5325b86b793c8823d24999038e5db28de534841547b6355142b8aee936bc3344

Analysis

max time kernel
29s
max time network
133s
platform
android_x64
resource
android-x64-arm64-20240603-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240603-enlocale:en-usos:android-11-x64system
submitted
04-06-2024 16:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9584331ccc4bf9639749b7445afd560c_JaffaCakes118.apk
Size

29.2MB
MD5

9584331ccc4bf9639749b7445afd560c
SHA1

44554e9f0d18b918cfb95d8d0c4d0e4fe837fc39
SHA256

5325b86b793c8823d24999038e5db28de534841547b6355142b8aee936bc3344
SHA512

c5ef4353cc27e5d70b9324394c1cb0c237b7990e8d3307c2e2891d54f9f09df01739928bcfb5b84bf5576a02fe05640dbec158fa7e45666e2e6b8ab334cd3dcb
SSDEEP

786432:hghrud8EcfXoegUOQ6yVKJbEz9atF7taF+rbI:Sh6qgJaKNyMIFz

Score

7^/10

banker collection discovery evasion impact

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.ketchapp.stack/files/kuaiyouxi/datas/res/1253/dex.jar	4557	com.ketchapp.stack

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.ketchapp.stack

Requests cell location 2 TTPs 1 IoCs

Uses Android APIs to to get current cell location.

collection discovery evasion

Location Tracking

T1430

Geofencing

T1627.001

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.ketchapp.stack

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.ketchapp.stack

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.ketchapp.stack

Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs

evasion

User Evasion

T1628.002

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.ketchapp.stack

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.ketchapp.stack

com.ketchapp.stack
1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4557

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Execution Guardrails

T1627

Geofencing

T1627.001

Hide Artifacts

T1628

User Evasion

T1628.002

Credential Access

Discovery

Location Tracking

T1430

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Connections Discovery

T1421

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.ketchapp.stack/databases/kyx_sdk_downloads.db

Filesize
20KB

MD5
4da1c3deb14f5122b6c8c138922f5089

SHA1
4468971b9625bf5c951d68134069aeb711217ba4

SHA256
e0dbe4fd6825385865b746810cf5f92b7dcdf9251235ed369e431731c635e046

SHA512
5a2101312fb1e90f632e34703a5b596ef68f86b84d23180ca426d9376634a4943dc65a1fc9fadd3323eef9a7160bd4831ca76aaddf1a62ff8e34cad0e33212e0

Download Submit
/data/user/0/com.ketchapp.stack/databases/kyx_sdk_downloads.db-journal

Filesize
512B

MD5
7ca1be98d18065490c68269c75e06392

SHA1
03637a7bb365f6ed626d6a3ef3496be78148ff0c

SHA256
0950888ef1203d393016f03600ef6db889a6715b465948540add75b68216c441

SHA512
15fcb4d14c3614340c1a4a9efb7d52106f8e88d63483f652f68a7ddbe2c8cf4cef45c85d8cb324f68410bfca3b29d6bb028817aa43caf822038864f3d46cba4c

Download Submit
/data/user/0/com.ketchapp.stack/databases/kyx_sdk_downloads.db-journal

Filesize
8KB

MD5
ec7f66f3b3ca352a8924929e7307648e

SHA1
3c249e13dd235c35ef46ae10dddf86019a8028d5

SHA256
ede7b53959479bde18e3a799b30761ed1214155d1538915ca495c9f1b9d14709

SHA512
3d56341a1a2f10ebe3dc48fa06742ffbde0fa45b227f62b41fbdc634515f02b8971b15f17d10cecc1e8561e166bf7af282959b661319232b8c7c978c0dcfffec

Download Submit
/data/user/0/com.ketchapp.stack/databases/kyx_sdk_downloads.db-journal

Filesize
8KB

MD5
07d276ee8b6c012d70f3a4cf8304917c

SHA1
1f5c063cbc33b4d50f0575ddafb41835c66834f7

SHA256
9534ddb3bb3cf14227f64da1e66693c80c9b242b76758b14dcb1fc1c61422676

SHA512
4bd1d0d32c1f76d8e1822e5d58026fffb0e55b761d08b8403866e88821e1c080c8fd92581f668ad681d2b7a106d4bb36ec5885af286394a810490b086bc01ab3

Download Submit
/data/user/0/com.ketchapp.stack/databases/mpush_app.db

Filesize
28KB

MD5
b3dcd48385bea767a51be7385c6f12f5

SHA1
7a7bb3684f99b55f7551087cf3840e885342a0b7

SHA256
e560f6d31089b2d40837abe002899d43d4f8b71a413436597e21ef608213ac7e

SHA512
95092f5c62a43d4f6f5cfe4715e90f0e618d34f19db3434453e3cd21f6397cf580a6e85d4362ff9debe90697f8523a8fed2813da068ca6ad54fd79ab18e0fb2e

Download Submit
/data/user/0/com.ketchapp.stack/databases/mpush_app.db-journal

Filesize
512B

MD5
acdd0ac0a6608b8621ebc0d77d4d10c2

SHA1
4fe970813e2454cf56f47c49368b62c1164172c2

SHA256
864ba8a0937d49224633bac704379087d24052cd21c20bfe3fb1aa51db2427ed

SHA512
e87d5f1babbc4b6ebb327d36ea50880f2b63a12c5feddd5b13ede2ec732a95a810137f63c8c654ad6e5a50fe896df2cc137b213e6eb7a73c85d3028b4955d128

Download Submit
/data/user/0/com.ketchapp.stack/databases/mpush_app.db-journal

Filesize
8KB

MD5
8df233a0442d61333288329e5070ed71

SHA1
82bfca79601708476ba595b9350f4ebe85d01ec3

SHA256
78b97a46e548dbe4b3b427c87b4a7d728fa1f71b0f5116ee1c6d72b8cad27929

SHA512
7eed9c67b3d495129403a9dc8484fd3e425952bfa1bc354747c75e8bf2caf62dd9e54f9afce0eccdc55f95d2ccdb8a7f8b8fbf8721d464f14c26798af765367f

Download Submit
/data/user/0/com.ketchapp.stack/databases/mpush_app.db-journal

Filesize
8KB

MD5
e31e41115ee6da2755b7c28ce2994a76

SHA1
d70d98fe2c554219471613d8cacd05d27eeafa3d

SHA256
78c9ccb098f5e22ff06314e21f337029e7e0ca6a8a1e111fb42a1454eb286ead

SHA512
4113fae020bf99145390230f3767825e1225938827dda070470f0c4ef0095dfedff8fd735a358ca0c80ee7177fd9e0da4c4138c424e0d6a9f743dbe417c6b65a

Download Submit
/data/user/0/com.ketchapp.stack/databases/mpush_app.db-journal

Filesize
12KB

MD5
07311dd5b0a55dfd675f11abfc302bd0

SHA1
28c686b2b4b8c933e55c192fce196b35320743dd

SHA256
bac6becf5d6c1e98fedd46439fea686f381968dcb81475b03e9233f2e38c5a46

SHA512
bc33c387c405038ca3ab80e8bf7baee42b694e937da725a768843032fe8df3bfc9def4d92966e130ae374b1c369ee03c10b7192f239907933c9c24c37d8264aa

Download Submit
/data/user/0/com.ketchapp.stack/files/TDtcagent.db

Filesize
32KB

MD5
f382a52cf8568b9cf2673ed5ef041014

SHA1
c507f0a1052262ad5eb828b64190bd0422cfd76d

SHA256
978e10b07e91ca29ede5c387dfd9e501a19cc5a02675196d716962e7697de695

SHA512
d3c06ea93abc8226595452003d40d66b74697a921c74c87f5a0e22f31f27e842a85f9572d8a372549154feb6b564dedb516443faf02f6ea025db9aee5455fabe

Download Submit
/data/user/0/com.ketchapp.stack/files/TDtcagent.db

Filesize
24KB

MD5
79ce5e416e7f3379253d1bc363445f92

SHA1
b73e6f099987658a84263f0f32606b38fff941ce

SHA256
ae4ab3e4fe764b818dad60b63a409e71d88bfd2d9fa5b2adce4156371d2e3816

SHA512
2d4e2c541484a8b62343bad82ff9296da6bf63e69e634083e26dabf6418042f0c85611991deda476098578e68f02c0d31bbd1b2e2208ddb0d09296b356ac3a6c

Download Submit
/data/user/0/com.ketchapp.stack/files/TDtcagent.db

Filesize
20KB

MD5
8c30e3eb221f0bf64cf233d044a74046

SHA1
ecea73b073ef65f8287dcababf4c640114f0d3a4

SHA256
70975531feb5aac43448171ff3a77a83232717059ffb3ecab085fdf64d96a828

SHA512
d856d4cf0cc14171c5b5f33e4c6267576aa6930852682cb6c36bce3e8a1895e0a6d11e03c4912467a5e0eaf04b231a3da2309f8a1c9d76f5850d0eeae74fa680

Download Submit
/data/user/0/com.ketchapp.stack/files/TDtcagent.db

Filesize
28KB

MD5
449852d8ebbe05cb2af822157104a2c5

SHA1
dd1af2f90ca03469941d2a56b65b3c5ad1d98986

SHA256
1bb36fc0c1b97fd658380c53e93b4c72cd5d3a19c63bb59d17a17c1c81353f28

SHA512
64731a43df9fed6ebdcf002fa74134a061e34211bc4374cf0d928d4f1805d3cf50ae81d73f43d3421c1b45c5902420a05ec84b19be30844e0bd55de7e73ed78d

Download Submit
/data/user/0/com.ketchapp.stack/files/TDtcagent.db

Filesize
28KB

MD5
fe9518e0414eb3de78d2bb3d7535b6ea

SHA1
723bbfe6180b81df573af681250b84b1b64f0ddb

SHA256
d28d39eed1a17fe205a3439a7f2e9a4807750c7c64ec051e0861e1cb52fdca5e

SHA512
a088b53db5ced775f59d2657a702eeb1804996a14e7a536b09b91ec7d0ebeddb4c22da01b222ff6574a7cdc5f84954aa2e8b680bf08c03c740f5effdaeb0e416

Download Submit
/data/user/0/com.ketchapp.stack/files/TDtcagent.db

Filesize
28KB

MD5
d4b98ca6b778e8ef0979ba031ec8b0d5

SHA1
c926add6c9330f3a576100164482cd783c4f961d

SHA256
e193eec26c4dfe8848512bfe6cb22d2747bf303f7fa9a413ba745921272d44b1

SHA512
1f51697bd3d2673fe46d3b7b4c5b16725874a6172efe8b10d67c815d5331dca489b9a0eef4fe320e774e55679e5c6d033e89adacbfbb4dc475b1c6f289b3093f

Download Submit
/data/user/0/com.ketchapp.stack/files/TDtcagent.db-journal

Filesize
512B

MD5
39ceda207d566685c5d25b8b9376231d

SHA1
e81e8131712a84aab7a0d5b2f94b3311fddaa557

SHA256
bbe7bc7fb81502237fbad14d66de87943b859fdf09dd2a37ccd7380266d2ff1f

SHA512
a8584201d80f85047dbefc72b9670243be77662c2bee4e04d2ea8cba4438bd50c6e448c12caba3c2002d610263815724cfd88b2327be86119ed7cb88ba7caa50

Download Submit
/data/user/0/com.ketchapp.stack/files/TDtcagent.db-journal

Filesize
8KB

MD5
85a9723be58122f6d651dfbb27ea26e3

SHA1
81626da8862d1736f7545a26ecb244d16b23b6b1

SHA256
f26b5ab51112a325a8474201ebdbed76623eb115b20f2894aaa4272c13c6aecd

SHA512
cf8040373251eb0f2f79743c84dfd76365a479e608dff6561846cd17e4694b01839e96dbf314a243eaf0e35412e27bfe61c95786ade23c3f8168fdcd5b00d95f

Download Submit
/data/user/0/com.ketchapp.stack/files/TDtcagent.db-journal

Filesize
4KB

MD5
d143ae45c4bd4574fd37c5665cf7e9aa

SHA1
35e93ef468d4cb637a85798af88ab42f3bb6a761

SHA256
388893e9eb28f0651d47a0554abedb59d9b4ea292de41533740d70f7af97d114

SHA512
85815c0845af53a77c006cdacf962995ed8e0f78112cf529a5b0e288ccbd9e9d6919e739b85099b67cfc8f830be04d6135f0f78a745903ccc4a74b3670313ed7

Download Submit
/data/user/0/com.ketchapp.stack/files/TDtcagent.db-journal

Filesize
8KB

MD5
b835365193134bd913c8ad50fc2be89f

SHA1
0490ac7cf684356c91a1330a20fa40d72b6c2048

SHA256
b90005a2ca3261425d2105e1336f96b3b25fff6b4a89db4f627d64bd89ea3fbe

SHA512
8a48cb4d84a05f6ebd99e7d38285ccf717e849fca6db9dcf1fd14ff46349a0ef8c890971cefb0240309daeef7a70dea70811f14ef3c0cafccf1f9c3570020c3f

Download Submit
/data/user/0/com.ketchapp.stack/files/TDtcagent.db-journal

Filesize
8KB

MD5
ee3496f1402334cb3e1e2937d702aa8b

SHA1
68bdaabd17478adb0d8f7d2ed70145e2760e885c

SHA256
ef2bb3d13b3ff28fb83512bd460ad80648bcd0aca37b8e78e920bc8befceb2b9

SHA512
2659c26e19f424b646e2b06d60f5b09a53e40f6d56333aa905e79b4bfc4ece7fbe60ab871ec748fa4a7ecac19849f2a7e9e205a0c4efb1460932b94c34a8d319

Download Submit
/data/user/0/com.ketchapp.stack/files/TDtcagent.db-journal

Filesize
12KB

MD5
db96e9bde7fb05ed37abee06821edc33

SHA1
31c308551f376bf662eb17336c0b57addb6a23fc

SHA256
d1f13b868a600959aa4c36c86849ae16bf13efa9c066280007417405e2bfa169

SHA512
e2f34269bc7c7c7c282f962ed835531dede79d04063f1c026b7306fc56d6cb732f976028a23573f774831d195b87a7ddc085852cd65bd5da6d9a8cb1afced9f1

Download Submit
/data/user/0/com.ketchapp.stack/files/kuaiyouxi/datas/config/checkupdate

Filesize
8B

MD5
64c2fe4a15843bd4be8778b3be78f29d

SHA1
5ab305e406d210d6aaea4a8126b39cba9251c078

SHA256
4f87f6c2be097041a87e79e1cf34005267a9efae44272cf98d5b85695e1f23ad

SHA512
cfb39473c34e14c7e5e26d096cfffca6f7e9865ac3ac7d541493814a822977e3e8bb0707f4d6746db9401eec24a04edad092a49745c0a65e181c28c2c93c1a82

Download Submit
/data/user/0/com.ketchapp.stack/files/kuaiyouxi/datas/config/md5

Filesize
32B

MD5
fc142147c11505bf6b3ad00a3fe2b8d8

SHA1
fe0c8952fd5458df2fca5e9abf22de6b0e4047f5

SHA256
58b5fd06661d9c2d8b407a7266cf32e98bec8acb5d0ec05247568b933beadd8c

SHA512
7cd5be89b97e75a7cb83c8b18c4abfe5374974565142a542d112048d8e1037024da6236328804d3fd889a259f1f73849a735596e44bdafd80217c42ae1ff63e8

Download Submit
/data/user/0/com.ketchapp.stack/files/kuaiyouxi/datas/config/version

Filesize
10B

MD5
6efc47af51a6c196672a37318681ac00

SHA1
3e94de6dff871569e1c6acf27e168c4d7747ff1e

SHA256
45bcc3ee642f8f5aed5af558d56981fc0510d0f046c8dfbbede6a242ce4ae959

SHA512
e5918b62560c7801b2c3bdfd1b6b7dd8fa75c7536cff3426100891badab604a73f5d03d3cec3a813979b83c9124efca2687af10e09788c4614cf3dd08cb1b460

Download Submit
/data/user/0/com.ketchapp.stack/files/kuaiyouxi/datas/res/1253/dex.jar

Filesize
891KB

MD5
57a720eeff8002e022528f5a44ed56f0

SHA1
788ed2bc2d4e927106e5a89186a25ea6f05a0e09

SHA256
e7a4deabb755c39b662fd303f130b2deaf8aa5aafc4e0fb5d10197ae872ea759

SHA512
bb34784b4c4eb0565929ad742ade5a4b459ba5db21683a036fe1c465d97bbeaaa5f95e5e84ae5366dee623c1c2c05dbb79dcb0a27f92ad055da9ff84e97cd89f

Download Submit
/data/user/0/com.ketchapp.stack/files/kuaiyouxi/datas/res/1253/dex.jar

Filesize
2.0MB

MD5
628e57b99afd5c70c7a3f7ec0b85fba7

SHA1
727032676b78742da147829d74079a046f719338

SHA256
411e6ae4d9731a39cde6b6d71f671af597addb40ccfa490928ceaec600110feb

SHA512
80ff31ddfb2fb61829900ca9798b6250e6cbb9ef177aafd491dab69113849ae409296ea96263a91c27176a701ef9fbb948682bd3efbfcd7650b58e817cfbf350

Download Submit
/data/user/0/com.ketchapp.stack/files/kuaiyouxi/datas/res/1253/pack

Filesize
2.7MB

MD5
0e1bc470f855d8260ce860a79bc87048

SHA1
8e4cc20431c6ceef080eb165e25a49027b38161e

SHA256
ced99e4674b6646b5c06ae4e45368e9d6f2c6f01bb8a8d98a64ca64face6b1ba

SHA512
050f3d979c77dfcec41c71b259a10f12e41caee635b108b81e1883708eed2a95fad8f9d0b4bd3c8fffec7609104534e992215e2ddc72e27915226cd45dd1b76f

Download Submit
/data/user/0/com.ketchapp.stack/files/mpush_gateway_preferences_file

Filesize
18B

MD5
5b783a723321f384ea8a021d20ba4280

SHA1
8a53b72a13e69184d8d0ae99568e7d3b95fed07c

SHA256
f79b6c0ba6379e405153ae0536b49ce9ab8a64e8585cbcc4b7ee10a357b723a9

SHA512
bbce3c6ae766581622fcf53a41cfc47aedaa2050caa3fcefad2e5238470067d5e3b1a7f586d57318d74e0c3725bf0970fa9a1c02a3d0139e1f8444f2310c56a1

Download Submit
/data/user/0/com.ketchapp.stack/files/mpush_version_preferences_file

Filesize
2B

MD5
37693cfc748049e45d87b8c7d8b9aacd

SHA1
d435a6cdd786300dff204ee7c2ef942d3e9034e2

SHA256
535fa30d7e25dd8a49f1536779734ec8286108d115da5045d77f3b4185d8f790

SHA512
6ff334e1051a09e90127ba4e309e026bb830163a2ce3a355af2ce2310ff6e7e9830d20196a3472bfc8632fd3b60cb56102a84fae70ab1a32942055eb40022225

Download Submit
/storage/emulated/0/.rwtest

Filesize
1B

MD5
13c8ffd977013703a701cf8e11deac65

SHA1
067d5096f219c64b53bb1c7d5e3754285b565a47

SHA256
e7cf46a078fed4fafd0b5e3aff144802b853f8ae459a4f0c14add3314b7cc3a6

SHA512
527cff2b6fdfbc0f54fe092b17d6d8c7e22500242635fa56981e85a64da6ce8a12a3a66cf69fd48f588bcba9bad141b8e351a0cdd4925ae57289933eec1fc153

Download Submit
/storage/emulated/0/kuaiyouxi/datas/res/kyx_videosdk_mzw1_ad/1253/update

Filesize
2.7MB

MD5
c04e13d1ede48f576cb693593c821423

SHA1
09294c1103534a8da544980d810ea278b30f7a90

SHA256
d3581f5eab894f06e6cda1267a464949efade31f9f81a15420e931c7a1566b48

SHA512
2dd57f60b12f31acfffea4bca8c13e3f53a159ba05cf2c889d16bbf9268a63832b6b50d8a0a1100928679aa90426601e71fea1ed9777ed2690ac792b58e9bb93

Download Submit
/storage/emulated/0/kuaiyouxi/datas/sdk/downloads/kyx_sdk_downloads.db-journal

Filesize
512B

MD5
2cb66dc4c863738338607a539b202942

SHA1
efb34e735e8b7b692699dd7f6676c901324b232d

SHA256
06cdfb1583d981fa1541ced39833a39d569f61cace70ce25483f923e0abd581e

SHA512
eda67b9b09939fd3c6adadbeb752b0c92c0cebdf75b7b7c2237ea0fde3a4602ac9a7d369cc2a430127289d71ebf4c0d47cb8da5ac8c28d811ff0621d1de0a8e9

Download Submit
/storage/emulated/0/kuaiyouxi/datas/sdk/downloads/kyx_sdk_downloads.db-journal

Filesize
8KB

MD5
e6186d60dcad6e39352a09f994112235

SHA1
bcb6051fb871b59a1db5d66541d99ff004e97053

SHA256
c84ad02832b21ee6db730bf06b3ffb2ae780cd7970c8bff31aacca854d6537b5

SHA512
508228ef96a5f6a6fb7cf72af6f639fa7b36d7cea9ff9b04976d4870ece864c9c751c6c6265fab2c9dcd5a3df60ba193e0acf2b61d05883591243fceae14abad

Download Submit
/storage/emulated/0/kuaiyouxi/datas/sdk/downloads/kyx_sdk_downloads.db-journal

Filesize
8KB

MD5
393ef08570af1674ac5ae2dd3a153896

SHA1
d608dfb4109654a7ac13805981e0523404c638f5

SHA256
6a5f329efcbc302ed158b2ae42b1d71bde59a85d715ebe390fd54bf4a2e9b743

SHA512
ec45959dcb973b02d96731ad797f1f455f8acc3b9ff2ace8fbca4bd5e7b6f4751ae0c9df6a4fdfdf327e2ba9e46927537f64a2dabf65af05e87612ac6444bc5d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads