Analysis
-
max time kernel
127s -
max time network
131s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system -
submitted
02-06-2024 12:19
Static task
static1
Behavioral task
behavioral1
Sample
8e0d54af0fd46815bf021259a24bd5c4_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
8e0d54af0fd46815bf021259a24bd5c4_JaffaCakes118.apk
Resource
android-x64-20240514-en
General
-
Target
8e0d54af0fd46815bf021259a24bd5c4_JaffaCakes118.apk
-
Size
6.0MB
-
MD5
8e0d54af0fd46815bf021259a24bd5c4
-
SHA1
4a8ae185d8ee35e38a32bcade6f7a7347780120c
-
SHA256
1290ce2459e28ff8dd3ef50627dc28d44daeed3d877043b278232f92b5bb0b36
-
SHA512
7e95cf4dbf09da99b1c621dd022ce464b727e7a8f430cf5024ae175150585fd24817890478cc82bced889f94037724410eddc9b408b465586639e460dc18354d
-
SSDEEP
98304:rwNYS9/Tj5eaiQa4nVRzi8OQMf9vORzX/wB3tYUk4l9G6B7oUspgPlRLe6HMf8oc:0iSJdRiQVnvzOQMf9zB3tYR69G6odpgN
Malware Config
Signatures
-
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
Processes:
com.kingkr.knvkhfudescription ioc process File opened for read /proc/cpuinfo com.kingkr.knvkhfu -
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
Processes:
com.kingkr.knvkhfudescription ioc process File opened for read /proc/meminfo com.kingkr.knvkhfu -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
com.kingkr.knvkhfudescription ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.kingkr.knvkhfu -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.kingkr.knvkhfudescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.kingkr.knvkhfu -
Checks if the internet connection is available 1 TTPs 1 IoCs
Processes:
com.kingkr.knvkhfudescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.kingkr.knvkhfu -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.kingkr.knvkhfudescription ioc process Framework API call javax.crypto.Cipher.doFinal com.kingkr.knvkhfu
Processes
-
com.kingkr.knvkhfu1⤵
- Checks CPU information
- Checks memory information
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4296 -
getprop ro.product.cpu.abi2⤵PID:4453
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
101B
MD52e755a7a5409b34ad507c0883fe36290
SHA13f2d6692f40b0ad0764b5b304a81da3333fb98f9
SHA2560017f43a833e91d2ebe716b7ba7c977eec8a6a38de9b96ebc0310109b67a71c2
SHA512de478a61ed193dbe372c7bdd519850c7f933ad39d9c861bc5f064b956c5867f468715082fc3477b9e240597129fab4ccff60a63a38573691015388963ce24f15
-
/data/data/com.kingkr.knvkhfu/cache/image_manager_disk_cache/f10cfd61f7e54a40bd41f01205ccf75c08d8f21030cc7d5db3b1bbc98af0d98b.0.tmp
Filesize16KB
MD5f31d1bfe3f7b142955798120519894d4
SHA1003aa526debfb696e3c8838caac94cee870c8627
SHA2561edec983381fc5fdcd04e4c9194530f410e9d4b5224b75ba814030fa9ccfbcd7
SHA5120258f426eb78a71fc6ff1cbc054e5a20865eeee60ed1b6aa2383a3fbe03530499266402fd889becf86ca20cf0194bfd4d8b02e5481ba27f78af552373be17af7
-
Filesize
179B
MD504118ca908d50bf185c085eb259e6e3d
SHA1b566f42476e194a4c0c173f731c743751ca76d1a
SHA256184c7fed2910a26f5c25f64cbb1079f9ecaf3a637306c6646feda775e6c4c749
SHA512a832982d963fc295e06099adc53c33b6b1cd286646742c0ffea0401877d3d7eb160fa613d4d81dfa1eb552d37562b60df7d7b5c90b91ec4292c4541885eece4e
-
Filesize
31B
MD58c92de9ce46d41a22f3b20f77404cc1d
SHA18671a6dca00edb72be47363a7071be65cf270373
SHA25668bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA51230f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD52cecd0c39393998a5ca6c9dc1a1b9a7b
SHA1413f6f8dc8c5bfb03e3c5337eda4e5d294574ae3
SHA25611e95c71c72fa81f1fa2e40ee282b079e7b4afbd60a04fe234e0d5c54cd786e3
SHA512f32952b78b3ba350cb4b8508169b131979b38658d49cf5131f9a3bf161f0d7be86f8136b215b0d4dfe1484b68605b40d4b67642abf737b1ed7c56de4eaf55216
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
52KB
MD528d47dab9eb85a6edcb321c354eb3229
SHA1479a1dfe1897d18fa919afa470f9e8fc2f636ab5
SHA256e0aadf2ffb8e77d4ee2097462ffded0635c6e608cb2c5f5fb68b0dffe033c80c
SHA51221e50d1bd788712e23592f8920d4c255b7f44ee9f22d1f32ac2187c17c965632b12fe746abd21b9c1f49b839040c3cd67c7713e397fe7c8ead76fce6dd429734
-
Filesize
7KB
MD57835b9a1f20cf6b294293a52c6edbd81
SHA176fbdd03c99ab12747c29bf1964867a0db5543f5
SHA256e2ba4a0ac62eeb613fbf68ded6ea2e8ff9d3b73d176d10f8cf5a9b648b20be38
SHA512a7c1b51853767a7c510442f9f0300c8e007e86b08fde6bff36f4639f1ab2adec90de1956f02a39b47bc15b567a89a456ffbaffeb633844143f4a9c982e6c8627