Analysis
-
max time kernel
7s -
max time network
131s -
platform
android_x86 -
resource
android-x86-arm-20240603-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240603-enlocale:en-usos:android-9-x86system -
submitted
04-06-2024 02:05
Static task
static1
Behavioral task
behavioral1
Sample
935ab14e332e00900733b08f2e738300_JaffaCakes118.apk
Resource
android-x86-arm-20240603-en
Behavioral task
behavioral2
Sample
935ab14e332e00900733b08f2e738300_JaffaCakes118.apk
Resource
android-33-x64-arm64-20240603-en
General
-
Target
935ab14e332e00900733b08f2e738300_JaffaCakes118.apk
-
Size
5.9MB
-
MD5
935ab14e332e00900733b08f2e738300
-
SHA1
41843b6de8e5524b5cf113f60e67777cbd11f18c
-
SHA256
2832995f968e658c7c14d45224acaa0bdb395a5bddda29383dcda50109b5ce96
-
SHA512
1b503e6060ed68d3404a55b988e7342c174a5f73689260bad2ca75e41385b2f64c2f1e8aa0cd072d09289226749579bf9e4ea144b29f473b816cfe2f0cfcfd49
-
SSDEEP
98304:+1P0t5vouyHwy3KEYfaVSwrxL0y1gxmDOJuac4Z+W86uuo9G6B7oUspgPlfd8osp:vt1otRYi5LBgxs7ZM+W8X9G6odpg4ENw
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
Processes:
com.kingkr.kvwgisoioc process /system/bin/su com.kingkr.kvwgiso /system/xbin/su com.kingkr.kvwgiso -
Checks known Qemu files. 1 TTPs 1 IoCs
Checks for known Qemu files that exist on Android virtual device images.
-
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
Processes:
com.kingkr.kvwgisodescription ioc process File opened for read /proc/meminfo com.kingkr.kvwgiso -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.kingkr.kvwgisodescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.kingkr.kvwgiso -
Checks if the internet connection is available 1 TTPs 1 IoCs
Processes:
com.kingkr.kvwgisodescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.kingkr.kvwgiso -
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
Processes:
flow ioc 6 s.appjiagu.com
Processes
-
com.kingkr.kvwgiso1⤵
- Checks if the Android device is rooted.
- Checks known Qemu files.
- Checks memory information
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
PID:4284 -
chmod 755 /data/user/0/com.kingkr.kvwgiso/.jiagu/libjiagu.so2⤵PID:4310
-
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
351KB
MD56525dc34d4a2656b93c41bc4223fddd2
SHA15c2333cb8ad87abc747d13d6352d5f19dc18997b
SHA256744cdb26f7cf86d52fa8b214813a346952fc7476826400b85a3db96356f5047c
SHA512b98dc08115cdefc31b2c0679d046a34e788936f985bcd70bb789b1828dcd59d949b023388a3b56ef017bafac31e79c12ebd6f6b623f01a38ea0e6e04a9fd1fc8
-
Filesize
40B
MD5f421b9cc3cbc2f50d10d84e24df4b9de
SHA13032955b77be239c1b38543149abec4df3412437
SHA2566253fa12d837491391c1826b34a20ef9af791ae789fd41d568a385df731d8f97
SHA512f6c054030c7e92aa815a9f78eae4daf913e2f881ded6d2d9652ea03e30d983f7816a643bc0e574a1bb6b8965eeec17af92736cd91a965973e3aab95736eed683
-
Filesize
40B
MD5027e45fda1fc36a7ca49249c06261593
SHA1bba6dc24dd027fcc91e7c4f5de65db827b0a3f0d
SHA2561945980fa324ae810a479178ef76e71acf8f7dac2b462db0c4b7980128209c46
SHA512003a6725dd8e1502df4b14d8ef481ec830ccaf55c53b3af3a4f77bb0c2d7d1af7b5c95485dd0863b55a387bb060414ad80ef554e3b8dc3c611359d3f7d850657
-
Filesize
314B
MD54bf80785f54de692749c384853fd675a
SHA17961d12648a7440ca118f70b0070e4d9464f3178
SHA256270315eedd3f581035793d754a3eafc0cce90dd86e12d6b7c6c8ef66b1745daf
SHA5126ba22e7c774a7b51e8758299a17f0ec5a048f47b0dd39c75995a43cffb1df7e5244c7defb72b143cb933f99bec0c20ce71af72262e80689e560e577de88ead58
-
Filesize
27B
MD5596842249155940f59c2f75c255bc205
SHA1b099f68a5a6c5692ceb71981a85a3fb12dd2d7ad
SHA256d61a3f74e37cbe6ff40eba575f9ac3ee56ca3182a7e928374826e6723f238791
SHA512f2f30ddd60f7a17e68c0b04a4b2671018e5f0519f3d00176e8771bad06651a744bc742f78121119b4467baf92fb66ea4b2a0d29cbd4409f97a08fdc7acd91bd6