2fd595cec1d47bf26e9f65afee4f9e18aeac18d638978d2a65e49c070785b425

Analysis

max time kernel
177s
max time network
185s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
21-05-2024 15:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

63be972fc9f87bd2089c41932338e617_JaffaCakes118.apk
Size

5.0MB
MD5

63be972fc9f87bd2089c41932338e617
SHA1

f60066add98ac0946409fec04ae1c3f6d1cacc18
SHA256

2fd595cec1d47bf26e9f65afee4f9e18aeac18d638978d2a65e49c070785b425
SHA512

6b7d460b1fe5bb8e7e0352b7577dc49f0a4efdb83e9d341ce74e94a3d02f66fae8373d72b0b6f1460c2a2931df68e5dce5d68b03faaf9479e2d397f69d103285
SSDEEP

98304:DLlrQhyZTY+btfwIXtEAeZGzkqwc7De6gmdkqkhDFIDLojgloY+:9rQhFsdtdYlzOuhGDMjgl8

Score

8^/10

discovery evasion impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs
evasion

T1426

Processes:

com.kong.app.book

ioc process

/system/app/Superuser.apk com.kong.app.book
/system/xbin/su com.kong.app.book
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.kong.app.book

description ioc process

File opened for read /proc/cpuinfo com.kong.app.book
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.kong.app.book

description ioc process

File opened for read /proc/meminfo com.kong.app.book

ioc	process
/system/app/Superuser.apk	com.kong.app.book
/system/xbin/su	com.kong.app.book

description	ioc	process
File opened for read	/proc/cpuinfo	com.kong.app.book

description	ioc	process
File opened for read	/proc/meminfo	com.kong.app.book

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

T1424

Processes:

com.kong.app.bookcom.kong.app.book:pushservice

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.kong.app.book
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.kong.app.book:pushservice

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

com.kong.app.book

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.kong.app.book
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

T1422

Processes:

com.kong.app.book

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.kong.app.book

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.kong.app.book

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.kong.app.book

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

T1624.001

Processes:

com.kong.app.bookcom.kong.app.book:pushservice

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.kong.app.book
Framework service call	android.app.IActivityManager.registerReceiver	com.kong.app.book:pushservice

Checks if the internet connection is available 1 TTPs 2 IoCs

discovery

T1421

Processes:

com.kong.app.book:pushservicecom.kong.app.book

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.kong.app.book:pushservice
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.kong.app.book

Reads information about phone network operator. 1 TTPs
discovery

T1422
Checks the presence of a debugger
evasion

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

T1471

Processes:

com.kong.app.bookcom.kong.app.book:pushservice

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.kong.app.book
Framework API call	javax.crypto.Cipher.doFinal	com.kong.app.book:pushservice

com.kong.app.book
1⤵
- Checks if the Android device is rooted.
- Checks CPU information
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4210

com.kong.app.book:pushservice
1⤵
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4327

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.kong.app.book/databases/cc/cc.db
Filesize
36KB

MD5
5d7ea1a23af19b4340cc8d90f28297d5

SHA1
4cfe95b23a9e98378d69c4290af81b51fbe76aea

SHA256
474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da

SHA512
33071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b

Download Submit
/data/data/com.kong.app.book/databases/cc/cc.db
Filesize
36KB

MD5
ce6135aa1b1fe4f2c2db2a546d2a5558

SHA1
79b59582154017aadab783dc266fcb158c252940

SHA256
7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c

SHA512
2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

Download Submit
/data/data/com.kong.app.book/databases/cc/cc.db-journal
Filesize
512B

MD5
c64ee4e33469af8804ae4a629a057915

SHA1
8275467a6aea2ee3e05dbf4081da916db954d472

SHA256
eb7520ef7493e0de167ea871055bce2417ec046e856ba0224a69ff4b23f57958

SHA512
bda5894af70ced4b230a1d8dcdcb1981c1a56984287d1c6a9aa5c06e735d70fc850bb1566da865a158eba006b9198d632d0418e877f3441f4d1c41c112f53d4c

Download Submit
/data/data/com.kong.app.book/databases/cc/cc.db-wal
Filesize
48KB

MD5
688744934b9319d698acb301cf672fcf

SHA1
ff6d27cd1250a24aac8db662f0a39d5985e22b65

SHA256
3ca93015d562bb88ad735617a6046360409e68d55f43f8861415ae4494f869b7

SHA512
d9023e2e38f01f62327cd15d433d1e3087286dfd3f5af79646685716f9d81353ccc1a6a8a66719f7cccb81217caeb834861b39ae621fe73cefa5f5da0600adf7

Download Submit
/data/data/com.kong.app.book/databases/cc/cc.db-wal
Filesize
16KB

MD5
79798fcf16eb8190e52742dfd9a8beb3

SHA1
162e55d9616db2271c37606deac020d1fa85e28f

SHA256
2036c7ea98eb9473aa285f2332e2aba667b1c5ceb24df578d7052f1d593fedcd

SHA512
c0a3e0944c5b811b1660b08aff6d841b4f027f84bdc3e59d849e9c78d2fb7d7158cc55ede6867660052f7659fff30618c91fa91ddfd8264cf864572dc3862caa

Download Submit
/data/data/com.kong.app.book/databases/zhulang.db
Filesize
4KB

MD5
31bf8b8a4e14cba18299109fd11bda04

SHA1
2b188849ae988b1f0cf04635c2743a5691d70a64

SHA256
c530cd5d936f53201e725a030b59f26ab3a6c9f2c53995745787124bbe23aedb

SHA512
78cf9fc5fc9d683fd36e0b74ee1d97b22686e1c05017ad4752806bd63f14566cebebde69790a9c01c2db47077e0f203ed4081e08746f1eb898199d63a8617c37

Download Submit
/data/data/com.kong.app.book/databases/zhulang.db-journal
Filesize
32KB

MD5
d5558fde1bdf00fa2aa1444556b204ad

SHA1
ddfe8648cde75525feed3c3262e61d7eb3599a91

SHA256
cf5c998de5b7283e975f2c8eed7531ce84a61eb267a739157d6d8b2806dc59a9

SHA512
e31920af9c094e9f30867f0759ffcf40031f59813f2319d3d68e9f7813c05a9d6a251357739327df9dc5c6bc27657d0c63a7f0eb065c28fa28ab430b9b848018

Download Submit
/data/data/com.kong.app.book/databases/zhulang.db-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.kong.app.book/databases/zhulang.db-wal
Filesize
72KB

MD5
eef0532f5aa4f8db0609fefbfd5d9827

SHA1
f632f503d699bc924074acbb3726926669862d01

SHA256
6359048b1226868d194ac438d70fda4e940e3a49767ccf76bb9a0b339c4de22b

SHA512
88a6ed9804d9dc65e3a8a9a95fd4b133c6e284ec2df8b4874c1bbd39e940204bac81a2e60b133b337cabd9e4f979030f36e7ce626801277dfcc3d4d2232dc04d

Download Submit
/data/data/com.kong.app.book/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664CBA07021F-0001-1072-67826A6258EABeginSession.cls_temp
Filesize
79B

MD5
d5818a49a84c081d833f65ebabd518b6

SHA1
febf3f7ea96b1c317c7cab013acb9f4357cd1edc

SHA256
195c1fd2b7acdfd4d2b1d83be18b5fdc7c2c83b40ae0aeec036dfaa343486d86

SHA512
065b97a1d829ca6d37686d4b91d1960fb96e78a32642da24dd61b1e351414b74484deebfb55ad892dc97d46deaeb24c04e23608a8a1021acaefbd5faa04776c3

Download Submit
/data/data/com.kong.app.book/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664CBA07021F-0001-1072-67826A6258EASessionApp.cls_temp
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.kong.app.book/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664CBA07021F-0001-1072-67826A6258EASessionDevice.cls_temp
Filesize
88B

MD5
edaca6f2019e1408ce705da1c3515ae0

SHA1
03521cd9b7b57ce50e1bf7e76d6fa3cf36e7e7b1

SHA256
df3efbcecb32dc7ca0f3e7640964ce24e6c8168a2189eefb773ee8376edb09bf

SHA512
4105060b1e53d91deaad2e34892c4fc6c18ff02bbdb854a75526ac7d1c4be2ecb5db2c0f231a2361489ed375a8563737696ccc4a1156757707c7cd97828ddcf0

Download Submit
/data/data/com.kong.app.book/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664CBA07021F-0001-1072-67826A6258EASessionOS.cls_temp
Filesize
181KB

MD5
8a56a1e73c5d9f751ff49528c7ef3fda

SHA1
605cf722adcff47c2073bbb51209a1873cabffef

SHA256
570fef237865835ef6fc19d4df763fe3903d2afcdb9f97cec7d2fa6cf4720cf3

SHA512
185af868b428a5ba524cc29cebbc80a583739b62871017b16d7619a76972bc0ec40c6e30732808b12208c2ca713c873bbf739c4db5fae1673871493677ccf830

Download Submit
/data/data/com.kong.app.book/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap
Filesize
423B

MD5
b380db27cebfcb114c94604699315248

SHA1
6d31a1965f2bef60fd983ae5d4e6fcefec0b761a

SHA256
af76f27e479397755eedcd0e3a1e8c0be5c5ff368f7da1c07330792bd300f38b

SHA512
9e41d373a9300048c1e558b3aa6ef10b8004fb46f2c4c8011796d3b4ff16148a12386436430e1e8150b88cb776adc7c8fdf77cb34864c32ca42f2ca73ac40177

Download Submit
/data/data/com.kong.app.book/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap
Filesize
2KB

MD5
a462130c839e72feff3268e264fecf99

SHA1
b44571c8bd34e351729d9fb186e3f1980fc17fa6

SHA256
d04a38386e3f9f541bd415bbf65c4c4a91f094313070365e6f651eaff17ddd30

SHA512
c9605344689d8b46e2d93807ca6d72d4b9483400796136503e6890c2286b159346a94c899064891fb67f4a413d10ec9e1fe34a2a4c30ecabcc6690aa3a52a3cd

Download Submit
/data/data/com.kong.app.book/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp
Filesize
16B

MD5
c33583fae4e0b61cde1c5b9227963237

SHA1
fe2ebe4d27469af1460f7e852031a04208ef629b

SHA256
35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

SHA512
fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

Download Submit
/data/data/com.kong.app.book/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_7c666ec4-077e-464b-acfb-fff45a5dab85_1716304392543.tap
Filesize
342B

MD5
f2cb377b8ed3a1735a79396104ee3b9c

SHA1
fad82712cf3d4d2aa082e21efe2237af9757a74d

SHA256
157fe2a09e15bdd324c912e884e35694af57075e28b1eaab7627192fab63f93a

SHA512
f7dda6519439a31d8297370a13b9fa1f581bb3c50a7fc65d091509b1a794edb5f5053e05ccef375bbbbcd9261e793965388a812ff888e57cf0a5480ea4d86789

Download Submit
/data/data/com.kong.app.book/files/.um/um_cache_1716304514821.env
Filesize
1KB

MD5
89502cba814c18c1c0a4d915653b6c83

SHA1
0eda3ad647ccb5c0b62647ff887617da804cbdb0

SHA256
e45aba127658041046299e878756cc5b6821fc672a8f2661237eb9ffb1fbce26

SHA512
dfe16822ea5c0fa48f14769835733dcbccdb6bbeda1cbca0cf0d382b81844c16d609ebb0e8d0d86b7a8548d9e58b432796ba39a1e4d40f1778351356d20a467e

Download Submit
/data/data/com.kong.app.book/files/.umeng/exchangeIdentity.json
Filesize
162B

MD5
bd77b3fbc8a757f5964db81cba95c30c

SHA1
5a929f8689f40bc4cb4804f9376fa9cf4a2aa01f

SHA256
15994c6cd6cfebd527c24d9ffa0eff7d6eaca46ab97faeaa930e17faedbadf3d

SHA512
f913e219bbd63007e7c87cde34d444aecb04eacb39a3d80b97cb8e88c7326d0682a7a268bd5e221cb8169cfb31fd7e2dd36385a28ded7327cc22f2f35c6b5921

Download Submit
/data/data/com.kong.app.book/files/exid.dat
Filesize
59B

MD5
0d539b171c11a63b0614e822ccefcc6c

SHA1
d932799b8a679e9fa4ce7bad959d5727a8e7172e

SHA256
992b1288f483e09f60d26f9cbb3d822dba25c6b1b69d1ddc846d5464a2e99add

SHA512
7c942a28d3e6674eae43379afd42a58c6cb27496975adb70f8448b8a1826bac4445b68895fe396e640367363b72c5df0f3f96a3b0db91f478a4a70138c1de319

Download Submit
/data/data/com.kong.app.book/files/mobclick_agent_cached_com.kong.app.book1000402
Filesize
2KB

MD5
5795577f6682bd8251c765d405c0416e

SHA1
130eda7a74efd3c8d47ca5e8018ca17d1a9c02ed

SHA256
1820c4166e27c14f7e7d52b9777224e0b512bba78e5aebcce481ccdb494e39a4

SHA512
603aabc7a11403db9f724840493aeaf7784c1bc9ae33744e8a9c9a51d5b54b881ca42414ecc69f50ef5643925785c8eb7d79e101f38163d26d49e3c1c81ec213

Download Submit
/data/data/com.kong.app.book/files/umeng_it.cache
Filesize
415B

MD5
2e0c62ffe6f2a169ebbbc518c084ea7d

SHA1
82ced8d897339be2d25c878ae1e1df986272c20a

SHA256
06388e375f35df4b5ee65114ef037239ff20f24d7101f6b071066885abec77ae

SHA512
b89703b3967021bcb9d0fbc047f92cb102295af8bb4c5bff84c2f16f80a687c88a61ed796dfdaea396eeda16280b5f0c8762aa857e93942e17b4730fc552bcfb

Download Submit
/storage/emulated/0/.zhulang_novel/log/1716304392579.log
Filesize
166B

MD5
1a78e01f60db92403a20dea1c504af8c

SHA1
95372b1937dd1e8282b913cf5ba0a6dc84a4bfbe

SHA256
c5075646c802825a7bc3f0363a2d4f15d3e79504fe1debc42ba950acf5ce4f3c

SHA512
79037bbda03dd83e52b1f101715504f95a59e729f95dfa9bbf9d4322a2dab16a40ff5ae07a964eab9f1da2658dbf130e27e991e486fc978e7399a191b26a6955

Download Submit
/storage/emulated/0/.zhulang_novel/log/upload_1716304406964.gzip
Filesize
167B

MD5
9a1092a08f1c0735ac97621b4e8d8415

SHA1
efdd037c857daedf775d02754bc96c48f8d47dd9

SHA256
8a2ad6797b34779e242a04fe5a74bbeb714625698051554fa17eb1701e42b787

SHA512
8372c95360f3df38d847c51cb774f5a9ceba038826ca5eba86d69bab78121b70b6bb412c5491a0b73944898272bc32a37cf86741ba0f83bbf7eed3a2d80004c6

Download Submit