the internet connection is available 1 TTPs 1 IoCs
Processes:
com.kingkr.kxegohsdescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.kingkr.kxegohs -
Requests cell location 1 TTPs 1 IoCs
Uses Android APIs to to get current cell information.
Processes:
com.kingkr.kxegohsdescription ioc process Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo com.kingkr.kxegohs -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.kingkr.kxegohsdescription ioc process Framework API call javax.crypto.Cipher.doFinal com.kingkr.kxegohs
Processes
-
com.kingkr.kxegohs1⤵
- Checks if the Android device is rooted.
- Checks CPU information
- Checks memory information
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Requests cell location
- Uses Crypto APIs (Might try to encrypt user data)
PID:4318 -
/system/bin/sh -c getprop2⤵PID:4367
-
getprop2⤵PID:4367
-
/system/bin/sh -c type su2⤵
- Checks if the Android device is rooted.
PID:4458
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
58B
MD50d210bfb2a0e1f1b4c082a6a0f79de07
SHA1bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1
-
Filesize
238B
MD5b96f28f244fd42d9643b88f2aac21a33
SHA177bfca31ac52e4a03ae444a742dd8195cdb98c20
SHA256a25fa66921f6bdce46a347a628342cb52a66b156c40139f82ecc41b9242e7008
SHA512b93d4a202ea3ac25a188eb2182ac847e360b3eedb1b5c5a2d7fec22176b68f323c416546b76f9e3699259951079eeaf272b5e4f9617c9b04fcbd9e51b8c15814
-
Filesize
101B
MD5a7e59a6f0807e3ce81df0b980e2a3712
SHA1dd42db4d3d5ef84898548768fb214b22fc055f0b
SHA256910b916ec7b817e323314d205170b359d5d140b80b6f21917f15f3c94faf547b
SHA5122ef3889ef76060aca37fc60c0e27b3dbf60e3746c8c3001a85bdef03dc897ba1f84434e96686fa40007c89c50a603c87922468dad6bc9a59358b500768a8e65a
-
Filesize
31B
MD58c92de9ce46d41a22f3b20f77404cc1d
SHA18671a6dca00edb72be47363a7071be65cf270373
SHA25668bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA51230f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56
-
Filesize
512B
MD5727fa0e941076060b1e3a3642b9cf8a3
SHA19e46aef45b816e13b20df5018c494745e68d4b1f
SHA256bde6adaf05d75d235488731da0e9dd112606f88f5a443f9db4c148ac0ee13f41
SHA512f5586c799aefb70d158e81672d6dae9533f7f065d6b2d2909867310dff183a1eb99940ccceaaf521b2459647d8a4f307185e786742fa6843a371d8eea50e562a
-
Filesize
32KB
MD5805e37b8485844fefc5829e0aa052616
SHA13325fe29e2f4b2bf1ef0128b854af785c6b4fdd0
SHA256673f3255ad63a8248ef1a45e80872b6a59dd027af5a30573136a1ab5332b48f4
SHA51237b00dfc1e5c1b913dea93fab7f82a963f24e1b1db536a350420e431ad7bb71f1613459b3aa087723a3124805dd86bc79de099024c83243639ece4c1102fba82
-
Filesize
512B
MD5e380c2437cb9ba3591dfe2cb2dadb6b5
SHA191263038d0436db9927693d40592ed7d0f02fe66
SHA256a31074643deeb3c9c34f13310a3a9fbb36756663ccea3112fba4e83e52606291
SHA512e92d96aeaac0676b43d8c14a57d8c6873b54619d4ffc1012a8de1e0d0fec026afe8872488ce6b344c5563cfa33705ba11139017b00b3a9f41b3757dbd29248ff
-
Filesize
76KB
MD54959e574e7d216d8b38834e8f0783be9
SHA16c40686cb939db44cd552895f65adb86eda1bd88
SHA2560ace08153d00f490b429b7dc952e86d6718e072974687362334269e9288374ab
SHA512f95c527051c659a1e1ea1c44831bd4350e8c5b49b28e0b4963b7f1a641324ce502df6a0c269521ffa36f9f1495a0dd58baa2afa3a437650c4b4401f349214d71
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD506b0d42b053eca507a4b69796d90dee3
SHA157cb2a918ebb3adf00290c0e3e9e54c8d28f7e76
SHA25643ea637d8a546b9a60eb8a5b3ef6a17320c5ba806eb00bfdac89ceda7216e2c6
SHA512617bf221aa7a9429b2345a5512950178b266111d722d847df24d33cdbef50e95017504993621614083489c9a2de39283b2ede81ee92fd1c7e39a657cfa72ebfe
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
32KB
MD5d1adb781859e1bc3fdbac2296b960611
SHA1697d20bc0534a6d2cd84e889cb8486107b733291
SHA2565119d902142bdcb3b322b2743227e9cc43a67c56c4f1d8092316171993715970
SHA5126c7c137db778f1cb8374048a946fd32bb8b5957c68dcebfefa04f1958183909096dbc2989be585fc11adc8a70c951f033b93e01dd49ef5999de3cfabb8682a4a
-
Filesize
7KB
MD5c3297436197b2ba439b1342f524c8a26
SHA1bf71cee0879202e3e43fd06b23f350824192deb6
SHA256e6264e89c73a30987565323d454ac1eb1139f6d6623b9b05d856d1fc5f771060
SHA5121de967c1b9ea82902f359fbd288cb88246dae4ba885ef4c56122a7fe11262c43ca2b414d6a9ff2d251d8ca07732a1b57d91b6b70e058b727883b50f1a62f20b3