Overview

overview

8

Static

static

6

a3c4d4ed46...18.apk

android-9-x86

8

a3c4d4ed46...18.apk

android-11-x64

8

alipay_plugin.apk

android-9-x86

7

res.apk

android-9-x86

res.apk

android-10-x64

res.apk

android-11-x64

Analysis

  • max time kernel
    176s
  • max time network
    185s
  • platform
    android_x86
  • resource
    android-x86-arm-20240611.1-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
  • submitted
    13-06-2024 04:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a3c4d4ed46593faeb0293f493d42960c_JaffaCakes118.apk

  • Size

    30.8MB

  • MD5

    a3c4d4ed46593faeb0293f493d42960c

  • SHA1

    41adf390877f15a8f4edbd8a54b5a2267df62f3e

  • SHA256

    8e4a68e862d0d73d9c434faf03d2937a4ce8b22f948ec7d046f63527a0323525

  • SHA512

    45d19742301b3219ae122aa24005e479a37ee8802f7977812b147e3e5c01245ec2937da8cf0be359dd426d0cd9565b9768b7455af51e003a909a7de1561623b3

  • SSDEEP

    786432:Hn4sCbYBSEYK9pwg9rV4S3EENkZbqPhXT0ByA/PcNJ:YhBGa/xa10XnG

Score
8/10
discoveryevasionpersistence

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 6 IoCs
    evasion
  • Queries information about running processes on the device 1 TTPs 3 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Acquires the wake lock 1 IoCs
  • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
  • Queries information about active data network 1 TTPs 3 IoCs
    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 3 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Checks CPU information 2 TTPs 1 IoCs

Processes

  • com.kira.com
    1⤵
    • Checks if the Android device is rooted.
    • Queries information about running processes on the device
    • Acquires the wake lock
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks CPU information
    PID:4269
    • cat /sys/class/net/wlan0/address
      2⤵
        PID:4433
      • cat /sys/class/net/wlan0/address
        2⤵
          PID:4507
      • com.kira.com:QALSERVICE
        1⤵
        • Checks if the Android device is rooted.
        • Queries information about running processes on the device
        • Queries information about active data network
        • Queries information about the current Wi-Fi connection
        PID:4320
      • com.kira.com:mult
        1⤵
        • Checks if the Android device is rooted.
        • Queries information about running processes on the device
        • Queries information about active data network
        • Queries information about the current Wi-Fi connection
        PID:4356

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • /data/data/com.kira.com/files/mobclick_agent_sealed_com.kira.com
        Filesize

        542B

        MD5

        dea98182cf9b7b87b66cb0cbb1660bcf

        SHA1

        fc02b5bbaf3a8179f45ef3cae36210fa110c8fb3

        SHA256

        48fbcbaecf612604bab2fda1b06b4c6830ef6b8c2bd5771c61562bad8886b439

        SHA512

        895536cf2fe7d3d0188c15119593dbce357dbe3c98eebf0c0756b61f1051a81fb555a3400e44ebd23793059dbebfde4a52aeb90e11098051a6236b7fe4ce16ce

        Download Submit
      • /data/data/com.kira.com/files/tls_device.dat
        Filesize

        16B

        MD5

        e266308aa17a66b0cb116fe8c516919a

        SHA1

        fc49336ee7466ca2657806cd11224926efcdf687

        SHA256

        dced3d4afe6ae34d98a719e8143a293d9bf23ed9b351894f3ea4a8753118a6dc

        SHA512

        4ce0ea8b62e0135ff951f0121e94fe70bba5c4152943ee2ad74613cc983a2b68cf6cd05cec1bbe2d6dfd81ef5b5ebc4c546a47511d2a0f3920c1e9655b515110

        Download Submit
      • /data/data/com.kira.com/files/umeng_it.cache
        Filesize

        211B

        MD5

        9adbfc2bd5a7e3d6264cd6151b06c741

        SHA1

        0a95878640eac24013a27fea368da67acb34615c

        SHA256

        748d63e36dfd6eaf8a76dda0cd78844aeb8ecdfe9c7a4effda6979f6839e12bb

        SHA512

        d456574f73d7611e4b2faf3d514090e0410c21d94504171b99196101e507597a2953ab890ba363f880f3b39c97cae87abf865cfbd5b7232ff339ddd44153fc2a

        Download Submit
      • /storage/emulated/0/data/.push_deviceid
        Filesize

        32B

        MD5

        e0a66ea1b2205e4a241426867e16333a

        SHA1

        56d6aa0664c512245122cb443eba1581fb452f9a

        SHA256

        626685eaf19bd1e2922a9b7bd911a175b5d2ab8be021d8cac489086e331f9156

        SHA512

        7daba6925bf6fe308ed387ac15685d49bf22f0ea2df05f160b724fbc05ef055cb3a78354e22adbd6dfaa69bcf6ced02fceae2e4099c375ce330076337834af6c

        Download Submit
      • /storage/emulated/0/kira_error.log
        Filesize

        1KB

        MD5

        b7f27b048e6b0495f7a5875c1d5326a0

        SHA1

        7aa4940e7f3484b574ad450c5c083ffd60224796

        SHA256

        26f772f8551923734a5f35d67462d89c6c195f1bca45eaa78032d621f054d80c

        SHA512

        82fbc12c83f57bf6ebcbe7448c4a7d20e8d550d00062a34bf700e5d992ee951d91fbdf08ca3de8cc3282b6c49a514da5f433a22c4d1d22429c620f12eb664e54

        Download Submit
      • /storage/emulated/0/tencent/imsdklogs/com/kira/com/imsdk_20240613.log
        Filesize

        11KB

        MD5

        520fe91c60a8ad5364bd38a9e8ba8b72

        SHA1

        6fc6193f816a598f91bfaf038ccc32a6d291eae1

        SHA256

        91d583a7e5cbda4dfa8c6954360917f9c514780bd4c064ce707a185d863df90d

        SHA512

        bb940e262df885b4daf9003869e1f03d95de1d3ba35446fba390fcb86b4ba0b084b9096960e30da011634be34a2be0dbbf11d0fd33138f9edab9773453eb569f

        Download Submit
      • /storage/emulated/0/tencent/qalsdklogs/com/kira/com/sdk/sdk.24.06.13.04.log
        Filesize

        8KB

        MD5

        2b75a5ad903ce8b927776c59a4789d16

        SHA1

        0ae45f3817156530ad4ff0f530ce0e47399f65c8

        SHA256

        2e0ae18c1205db631c5dfc24ab98a004f9a96a10b4dd769a012144cf91a7de33

        SHA512

        31d2fe23786861ceee55284f1789668d38d33e037591388f76a07859e3391e0a76dd554272f64fcf0bd62004cf3dcc51dc8965d0c0e10fb253051f40989c3534

        Download Submit
      • /storage/emulated/0/tencent/qalsdklogs/com/kira/com/sdk/sdk.24.06.13.04.log
        Filesize

        3KB

        MD5

        42e51209a602055567417939b93cb217

        SHA1

        efbd28912a447b6a8ec750b73048f74791bc1c40

        SHA256

        8e2bef2efcb827190159cdfa49c7adc610b7e70bca05c37cb6e557799037c71b

        SHA512

        bff43f8a5185a593d38d09ca9a176694a50f1c9747d61ec8ad3aa4ed688e159a5e21991454deb0d1d45fb353d9926d6210499a21ffd13ec56f33b6654f1466b1

        Download Submit