Analysis
-
max time kernel
29s -
max time network
137s -
platform
android_x86 -
resource
android-x86-arm-20240611.1-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system -
submitted
15-06-2024 05:27
Static task
static1
Behavioral task
behavioral1
Sample
ad010b1026ba3bbe9042a323b34a7c54_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral2
Sample
ad010b1026ba3bbe9042a323b34a7c54_JaffaCakes118.apk
Resource
android-x64-arm64-20240611.1-en
General
-
Target
ad010b1026ba3bbe9042a323b34a7c54_JaffaCakes118.apk
-
Size
13.4MB
-
MD5
ad010b1026ba3bbe9042a323b34a7c54
-
SHA1
2dec68b710e2a4d508314e2fb865f25dee45665a
-
SHA256
8ce8c5625079961a0b82311271d052b2890712a1d90b0708ce05a7da8d2a0a1f
-
SHA512
a9ba221d26c0a7fdd0e0209c60a14fe29d910ffa6c0ddc1862a571cd8f35aeed46fd8ac7ab9b2c5a117edb2dc1fd3ba7beda9f055576770285e440097f02a88c
-
SSDEEP
393216:BK89mJPAKtZoBxmJOxO2+5Mx9U10vLhwJPLKpWDbalaHAAJl5UPuapiy:8RJoBxmJOxO2+sU10vGJPLKpWDbalaHe
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
Processes:
com.kingsoft.calendarioc process /system/app/Superuser.apk com.kingsoft.calendar /sbin/su com.kingsoft.calendar -
Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
Processes:
com.kingsoft.calendardescription ioc process Framework service call android.accounts.IAccountManager.getAccounts com.kingsoft.calendar -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.kingsoft.calendardescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.kingsoft.calendar -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.kingsoft.calendardescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.kingsoft.calendar -
Reads information about phone network operator. 1 TTPs
-
Checks the presence of a debugger
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.kingsoft.calendardescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.kingsoft.calendar
Processes
-
com.kingsoft.calendar1⤵
- Checks if the Android device is rooted.
- Queries account information for other applications stored on the device
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.kingsoft.calendar/cache/_KStore_/cache_http_api/journal.tmpFilesize
31B
MD5fa79244c9fe70f6cc813c4bece0d1bd2
SHA1becc80a0d952cd02e9ab07408136498dbc82774b
SHA256aafeabed5f0062912cd9016f90617308e1d8e320f09ac7dd65383498dc868371
SHA512049bff76881d28a757bb8a573d9bd75ad15b6a93e9ece52b90cf29b433aba855bd6b0c39b5dd56bd86abeeae13654aa58c29f9e9483ace0963dbe5c7c8f05a55
-
/data/data/com.kingsoft.calendar/databases/calendar_2.dbFilesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
/data/data/com.kingsoft.calendar/databases/calendar_2.db-journalFilesize
512B
MD57faebe6dc9be9b2b07fdf73a7eab7395
SHA173b2f3b6a2abf28b5126e67aa050c204f0ece5b6
SHA2561601689f06280a7cdc88306e16d3df904cdc7a538798f2f27bb743278c94798e
SHA5129670b464fc4edd74b6ed9d7b0260df72fd5cc6e90d14c418642bff75380502c6e718b1b2889500ec8e21038ccd4a5dda971d8d4e5bc3618d03bbf17d7ab40d24
-
/data/data/com.kingsoft.calendar/databases/calendar_2.db-shmFilesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
/data/data/com.kingsoft.calendar/databases/calendar_2.db-walFilesize
197KB
MD531bb89e53bc7b78bddbca8827dc2fe3c
SHA109d9b0461bd392d58a5791dd1ed13dd3c61e17cc
SHA2566422fa18acef349fb17caad1e3904bfc3e2656a9ab48de92290c6aaf0e1f1896
SHA512361182dc50751fc7703d6e9d4f92d845df466ea05588d4ef6ba153c265ceb5d6dcc7300b0833d8216b7dfa7db519f0d3586989117a82675712a404af5539ba07