768b7958e37e840af851d66a92d5f1e9832cd4900f399104f37bcf3c7e89bfbc

Analysis

max time kernel
172s
max time network
181s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
22-05-2024 01:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6583916fdacf16bf82776bbe86cf38bc_JaffaCakes118.apk
Size

12.4MB
MD5

6583916fdacf16bf82776bbe86cf38bc
SHA1

b4d9007946d4c4dc354ef53e1318a68e856ba2b3
SHA256

768b7958e37e840af851d66a92d5f1e9832cd4900f399104f37bcf3c7e89bfbc
SHA512

82379c2609751b7b4235cce82151a84c3a1918e60868959eb0a0bcd8a0a2ef693516bae2bd0f671f7886c69ddcda52f68a444279d3178673863261d49f86131f
SSDEEP

393216:9MKt/m4wmrGbq8PRgxP1GF3SP5IsUss4bU:Gsr98YUFCP5IsUss4w

Score

7^/10

discovery evasion impact persistence

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	cn.zymk.comic

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	cn.zymk.comic
Framework service call	android.app.IActivityManager.getRunningAppProcesses	cn.zymk.comic:pushservice

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	cn.zymk.comic
Framework service call	android.app.IActivityManager.registerReceiver	cn.zymk.comic:pushservice

Checks if the internet connection is available 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	cn.zymk.comic
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	cn.zymk.comic:pushservice

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	cn.zymk.comic

cn.zymk.comic
1⤵
- Checks CPU information
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4255

cn.zymk.comic:pushservice
1⤵
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:4292

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact