8e4a68e862d0d73d9c434faf03d2937a4ce8b22f948ec7d046f63527a0323525

General

Target

a3c4d4ed46593faeb0293f493d42960c_JaffaCakes118.apk
Size

30.8MB
MD5

a3c4d4ed46593faeb0293f493d42960c
SHA1

41adf390877f15a8f4edbd8a54b5a2267df62f3e
SHA256

8e4a68e862d0d73d9c434faf03d2937a4ce8b22f948ec7d046f63527a0323525
SHA512

45d19742301b3219ae122aa24005e479a37ee8802f7977812b147e3e5c01245ec2937da8cf0be359dd426d0cd9565b9768b7455af51e003a909a7de1561623b3
SSDEEP

786432:Hn4sCbYBSEYK9pwg9rV4S3EENkZbqPhXT0ByA/PcNJ:YhBGa/xa10XnG

Score

8^/10

discovery evasion

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 3 IoCs
evasion

T1426

Processes:

com.kira.comcom.kira.com:QALSERVICEcom.kira.com:mult

ioc process

/system/bin/su com.kira.com
/system/bin/su com.kira.com:QALSERVICE
/system/bin/su com.kira.com:mult

ioc	process
/system/bin/su	com.kira.com
/system/bin/su	com.kira.com:QALSERVICE
/system/bin/su	com.kira.com:mult

Queries information about running processes on the device 1 TTPs 3 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

T1424

Processes:

com.kira.comcom.kira.com:QALSERVICEcom.kira.com:mult

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.kira.com
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.kira.com:QALSERVICE
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.kira.com:mult

Acquires the wake lock 1 IoCs

Processes:

com.kira.com

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.kira.com
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 2 IoCs

Processes:

flow ioc

19 alog.umeng.com
52 alog.umeng.com

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.kira.com

flow	ioc
19	alog.umeng.com
52	alog.umeng.com

Queries information about active data network 1 TTPs 3 IoCs

discovery

T1421

Processes:

com.kira.comcom.kira.com:QALSERVICEcom.kira.com:mult

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.kira.com
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.kira.com:QALSERVICE
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.kira.com:mult

Queries information about the current Wi-Fi connection 1 TTPs 3 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

T1421

Processes:

com.kira.com:multcom.kira.comcom.kira.com:QALSERVICE

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.kira.com:mult
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.kira.com
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.kira.com:QALSERVICE

Reads information about phone network operator. 1 TTPs
discovery

T1422
Checks CPU information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

com.kira.com

description ioc process

File opened for read /proc/cpuinfo com.kira.com

description	ioc	process
File opened for read	/proc/cpuinfo	com.kira.com

com.kira.com
1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Checks CPU information
PID:4654

com.kira.com:QALSERVICE
1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
PID:4714

com.kira.com:mult
1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
PID:4757

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.kira.com/files/mobclick_agent_sealed_com.kira.com
Filesize
514B

MD5
cb025372f581d9b822232bd3c84c3a2c

SHA1
404bdf3f0bb9358f9d8c6881b0a0004837f16a06

SHA256
88227d3e698e674ec72811a9b13dacb37297408e6b6dfa9c0d1d835da69f504e

SHA512
00f78b3abc398e102aea47ff1062f7a9ee90b3bfe81648cf2181b5c3a8ab8668c929c20e754248b9f74b32fc2f2458e428d21d5f60206535f74780b712791d9e

Download Submit
/data/user/0/com.kira.com/files/tls_device.dat
Filesize
16B

MD5
a215f571e00d1046294307fd36326a94

SHA1
6a6afce2924d29cf431b5eff6ef86f9e8164ccb7

SHA256
9cb916f148a5ab24e8e7c950141a842450b395c60ff838b27ffe806e0b6103a7

SHA512
60785f8ae3e711fc84c98b96b1e9d9b0994d66179cec285e5e8b8cf655b7b1bb6ea57898af3f46a676f1e5a8dd3bca8ba9a40ab450f708515abec6254046a2ab

Download Submit
/data/user/0/com.kira.com/files/umeng_it.cache
Filesize
148B

MD5
af327d417d99c1a4b6136055129ee7de

SHA1
8b03e33b7d7f02892bc5bcf02a04281c62fa8364

SHA256
22e27be57fc32933c7f63c50110ba8c07199955f22b6b54081a3116aac1df38b

SHA512
a71fe261749a79ede681561aa507cbd4cfa10607bf29feb2a7fa9701c95ffec2a13fb26312a3fb68a81006ff6a735203f7a94564aef624cb2243500aff277f99

Download Submit
/storage/emulated/0/data/.push_deviceid
Filesize
32B

MD5
9030dcc1ecbfd0f40397d68b792553c2

SHA1
accb627e40151ed4c81ed0637e07356f4129d4b2

SHA256
31d8c75e2f0d7a7f4641620bce518e56d39801b1de73a2422a89e16ac13efe67

SHA512
dcc36cfa838429c55c98096a3ab25b13c0f27d77d34d0b75d68f3145d7d5dda396f9df74a26355180687d70950ec500d1fb7de7789472281fec2c6d522e18cad

Download Submit
/storage/emulated/0/kira_error.log
Filesize
1KB

MD5
7dfbc3b7edd684e84822e34fb9991772

SHA1
e9e6beba8e7c58b8f3b462829baf14d9cf7e21da

SHA256
a2ace2f92c1fddcbe64c3196546ed2b5e8db03e06f3cc68508b7dfd96150ff46

SHA512
c82f9de6a195c83af396405321f21326e2aec61162895e3566510027b42e73657c200e1e29eeec8fd1a31a477d9febac0b0f10a27f33726c8ad0b40a4a1ff628

Download Submit
/storage/emulated/0/tencent/imsdklogs/com/kira/com/imsdk_20240613.log
Filesize
10KB

MD5
c0e0f7629b07659cd36561ec3310f9b8

SHA1
1c4ffde37536597c328ed99271c21da9482e2fe3

SHA256
3ffd087f5dcd89b32c939bace0143e3e3abf3ed2e404f513f2d37843393107cc

SHA512
e86f9e5ab820ef40cc30889d597655016dc486262309f1cfee96d18e48085987283b8954bb754a1c094b59ea451aa34158f286c1198f1b9b62147f110b8622b0

Download Submit
/storage/emulated/0/tencent/qalsdklogs/com/kira/com/sdk/sdk.24.06.13.04.log
Filesize
7KB

MD5
9d3a9928e9c2878392485e73fecf8a7b

SHA1
febc428837db78f762efd31065b03ea932127178

SHA256
2e73972b1bb0ae835c658df7fdb6efe8c296cb718de49a55326d567b6317e1cb

SHA512
0fbae3220a3e9ba0d9da6edabade3e7fca562aa97a1822259303ecb25e4b5d48976aaa329bfe8f45d3bfb27c5edbaf5740142a6344595f9d07a1f6ad2770417c

Download Submit
/storage/emulated/0/tencent/qalsdklogs/com/kira/com/sdk/sdk.24.06.13.04.log
Filesize
8KB

MD5
fac693544d54185e5dc491b5cc9ffee0

SHA1
001d2398d4a8ca17704423d48344cf69765c7393

SHA256
7a59fedbe9e0d0c81024a55cfed0003d9c62812be86099657f5bcb9f6d6a3dbe

SHA512
f55ffbe8bc41c9d563bac032412ddab3533f9dcf542617f55208d881d17af1c33e883f22cd8bf0d505356edd42cfef43b03c234a1c3f7682735f8318cc0d6e57

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads