2fd595cec1d47bf26e9f65afee4f9e18aeac18d638978d2a65e49c070785b425

Analysis

max time kernel
179s
max time network
188s
platform
android_x64
resource
android-33-x64-arm64-20240514-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240514-enlocale:en-usos:android-13-x64system
submitted
21-05-2024 15:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

63be972fc9f87bd2089c41932338e617_JaffaCakes118.apk
Size

5.0MB
MD5

63be972fc9f87bd2089c41932338e617
SHA1

f60066add98ac0946409fec04ae1c3f6d1cacc18
SHA256

2fd595cec1d47bf26e9f65afee4f9e18aeac18d638978d2a65e49c070785b425
SHA512

6b7d460b1fe5bb8e7e0352b7577dc49f0a4efdb83e9d341ce74e94a3d02f66fae8373d72b0b6f1460c2a2931df68e5dce5d68b03faaf9479e2d397f69d103285
SSDEEP

98304:DLlrQhyZTY+btfwIXtEAeZGzkqwc7De6gmdkqkhDFIDLojgloY+:9rQhFsdtdYlzOuhGDMjgl8

Score

8^/10

collection credential_access discovery evasion impact

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs
evasion

System Information Discovery
T1426

Processes:

com.kong.app.book

ioc process

/system/app/Superuser.apk com.kong.app.book
/system/xbin/su com.kong.app.book
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.kong.app.book

description ioc process

File opened for read /proc/cpuinfo com.kong.app.book
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.kong.app.book

description ioc process

File opened for read /proc/meminfo com.kong.app.book
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
collection credential_access impact

Clipboard Data
T1414

Transmitted Data Manipulation
T1641.001

Processes:

com.kong.app.book

description ioc process

Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.kong.app.book

ioc	process
/system/app/Superuser.apk	com.kong.app.book
/system/xbin/su	com.kong.app.book

description	ioc	process
File opened for read	/proc/cpuinfo	com.kong.app.book

description	ioc	process
File opened for read	/proc/meminfo	com.kong.app.book

description	ioc	process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.kong.app.book

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

Processes:

com.kong.app.bookcom.kong.app.book:pushservice

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.kong.app.book
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.kong.app.book:pushservice

Checks if the internet connection is available 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

Processes:

com.kong.app.bookcom.kong.app.book:pushservice

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.kong.app.book
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.kong.app.book:pushservice

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422
Checks the presence of a debugger
evasion

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

Processes:

com.kong.app.bookcom.kong.app.book:pushservice

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.kong.app.book
Framework API call	javax.crypto.Cipher.doFinal	com.kong.app.book:pushservice

com.kong.app.book
1⤵
- Checks if the Android device is rooted.
- Checks CPU information
- Checks memory information
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4348

com.kong.app.book:pushservice
1⤵
- Queries information about running processes on the device
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4446

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.kong.app.book/databases/cc/cc.db

Filesize
36KB

MD5
b986a138e325f9ed31653e246087baa6

SHA1
1cda06c101efbf7c89305f44b552e38282225064

SHA256
6945d75275af161fa082eab8b348f4cdccbab03854963f5e861fde210447e058

SHA512
5894180006885af44962dcd92c6f33a640d6080060a51a38ee4e348ee2dafe9abdcf2a931cfad4c395ebe20e08b96f810ca54b5b1f584fa232cdabc76be0740d

Download Submit
/data/data/com.kong.app.book/databases/cc/cc.db

Filesize
36KB

MD5
1b77217d803a7c04af9466680b92d104

SHA1
0cb959f4773c6730e8aed5746706c0f3ecb35c1f

SHA256
66c83ae35e997c33eaffe9c0557d98ee31931c18b99585a64eb6cc8f63d303e3

SHA512
39ea189895ca93855bb71b4a5447815e9373ffd39b50611ac172ae321ee7716fd4af5f86c1fd0d17e12b771f4016a86184620a7c5d07f57b88f017c4ce8312ec

Download Submit
/data/data/com.kong.app.book/databases/cc/cc.db-journal

Filesize
512B

MD5
e4139bc72e4edc14b42748c2ac818801

SHA1
08d28e6e7a3792fb38f73673d88b811e99fc3dca

SHA256
d27e49557201361e47ac0517c49d049925e0980ea9abab8e1e07c167e2b373a3

SHA512
4f651dae800ea951e53db9f4a610ef4b22ed17d8892060689c2bb4ed666054d87593ceba34c6d81c56598f6f61a753aec1ac7a0da085dcdc751b9ec96c96e0bc

Download Submit
/data/data/com.kong.app.book/databases/cc/cc.db-journal

Filesize
8KB

MD5
1fa1edc2dbcf4f985fde4e2d1a569b5c

SHA1
f125b0b1f683212979d045bfc4dc976dec607106

SHA256
5d8f5ca3bb6aabc46a2c986272eba43ae9989bbde5f2f86b7a90498e1f7d19fb

SHA512
a62294e751a3ce43eadd6fe5501a5c20fc5419dcc7f377f613751c7d8ca24efcc68deb7f6390a0df0bdf733855417c5d7d35faea52536597de2e04452078aa41

Download Submit
/data/data/com.kong.app.book/databases/cc/cc.db-journal

Filesize
8KB

MD5
d3db0df76e675707704ac08cade98057

SHA1
69489e050e98ca0f80202d71ff5f031321926ea2

SHA256
2f9d9ef2712b51ca591b7a33d9560233bc9adcdd635108e42b6b2474a9ca3719

SHA512
0c7a44e21b01456906d1b9e66fa06e2aa4a5dceb36acf203bba5c80aee9b38d6e676d8462ef3b237f2c8ad6634e37e17a252d491f99d8b3a8ec3c3c3358fe953

Download Submit
/data/data/com.kong.app.book/databases/cc/cc.db-journal

Filesize
8KB

MD5
dac9a32323d33aa65e304112907f9596

SHA1
9b3e1c7325c7796c21353975ae29a7c19b100538

SHA256
765e25024165deae4bd020a229a859d2f2b71b4e6c0aa94e789eae50983f61fe

SHA512
baeea7b73d3cbb7c5f9d438851a2f1cb876766ff76d796c6dc21b5ca0511d28a470a6e8af4d9cefbb474aa12977d69acc3a8dc3b015ff21b9beb93786261e158

Download Submit
/data/data/com.kong.app.book/databases/cc/cc.db-journal

Filesize
8KB

MD5
1ebac01b7f39976f419b4b9790170a5b

SHA1
2d28721739fcfd26973ec0bee4b52989d77618ef

SHA256
ba15aefd2502773094a8ffb1b561107470c78629dbaa78e508ec941344f6a3d2

SHA512
03ea5a8712273f86c7159e7732bbd1ad61c4aa83aef2d38dc04bb2dde4b732d43e996c94f14074831a462f1f522b6a5f1a54d717176aa75499775781681cf28d

Download Submit
/data/data/com.kong.app.book/databases/cc/cc.db-journal

Filesize
12KB

MD5
d38b93dc4e600c2eea8cdd930db6bf8d

SHA1
94cd7198839d795c4d3462db994c40a2659584f7

SHA256
8ea14fbc6966a027cf51a51db3ec1ae58a3deb2a1bb8ca9260f5f3b293a228d5

SHA512
78f891bc1abe13c97ef540a16410db9f08bdc7ec270f0b7f12762971656ab6c6b4ad00887ceabd38d4424209d043747d502590eae8505b5e033fc4b608512fe0

Download Submit
/data/user/0/com.kong.app.book/databases/zhulang.db

Filesize
60KB

MD5
ffafb1030f49a309fdc76b40495ea085

SHA1
683464f9ed9dc6fdddcb4f0941af64995f077374

SHA256
409704cc0ee2af4098a821b10876acadd10e924813c20c965891b2c1771bd98f

SHA512
135ad311d0716fdb068eb46e6e8e068713cad06fe5b30206c2130315b2526c4a1908b26ec06b179382a946f81cdc10b9d88aab417ef296f65607609c58302932

Download Submit
/data/user/0/com.kong.app.book/databases/zhulang.db-journal

Filesize
4KB

MD5
460813b6b56abebdfafb41cfbf7a2afe

SHA1
8643d68c0a0248a561e6843daf2f00c874ed2e65

SHA256
f5ac5e852cce2af8d8edf866e95ee941753a971f61a303871dbdedb335172731

SHA512
ed64fa07f059dbc6813659439ed5edbadd4efeb7ebf77273f999f7aef5af6c99a4fedcde32eb49333aeb2a1292e76e5e6020d9323ab2bf876c26aa95809f67db

Download Submit
/data/user/0/com.kong.app.book/databases/zhulang.db-journal

Filesize
8KB

MD5
670eaf84e262071d14c7f7739fa7a1a1

SHA1
b103af9c837959a99cd13474d42b57a93448dfb1

SHA256
38bfe11624f5372c0cabadecea7186e0069ec097a109ed45248df256e7449ebd

SHA512
40b9cde22f1d37f2e7c2ed298e12b1d84d6608f6e5920b7c36f35741b1cb43a0796582c12b409fbc8c9c875ffd6ebebfb030e016b16d05ec184e83b51ca76856

Download Submit
/data/user/0/com.kong.app.book/databases/zhulang.db-journal

Filesize
8KB

MD5
ed8968fb35bd10080505753e0126a4f9

SHA1
f778ee3704237ba40773d58c45b5d9eb124620db

SHA256
927759e7e3f9682eece3b3b0bc7e18c72c88f594213c9e8f01b6e026ce39508e

SHA512
6daf99ffcfb9951a58b90f1b728210fe3634250fcec5823ad9f6fceb344885b499b756ca59fb52141a2de54c48ca4a447a31d1953f3d9418cdfe3ee85987d6f3

Download Submit
/data/user/0/com.kong.app.book/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664CBA0B0084-0001-10FC-D28FD3624871BeginSession.cls_temp

Filesize
79B

MD5
9eb9a05851ada73a13b40143a2ede214

SHA1
b0c5c673137ff08a8a8d27579806eba90bdb1131

SHA256
7374ea8878b6fd467995173210d53bd84978689fd32471412f8f369f66046342

SHA512
a4776fc01a3d2e919c1419114769c2a29f67866f954fcea6954c2508d66c9a9efd065bcc53a8e5960f968c6fb09ce33a0bfe1caf128633e7d6f9932f80ff0d51

Download Submit
/data/user/0/com.kong.app.book/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664CBA0B0084-0001-10FC-D28FD3624871SessionApp.cls_temp

Filesize
48KB

MD5
c1136f2591eadcd0f2850013491a8267

SHA1
bed4210af886fd17b7dba6f20237acc4e4dc0c61

SHA256
58c553b73aedcba4e21081dc8d06a3e6319fc114d11e0a3f075ce32885036625

SHA512
c4823ec8745572a70c32335b3c6a993b4853ace5c1ee1040c5f764cb902b205ee5cc0262669529c45ffd533689d34cd8e4c1f8aa2deb02671000081c8f405b6e

Download Submit
/data/user/0/com.kong.app.book/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664CBA0B0084-0001-10FC-D28FD3624871SessionDevice.cls_temp

Filesize
8KB

MD5
a6530f68512ce9339222ef11ba82577f

SHA1
bb657b0224f8aaa9cc5dcb4f59c474c118542fba

SHA256
e24fb863f4833cc17f462ad8e541249087baedc3429d282e63cd07a64980e47f

SHA512
3f5c9654b90e8c874351dda8556e96bedda855f3589782264085f951f0bdba93cf84ced8be210b644fae77fe86cf28e2509bead2fd4d4e2961c7220e5a195cba

Download Submit
/data/user/0/com.kong.app.book/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664CBA0B0084-0001-10FC-D28FD3624871SessionOS.cls_temp

Filesize
512B

MD5
be3b42479d4a44ce68bca94e19afa0c1

SHA1
be1476d079abd98cfcf0a9bc9671d627ac94908c

SHA256
d039d8480918d6056689327bbf68ddd25ccaf690fe05c171d9b90f1065b51157

SHA512
47977562d5a60cb259d10f3ffb4795a86c2240d45dff2f8d98f619eb5948913a9cdd6a3a66a2ffafcb3d31216a5c535720fdaa72374662e8c3647dddc81f04d1

Download Submit
/data/user/0/com.kong.app.book/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

Filesize
425B

MD5
9b07f1d255e5b4715197fe1dd4a57cba

SHA1
08a4b444163f3649188efe3c5bc17328b47ddff0

SHA256
a6b7778a52a59e5604d0b5c0b673d6690be6c81edbf5d905dd8d73c244fac8a9

SHA512
76880de01f93b1f3e1083a8b7a107d48c992e13623df6565f6dd56e60b37052d323bf4d9c4adcd1d72a8be41c5db20d78d998799af6c0ad92a863e8076085b4c

Download Submit
/data/user/0/com.kong.app.book/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

Filesize
2KB

MD5
bbd2e88ecc0d12f5d632d1cab49730ac

SHA1
f6d9f2a3d088056ac23dda86f5ecfacd72b8d64d

SHA256
cb4bc03a6329e7e8fa428369609673c17296ad35ea70748790500eb653d371be

SHA512
b31bee4f8eaacd1d9e928b25cd7f9c584dde0eb4d0e41a2a4e7f1ecf0e627d9c63cb14b7601ddff454cb7c1230f7f8231714d75117788999b2f6dd7b33e3f891

Download Submit
/data/user/0/com.kong.app.book/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp

Filesize
16B

MD5
c33583fae4e0b61cde1c5b9227963237

SHA1
fe2ebe4d27469af1460f7e852031a04208ef629b

SHA256
35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

SHA512
fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

Download Submit
/data/user/0/com.kong.app.book/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_e426dc7e-5fe5-40f5-beb3-f525ce1169b2_1716304395852.tap

Filesize
344B

MD5
264e490d552fa749811dd9f3282e163c

SHA1
f2a7746b6573ff85076b3b5cadbf422f63e3e85b

SHA256
7774c7e2911dca9bd030f09bdb87672803b010b6bf68d5c9f6e053721ab7b6fb

SHA512
c4186e109d90a9d46c3ee2916320d77788864814af4af5d1e82aa911459ae79bc171903428f0e797311129f6dc71430bd2d4309dafe0ff77819fd343e184dd55

Download Submit
/data/user/0/com.kong.app.book/files/.um/um_cache_1716304518234.env

Filesize
1KB

MD5
5b0a06ef2915bc9fa97751fe3c0b5922

SHA1
a57f00564806a5df086c9708a5ce96abc59cad3c

SHA256
972325eb0e5acbaeaff7f559e872e163abb8e9595e3304f663c4154bb15f50bf

SHA512
838f30c3e7d2fd430444d21d29329b8ec8a79870abf843bddd058490a495faa5b5becf9c3fa0975738e4873328ddbe97fbc7c462b6348bca9d368c518ac1c0e6

Download Submit
/data/user/0/com.kong.app.book/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
0bf7fd598732c22fa0317ac838c8c440

SHA1
69b35f55ae814883cc7bea0a470f9a973e5ae317

SHA256
22837cdb3873e7e30ce7815c8d989675f4834e3cccd3519e1e3eb13afc1a51f7

SHA512
19efaf71511ccd412e5a9e5340012255900e44f6369acf49c800fd4d909d43ba56b9ca505c0d46b321616d9fe2a5c3ac5ee45db828c376210eb1a2e3cd7d0914

Download Submit
/data/user/0/com.kong.app.book/files/exid.dat

Filesize
59B

MD5
0d539b171c11a63b0614e822ccefcc6c

SHA1
d932799b8a679e9fa4ce7bad959d5727a8e7172e

SHA256
992b1288f483e09f60d26f9cbb3d822dba25c6b1b69d1ddc846d5464a2e99add

SHA512
7c942a28d3e6674eae43379afd42a58c6cb27496975adb70f8448b8a1826bac4445b68895fe396e640367363b72c5df0f3f96a3b0db91f478a4a70138c1de319

Download Submit
/data/user/0/com.kong.app.book/files/mobclick_agent_cached_com.kong.app.book1000402

Filesize
1KB

MD5
5d23b1f08369af5564f682bac87091a6

SHA1
7280849c9e041e889fa2a6399d18deab25f0da7a

SHA256
da4ab322be4952d8074dce6eb57575c88f51d05b9cebb8ee05ae2f6b45c0cb7e

SHA512
48a042c73ee03c56eb875cdaef72d50c2f79f6a67829cb946b6f839bc9d1750292a9e23e9226a35744c17c13d26e160a888f5638717808ab61683d2924430510

Download Submit
/data/user/0/com.kong.app.book/files/umeng_it.cache

Filesize
350B

MD5
c6c81e0c9b7d9d9c4854d5e4055f3d93

SHA1
1a3be079b5d27a397a87391b6abd9233e52f002d

SHA256
7ab54dafac3c56ca5f014a016a6b1914ceb55055d862ede0c70884158dee07bf

SHA512
979911c702ffdb975cb46f2aa402badea6d6642b64b499e6231fc90c79cbbb7d3d2eb3356815ecda3765cd27e0217cd1b9250a2d4d276667984fb90547868c42

Download Submit
/storage/emulated/0/.zhulang_novel/log/1716304395877.log

Filesize
167B

MD5
f464c5c5c3665fcd557236faff81a88f

SHA1
5c32a1a9849bca6010b73f447b0c0c23ea54c6ff

SHA256
ae61685864808a42387b482c7cef3501aae82d09320c2348c89887a07d606d14

SHA512
62618933dbba27604a1f410cb79a198cdc1a7fa56fa2c8c36339a0adae10e98709ce920e07bf79f4c3ba409ff91c43d370343b854192021e6e1b14a217cdcd7c

Download Submit
/storage/emulated/0/.zhulang_novel/log/upload_1716304439245.gzip

Filesize
167B

MD5
be974e6bac01b4a11b0c7799771c48e7

SHA1
ed0ac6a289818886a3d6f8549cff722622fce06c

SHA256
f8f46d19137a3d12aaffaa54f0a8a5b6e01c42fe5400b32f475a3aac7007721e

SHA512
ded67c682195709a04e2e9ec4aabb103e011b8174e7253921af137fa9b14726b7068c1241f1a1710df3f95d5ff570279cb2008525a70675767aefd3ea9581405

Download Submit