Analysis
-
max time kernel
127s -
max time network
186s -
platform
android_x64 -
resource
android-x64-20240514-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system -
submitted
02-06-2024 12:19
Static task
static1
Behavioral task
behavioral1
Sample
8e0d54af0fd46815bf021259a24bd5c4_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
8e0d54af0fd46815bf021259a24bd5c4_JaffaCakes118.apk
Resource
android-x64-20240514-en
General
-
Target
8e0d54af0fd46815bf021259a24bd5c4_JaffaCakes118.apk
-
Size
6.0MB
-
MD5
8e0d54af0fd46815bf021259a24bd5c4
-
SHA1
4a8ae185d8ee35e38a32bcade6f7a7347780120c
-
SHA256
1290ce2459e28ff8dd3ef50627dc28d44daeed3d877043b278232f92b5bb0b36
-
SHA512
7e95cf4dbf09da99b1c621dd022ce464b727e7a8f430cf5024ae175150585fd24817890478cc82bced889f94037724410eddc9b408b465586639e460dc18354d
-
SSDEEP
98304:rwNYS9/Tj5eaiQa4nVRzi8OQMf9vORzX/wB3tYUk4l9G6B7oUspgPlRLe6HMf8oc:0iSJdRiQVnvzOQMf9zB3tYR69G6odpgN
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 1 IoCs
Processes:
com.kingkr.knvkhfuioc process /system/app/Superuser.apk com.kingkr.knvkhfu -
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
Processes:
com.kingkr.knvkhfudescription ioc process File opened for read /proc/cpuinfo com.kingkr.knvkhfu -
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
Processes:
com.kingkr.knvkhfudescription ioc process File opened for read /proc/meminfo com.kingkr.knvkhfu -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
Processes:
com.kingkr.knvkhfudescription ioc process Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.kingkr.knvkhfu -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.kingkr.knvkhfudescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.kingkr.knvkhfu -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
com.kingkr.knvkhfudescription ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.kingkr.knvkhfu -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.kingkr.knvkhfudescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.kingkr.knvkhfu -
Checks if the internet connection is available 1 TTPs 1 IoCs
Processes:
com.kingkr.knvkhfudescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.kingkr.knvkhfu -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.kingkr.knvkhfudescription ioc process Framework API call javax.crypto.Cipher.doFinal com.kingkr.knvkhfu
Processes
-
com.kingkr.knvkhfu1⤵
- Checks if the Android device is rooted.
- Checks CPU information
- Checks memory information
- Obtains sensitive information copied to the device clipboard
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:5166
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
101B
MD54d5405a9639bcd8fb6824c2f8ac93ea4
SHA1c3414c6e45d3972056b46c452efa13b3e5112ac0
SHA2567dd807f8388dd1d66109a1629be8349ad1fbf6859e04a94495e5bf2411e0d052
SHA5125710487548ec636f5e3047839d45927b60045cdf0c7a66769dd6a4f400ea77692e83eea0c3e0779dd00aa1f47daddf299b825715cb6560f78559af5a957177a2
-
/data/data/com.kingkr.knvkhfu/cache/image_manager_disk_cache/f10cfd61f7e54a40bd41f01205ccf75c08d8f21030cc7d5db3b1bbc98af0d98b.0.tmp
Filesize16KB
MD5f31d1bfe3f7b142955798120519894d4
SHA1003aa526debfb696e3c8838caac94cee870c8627
SHA2561edec983381fc5fdcd04e4c9194530f410e9d4b5224b75ba814030fa9ccfbcd7
SHA5120258f426eb78a71fc6ff1cbc054e5a20865eeee60ed1b6aa2383a3fbe03530499266402fd889becf86ca20cf0194bfd4d8b02e5481ba27f78af552373be17af7
-
Filesize
179B
MD504118ca908d50bf185c085eb259e6e3d
SHA1b566f42476e194a4c0c173f731c743751ca76d1a
SHA256184c7fed2910a26f5c25f64cbb1079f9ecaf3a637306c6646feda775e6c4c749
SHA512a832982d963fc295e06099adc53c33b6b1cd286646742c0ffea0401877d3d7eb160fa613d4d81dfa1eb552d37562b60df7d7b5c90b91ec4292c4541885eece4e
-
Filesize
31B
MD58c92de9ce46d41a22f3b20f77404cc1d
SHA18671a6dca00edb72be47363a7071be65cf270373
SHA25668bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA51230f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56
-
Filesize
32KB
MD525208a0f70947184491a7952cc1d08a1
SHA1b4cc68d17ccd32429cb26faf60ecc3ebb97653a6
SHA25650efb48be481352c6ff11f1547fb5c45fbb2418d3b55cbf1025ba387886a4cd5
SHA5127c27456a7da50225eff9d7cd9e32593c355c9f372fb004d3f2e5ac404c2bd55785df28f6a007150dd107add7843ecdd804189d538af2f5f02f3675aa4ae80b32
-
Filesize
8KB
MD5629e18c3bb7c34f337ce8240419d49cd
SHA167c4695fcc321a39d830b812447d5cf3a5bfe5e7
SHA25698466d9a03fed056ccd9489fa907b3ba3a81347dfc445957221a764a92cf2199
SHA512d1231affe777593ce08b8c1e20aec0f17c8a262b79c578a53ab2ae18d4b009d5ef296471c07e96eb46751242d1aff1433ee410cea67f5b2a9750112f20bc6e87
-
Filesize
512B
MD5b2f27c9320fa9ad4fbe90167e17a8c62
SHA16b4e430360ed2f3a871434a5fd5c759deb263db6
SHA256822731d2e6a3fe3c09be710a031ef5a4d17e050fba1865b3bc980ea82c761305
SHA512ab3b3db315f338ef6ba96b38853b53222d6dd658d17564f1aa4adfe9aaa567b4f3df509ed9ace6272b77f6ea3aa9e545a6863c38b557958adf53db6180d9b06d
-
Filesize
8KB
MD528d8ec9a34a3af1bf0fd735b225443f9
SHA1b99551089a8351a7ccc3f1e25e667967552a47ed
SHA256cfe0db74398628a691ff235a9495107c4165a74994f859d1246679cd1803cc6c
SHA512632508d78e8938ff0ce5da3cf62f4279cde5adb701dfb8796b80cf28769ae32c210d2b7bf8dea9b1b7bd1cf999facd31f000ca8a9ba850dabd30d204829e058f
-
Filesize
8KB
MD52e307c5b344ba5b668f6883acc3e2744
SHA128b7110a3df0b8a808236b3e05da2a33bc0f8250
SHA25651e50b2963d78722d1ee720a421807c9804f453c44a36bf6c07892c737da8d0b
SHA51245f1fa8ac83812a9e7125f98d5f958ba3c0ae858e5f5020420b4c5dea8c3738e6a9e32952c3c6ada92015849743ab9261a3526dd71c2f8168e4e4c76af8730c7
-
Filesize
8KB
MD52a89254d4378aca9740b7804099692f7
SHA12d0f29fc4d290ffcf99325bde28c461e35e8a952
SHA256c188b571ccb093f1c21bebf4d897d6676d7872a453ab0c3423e290eefb72e8a8
SHA51217d10728004fd3e164bcdceeb9c86310b530113365d2d0dfd5e191d7fac517a29e2dbee57d4c85cf5b25ccb5c4a898c579c518af020d5b5f26724b2d8f753196
-
Filesize
7KB
MD5f3cb17521c41b9a20a91187cd9f299a3
SHA1a4aeeabb3ef8ef56c6c44a7df2bdc281d36f40e4
SHA256734eac362baeabe10bfc081d2b9eaf3babc0f154b3e5ac62cfff3e817604fff8
SHA512e5196475ecd634c4cddff5533a0655566433c61f648372c014bf2fe960d5be6f1ca6030a74b26f49960fc84fe14bf298bce6d3485bc9ce63014d08f7d9c1092b