Analysis
-
max time kernel
177s -
max time network
185s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system -
submitted
21-05-2024 15:13
Static task
static1
Behavioral task
behavioral1
Sample
63be972fc9f87bd2089c41932338e617_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
63be972fc9f87bd2089c41932338e617_JaffaCakes118.apk
Resource
android-33-x64-arm64-20240514-en
General
-
Target
63be972fc9f87bd2089c41932338e617_JaffaCakes118.apk
-
Size
5.0MB
-
MD5
63be972fc9f87bd2089c41932338e617
-
SHA1
f60066add98ac0946409fec04ae1c3f6d1cacc18
-
SHA256
2fd595cec1d47bf26e9f65afee4f9e18aeac18d638978d2a65e49c070785b425
-
SHA512
6b7d460b1fe5bb8e7e0352b7577dc49f0a4efdb83e9d341ce74e94a3d02f66fae8373d72b0b6f1460c2a2931df68e5dce5d68b03faaf9479e2d397f69d103285
-
SSDEEP
98304:DLlrQhyZTY+btfwIXtEAeZGzkqwc7De6gmdkqkhDFIDLojgloY+:9rQhFsdtdYlzOuhGDMjgl8
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
Processes:
com.kong.app.bookioc process /system/app/Superuser.apk com.kong.app.book /system/xbin/su com.kong.app.book -
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
-
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
-
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.kong.app.bookcom.kong.app.book:pushservicedescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.kong.app.book Framework service call android.app.IActivityManager.getRunningAppProcesses com.kong.app.book:pushservice -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.kong.app.bookdescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.kong.app.book -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
com.kong.app.bookdescription ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.kong.app.book -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
Processes:
com.kong.app.bookcom.kong.app.book:pushservicedescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.kong.app.book Framework service call android.app.IActivityManager.registerReceiver com.kong.app.book:pushservice -
Checks if the internet connection is available 1 TTPs 2 IoCs
Processes:
com.kong.app.book:pushservicecom.kong.app.bookdescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.kong.app.book:pushservice Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.kong.app.book -
Reads information about phone network operator. 1 TTPs
-
Checks the presence of a debugger
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
Processes:
com.kong.app.bookcom.kong.app.book:pushservicedescription ioc process Framework API call javax.crypto.Cipher.doFinal com.kong.app.book Framework API call javax.crypto.Cipher.doFinal com.kong.app.book:pushservice
Processes
-
com.kong.app.book1⤵
- Checks if the Android device is rooted.
- Checks CPU information
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
-
com.kong.app.book:pushservice1⤵
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.kong.app.book/databases/cc/cc.dbFilesize
36KB
MD55d7ea1a23af19b4340cc8d90f28297d5
SHA14cfe95b23a9e98378d69c4290af81b51fbe76aea
SHA256474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da
SHA51233071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b
-
/data/data/com.kong.app.book/databases/cc/cc.dbFilesize
36KB
MD5ce6135aa1b1fe4f2c2db2a546d2a5558
SHA179b59582154017aadab783dc266fcb158c252940
SHA2567b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c
SHA5122839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4
-
/data/data/com.kong.app.book/databases/cc/cc.db-journalFilesize
512B
MD5c64ee4e33469af8804ae4a629a057915
SHA18275467a6aea2ee3e05dbf4081da916db954d472
SHA256eb7520ef7493e0de167ea871055bce2417ec046e856ba0224a69ff4b23f57958
SHA512bda5894af70ced4b230a1d8dcdcb1981c1a56984287d1c6a9aa5c06e735d70fc850bb1566da865a158eba006b9198d632d0418e877f3441f4d1c41c112f53d4c
-
/data/data/com.kong.app.book/databases/cc/cc.db-walFilesize
48KB
MD5688744934b9319d698acb301cf672fcf
SHA1ff6d27cd1250a24aac8db662f0a39d5985e22b65
SHA2563ca93015d562bb88ad735617a6046360409e68d55f43f8861415ae4494f869b7
SHA512d9023e2e38f01f62327cd15d433d1e3087286dfd3f5af79646685716f9d81353ccc1a6a8a66719f7cccb81217caeb834861b39ae621fe73cefa5f5da0600adf7
-
/data/data/com.kong.app.book/databases/cc/cc.db-walFilesize
16KB
MD579798fcf16eb8190e52742dfd9a8beb3
SHA1162e55d9616db2271c37606deac020d1fa85e28f
SHA2562036c7ea98eb9473aa285f2332e2aba667b1c5ceb24df578d7052f1d593fedcd
SHA512c0a3e0944c5b811b1660b08aff6d841b4f027f84bdc3e59d849e9c78d2fb7d7158cc55ede6867660052f7659fff30618c91fa91ddfd8264cf864572dc3862caa
-
/data/data/com.kong.app.book/databases/zhulang.dbFilesize
4KB
MD531bf8b8a4e14cba18299109fd11bda04
SHA12b188849ae988b1f0cf04635c2743a5691d70a64
SHA256c530cd5d936f53201e725a030b59f26ab3a6c9f2c53995745787124bbe23aedb
SHA51278cf9fc5fc9d683fd36e0b74ee1d97b22686e1c05017ad4752806bd63f14566cebebde69790a9c01c2db47077e0f203ed4081e08746f1eb898199d63a8617c37
-
/data/data/com.kong.app.book/databases/zhulang.db-journalFilesize
32KB
MD5d5558fde1bdf00fa2aa1444556b204ad
SHA1ddfe8648cde75525feed3c3262e61d7eb3599a91
SHA256cf5c998de5b7283e975f2c8eed7531ce84a61eb267a739157d6d8b2806dc59a9
SHA512e31920af9c094e9f30867f0759ffcf40031f59813f2319d3d68e9f7813c05a9d6a251357739327df9dc5c6bc27657d0c63a7f0eb065c28fa28ab430b9b848018
-
/data/data/com.kong.app.book/databases/zhulang.db-shmFilesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
/data/data/com.kong.app.book/databases/zhulang.db-walFilesize
72KB
MD5eef0532f5aa4f8db0609fefbfd5d9827
SHA1f632f503d699bc924074acbb3726926669862d01
SHA2566359048b1226868d194ac438d70fda4e940e3a49767ccf76bb9a0b339c4de22b
SHA51288a6ed9804d9dc65e3a8a9a95fd4b133c6e284ec2df8b4874c1bbd39e940204bac81a2e60b133b337cabd9e4f979030f36e7ce626801277dfcc3d4d2232dc04d
-
/data/data/com.kong.app.book/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664CBA07021F-0001-1072-67826A6258EABeginSession.cls_tempFilesize
79B
MD5d5818a49a84c081d833f65ebabd518b6
SHA1febf3f7ea96b1c317c7cab013acb9f4357cd1edc
SHA256195c1fd2b7acdfd4d2b1d83be18b5fdc7c2c83b40ae0aeec036dfaa343486d86
SHA512065b97a1d829ca6d37686d4b91d1960fb96e78a32642da24dd61b1e351414b74484deebfb55ad892dc97d46deaeb24c04e23608a8a1021acaefbd5faa04776c3
-
/data/data/com.kong.app.book/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664CBA07021F-0001-1072-67826A6258EASessionApp.cls_tempFilesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
/data/data/com.kong.app.book/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664CBA07021F-0001-1072-67826A6258EASessionDevice.cls_tempFilesize
88B
MD5edaca6f2019e1408ce705da1c3515ae0
SHA103521cd9b7b57ce50e1bf7e76d6fa3cf36e7e7b1
SHA256df3efbcecb32dc7ca0f3e7640964ce24e6c8168a2189eefb773ee8376edb09bf
SHA5124105060b1e53d91deaad2e34892c4fc6c18ff02bbdb854a75526ac7d1c4be2ecb5db2c0f231a2361489ed375a8563737696ccc4a1156757707c7cd97828ddcf0
-
/data/data/com.kong.app.book/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664CBA07021F-0001-1072-67826A6258EASessionOS.cls_tempFilesize
181KB
MD58a56a1e73c5d9f751ff49528c7ef3fda
SHA1605cf722adcff47c2073bbb51209a1873cabffef
SHA256570fef237865835ef6fc19d4df763fe3903d2afcdb9f97cec7d2fa6cf4720cf3
SHA512185af868b428a5ba524cc29cebbc80a583739b62871017b16d7619a76972bc0ec40c6e30732808b12208c2ca713c873bbf739c4db5fae1673871493677ccf830
-
/data/data/com.kong.app.book/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tapFilesize
423B
MD5b380db27cebfcb114c94604699315248
SHA16d31a1965f2bef60fd983ae5d4e6fcefec0b761a
SHA256af76f27e479397755eedcd0e3a1e8c0be5c5ff368f7da1c07330792bd300f38b
SHA5129e41d373a9300048c1e558b3aa6ef10b8004fb46f2c4c8011796d3b4ff16148a12386436430e1e8150b88cb776adc7c8fdf77cb34864c32ca42f2ca73ac40177
-
/data/data/com.kong.app.book/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tapFilesize
2KB
MD5a462130c839e72feff3268e264fecf99
SHA1b44571c8bd34e351729d9fb186e3f1980fc17fa6
SHA256d04a38386e3f9f541bd415bbf65c4c4a91f094313070365e6f651eaff17ddd30
SHA512c9605344689d8b46e2d93807ca6d72d4b9483400796136503e6890c2286b159346a94c899064891fb67f4a413d10ec9e1fe34a2a4c30ecabcc6690aa3a52a3cd
-
/data/data/com.kong.app.book/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmpFilesize
16B
MD5c33583fae4e0b61cde1c5b9227963237
SHA1fe2ebe4d27469af1460f7e852031a04208ef629b
SHA25635c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc
SHA512fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e
-
/data/data/com.kong.app.book/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_7c666ec4-077e-464b-acfb-fff45a5dab85_1716304392543.tapFilesize
342B
MD5f2cb377b8ed3a1735a79396104ee3b9c
SHA1fad82712cf3d4d2aa082e21efe2237af9757a74d
SHA256157fe2a09e15bdd324c912e884e35694af57075e28b1eaab7627192fab63f93a
SHA512f7dda6519439a31d8297370a13b9fa1f581bb3c50a7fc65d091509b1a794edb5f5053e05ccef375bbbbcd9261e793965388a812ff888e57cf0a5480ea4d86789
-
/data/data/com.kong.app.book/files/.um/um_cache_1716304514821.envFilesize
1KB
MD589502cba814c18c1c0a4d915653b6c83
SHA10eda3ad647ccb5c0b62647ff887617da804cbdb0
SHA256e45aba127658041046299e878756cc5b6821fc672a8f2661237eb9ffb1fbce26
SHA512dfe16822ea5c0fa48f14769835733dcbccdb6bbeda1cbca0cf0d382b81844c16d609ebb0e8d0d86b7a8548d9e58b432796ba39a1e4d40f1778351356d20a467e
-
/data/data/com.kong.app.book/files/.umeng/exchangeIdentity.jsonFilesize
162B
MD5bd77b3fbc8a757f5964db81cba95c30c
SHA15a929f8689f40bc4cb4804f9376fa9cf4a2aa01f
SHA25615994c6cd6cfebd527c24d9ffa0eff7d6eaca46ab97faeaa930e17faedbadf3d
SHA512f913e219bbd63007e7c87cde34d444aecb04eacb39a3d80b97cb8e88c7326d0682a7a268bd5e221cb8169cfb31fd7e2dd36385a28ded7327cc22f2f35c6b5921
-
/data/data/com.kong.app.book/files/exid.datFilesize
59B
MD50d539b171c11a63b0614e822ccefcc6c
SHA1d932799b8a679e9fa4ce7bad959d5727a8e7172e
SHA256992b1288f483e09f60d26f9cbb3d822dba25c6b1b69d1ddc846d5464a2e99add
SHA5127c942a28d3e6674eae43379afd42a58c6cb27496975adb70f8448b8a1826bac4445b68895fe396e640367363b72c5df0f3f96a3b0db91f478a4a70138c1de319
-
/data/data/com.kong.app.book/files/mobclick_agent_cached_com.kong.app.book1000402Filesize
2KB
MD55795577f6682bd8251c765d405c0416e
SHA1130eda7a74efd3c8d47ca5e8018ca17d1a9c02ed
SHA2561820c4166e27c14f7e7d52b9777224e0b512bba78e5aebcce481ccdb494e39a4
SHA512603aabc7a11403db9f724840493aeaf7784c1bc9ae33744e8a9c9a51d5b54b881ca42414ecc69f50ef5643925785c8eb7d79e101f38163d26d49e3c1c81ec213
-
/data/data/com.kong.app.book/files/umeng_it.cacheFilesize
415B
MD52e0c62ffe6f2a169ebbbc518c084ea7d
SHA182ced8d897339be2d25c878ae1e1df986272c20a
SHA25606388e375f35df4b5ee65114ef037239ff20f24d7101f6b071066885abec77ae
SHA512b89703b3967021bcb9d0fbc047f92cb102295af8bb4c5bff84c2f16f80a687c88a61ed796dfdaea396eeda16280b5f0c8762aa857e93942e17b4730fc552bcfb
-
/storage/emulated/0/.zhulang_novel/log/1716304392579.logFilesize
166B
MD51a78e01f60db92403a20dea1c504af8c
SHA195372b1937dd1e8282b913cf5ba0a6dc84a4bfbe
SHA256c5075646c802825a7bc3f0363a2d4f15d3e79504fe1debc42ba950acf5ce4f3c
SHA51279037bbda03dd83e52b1f101715504f95a59e729f95dfa9bbf9d4322a2dab16a40ff5ae07a964eab9f1da2658dbf130e27e991e486fc978e7399a191b26a6955
-
/storage/emulated/0/.zhulang_novel/log/upload_1716304406964.gzipFilesize
167B
MD59a1092a08f1c0735ac97621b4e8d8415
SHA1efdd037c857daedf775d02754bc96c48f8d47dd9
SHA2568a2ad6797b34779e242a04fe5a74bbeb714625698051554fa17eb1701e42b787
SHA5128372c95360f3df38d847c51cb774f5a9ceba038826ca5eba86d69bab78121b70b6bb412c5491a0b73944898272bc32a37cf86741ba0f83bbf7eed3a2d80004c6