768b7958e37e840af851d66a92d5f1e9832cd4900f399104f37bcf3c7e89bfbc

Analysis

max time kernel
172s
max time network
181s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
22-05-2024 01:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6583916fdacf16bf82776bbe86cf38bc_JaffaCakes118.apk
Size

12.4MB
MD5

6583916fdacf16bf82776bbe86cf38bc
SHA1

b4d9007946d4c4dc354ef53e1318a68e856ba2b3
SHA256

768b7958e37e840af851d66a92d5f1e9832cd4900f399104f37bcf3c7e89bfbc
SHA512

82379c2609751b7b4235cce82151a84c3a1918e60868959eb0a0bcd8a0a2ef693516bae2bd0f671f7886c69ddcda52f68a444279d3178673863261d49f86131f
SSDEEP

393216:9MKt/m4wmrGbq8PRgxP1GF3SP5IsUss4bU:Gsr98YUFCP5IsUss4w

Score

7^/10

discovery evasion impact persistence

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

cn.zymk.comic

description ioc process

File opened for read /proc/cpuinfo cn.zymk.comic

description	ioc	process
File opened for read	/proc/cpuinfo	cn.zymk.comic

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

T1424

Processes:

cn.zymk.comiccn.zymk.comic:pushservice

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	cn.zymk.comic
Framework service call	android.app.IActivityManager.getRunningAppProcesses	cn.zymk.comic:pushservice

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

T1624.001

Processes:

cn.zymk.comiccn.zymk.comic:pushservice

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	cn.zymk.comic
Framework service call	android.app.IActivityManager.registerReceiver	cn.zymk.comic:pushservice

Checks if the internet connection is available 1 TTPs 2 IoCs

discovery

T1421

Processes:

cn.zymk.comiccn.zymk.comic:pushservice

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	cn.zymk.comic
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	cn.zymk.comic:pushservice

Reads information about phone network operator. 1 TTPs
discovery

T1422
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

T1471

Processes:

cn.zymk.comic

description ioc process

Framework API call javax.crypto.Cipher.doFinal cn.zymk.comic

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	cn.zymk.comic

cn.zymk.comic
1⤵
- Checks CPU information
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4255

cn.zymk.comic:pushservice
1⤵
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:4292

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/cn.zymk.comic/databases/.ua/ua.db
Filesize
32KB

MD5
d604a3bf1f8d992cc320ea5b1f7609bd

SHA1
247f88df0b55c7d523ea5398637711a0e4a483a4

SHA256
329940b4d46326d58e73c842dd099704061d0ef7338777bf31ad895f29013c17

SHA512
67e28f6713cb5c238a9664df128f01a89a2efb7c8c9330c1e45bc0d40ebab81fa20df5166743d84d81dc0386a89ff0329f022281c098339baa2e851ff0a1e1ab

Download Submit
/data/data/cn.zymk.comic/databases/.ua/ua.db
Filesize
32KB

MD5
3756e2af9e3be1c8220d30ba94a347dc

SHA1
88b63030f765d7d551d6e883d15c6a835877b5ee

SHA256
4b1ede6abbdd006eb647c5da055876e1edc0ae21090fdad8efdb7bfff861ea26

SHA512
6f8491f032652a572b63a9ac45e73c49a3e1f639500fc7a96a75c54768bc466a0e14f4cb80403e0c8258b4eef7317741bf9dde9b33c7f2d6087c6c4b448381fa

Download Submit
/data/data/cn.zymk.comic/databases/.ua/ua.db-journal
Filesize
512B

MD5
cba0f383582cdb8b243192ab605d3040

SHA1
ce92b463eb711ecb0e4956c5c98426f8b83fb907

SHA256
9a84840331003fc975fbb724104fc152592879a8acdc59a8a5df5a8cf9d4f885

SHA512
7461f1c74011f43b8a607953f97d8b36d7ec84727be23cfa4ca55f59a2dd5fee35260c00e90b152fa7674a1871df10dd1db582628b6e37d277cc511aa4c816df

Download Submit
/data/data/cn.zymk.comic/databases/.ua/ua.db-wal
Filesize
8KB

MD5
ee966261eb6f9b1c28864358d2236426

SHA1
147d3badc353dbbc680135f175d329afb098f2f4

SHA256
78c657b56cd58fcba03a7f610995bfb02655c1bbc653a999802dadbe286f1416

SHA512
3c1e117eba5158f3498be8e487100830c4ea87d7d548ad3595e4fa3c0534d34242d2575e04a9460b7275ddc5ddd3204280732a533ded0d1ea204c01c3a2b6076

Download Submit
/data/data/cn.zymk.comic/databases/.ua/ua.db-wal
Filesize
56KB

MD5
3122051d8b199225f32fb395c8d2e5a6

SHA1
0c4fce10121b7e717a9b55423a8b05d7e0b9674e

SHA256
0ad0d644c7314bb42a092bf937a08f19e839fa9c97dcbfcb31905bc3f2da1ccc

SHA512
03032cfb214e4a094cae44a791670e31dbc212e7e51c8257bd9e6c69264a9e549d3131373dd7af5cc254ca4a02913aaeb863aca4f76c5baae24e5ba01657355b

Download Submit
/data/data/cn.zymk.comic/databases/cc/cc.db
Filesize
36KB

MD5
5d7ea1a23af19b4340cc8d90f28297d5

SHA1
4cfe95b23a9e98378d69c4290af81b51fbe76aea

SHA256
474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da

SHA512
33071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b

Download Submit
/data/data/cn.zymk.comic/databases/cc/cc.db
Filesize
36KB

MD5
ce6135aa1b1fe4f2c2db2a546d2a5558

SHA1
79b59582154017aadab783dc266fcb158c252940

SHA256
7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c

SHA512
2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

Download Submit
/data/data/cn.zymk.comic/databases/cc/cc.db-journal
Filesize
512B

MD5
03ac2c533ed5e9d590320a3665d7064c

SHA1
de0f27c9e38cac27875eae0ae45921ed039b199c

SHA256
f922cc3d73bdf6062931af6c50d4a3d001ff52aa874459575007fe0787022354

SHA512
1d31f5ee49a715373a98d59a93e95fd4e2a4aa42a8b22241aca7b526801901a40d9330f73e142a167f7e41b96d6b14e484bd7855dabb159a39cc6d749b6ad882

Download Submit
/data/data/cn.zymk.comic/databases/cc/cc.db-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/cn.zymk.comic/databases/cc/cc.db-wal
Filesize
16KB

MD5
51814f13edc4097909ab59ded975f072

SHA1
cb7c4a1e837e775356bc7b2128080b8741ecbdb8

SHA256
66047950d06c589c8bccd0dcfae20d2d8877beb1023c037cd931903c0b0fff25

SHA512
f95e0f1378199e7e4470d14a99b70f51258fea5c08be48d99e5fd497e9a5da054e88f6c35c231d91215f20e039a54d8c59de20dd4ae24e4aa5d64bf6fbaa0788

Download Submit
/data/data/cn.zymk.comic/databases/cc/cc.db-wal
Filesize
48KB

MD5
add8eed1dfdc7cdaf69072087ebb7f6d

SHA1
54d1d9f64be7570129beee72c2f797d555b55a81

SHA256
9aac95c37a834ed7a1e78e9439578fdfe8007df2f1c858493506d7b6e8830bed

SHA512
f7dd5fbc0c3238d3461a517af28744c6ee8a73643f972651cd7d3dcf022e63c025525a3883f059dd6d6921d86cd7de82ce72ad515c5274a328af01475389a11c

Download Submit
/data/data/cn.zymk.comic/files/.um/um_cache_1716341236192.env
Filesize
1KB

MD5
6b9b56e78ec6c68c044bfe238712a559

SHA1
de3f9217946dfa23d67f902e8998e69485fc98f1

SHA256
1f34da0e6cc11e2972e04d4e576252ca7259a1eb6041c3d4088ba2386326f196

SHA512
ccee7d8020cbddac0ceb5cb9008d4cde4987101911e0fe8d86e82c3b80ec199d87c8cf819f8e4c4b562227d8e6afead4c1bd6034dbd709f32232ca108257914b

Download Submit
/data/data/cn.zymk.comic/files/.umeng/exchangeIdentity.json
Filesize
162B

MD5
fcc6fc980ef30b4795bd85025e1d3a11

SHA1
b82a50e87ed650c3843da133bd97167074ee8ad8

SHA256
b13e5fa69c228dab2508e84ee5bfc498cd0793789b17de0a01d0380b24343c87

SHA512
951afe64e93524d81ca907ebb458874c18a7cac1903e1cd9ba86935c07cdc861e502c4e34333e5e75ed3b07159d4efce3be90dc9838d8799394db5254fd98a5c

Download Submit
/data/data/cn.zymk.comic/files/exid.dat
Filesize
58B

MD5
a8bc281c9812b4ac4ddef490ebc28b39

SHA1
d68969c9e98b01b85d7e76bf4c5642447af2f0ce

SHA256
a1ff8ce5af3c9e685744f1ea8cbb2ce003a0f9ebab7e516f45b3bb57798ed54f

SHA512
d5d7b7c190e145096ee6935e08879d19c6632578d21db04ed14ba58ed9bc05ce33d9e33daaec60561ccadccb3fa46810e75e27ab7afd321f4bdf89554ccb973a

Download Submit
/data/data/cn.zymk.comic/files/umeng_it.cache
Filesize
498B

MD5
2d75321f521e5bd9ff925f3ef46375b0

SHA1
17d69ded00f0b48e0cd6f8d6fdd8489e9d23ceb1

SHA256
e7fbf1e33a7d8b18bbcc6445432b267af96373499ed291c048ae8653863ede63

SHA512
4d73ca0aefc099e12cf730fa1c922439e5bca490505278829d321b6ffda6af438aa301bcec9d1daf3b921d8b0ad52570ca857652e912a31189340294d2eaff59

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml
Filesize
111B

MD5
ed0cfbac66b43af11004c5ec4569e926

SHA1
16e39082b9be7bd7f0b930b887365c1b48c802b7

SHA256
49762790a034ed8403f383ecbf863e342ef5351c9e2407600dcddc92a47a310a

SHA512
132e17960c93be8d423e48393819ba497f16cc9b1eb3df458bfed1afd88731eff6614d15b9ebd159f6b9eb92f7d9b88bea097163223ebd2a263367aa261fb8a3

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml
Filesize
213B

MD5
404566f7833cd8e0b6cd05cb1a010a13

SHA1
1c94a194e389b637a5022528537ce36f569cd91d

SHA256
e2007b05ea9a72534cd321a687c641360621a09efa11c058bbe99eacb75a0765

SHA512
4cfef171c28f56a8ce172c1d132527324a785829090154565b70f57c0c3fadf627e5019876b536023419855f35c079f1ff19d9901867ead364283d92c8738cc7

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
111B

MD5
33072ac8c76b59c0def77ebb9aa5e0b6

SHA1
476b90fa3ff40bfebb75ba3bfc13c9e6847f22c5

SHA256
86e0871128419fcfedb50af79109198ea8e8db0912dbb06c4b782b48681b3e4d

SHA512
ac97150a41b8a1e3554405c1d66da0c98f44d192b466208e5648ca92bf8005be82443bd93a86cfb6b40d7b6fbb64d81652453dbdce5e8f1930e737f5b40e84b2

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
167B

MD5
04e10b9ff04cd362a98645c2b964063f

SHA1
8172582f7e18b50ac1acc6e99cee3377c6682059

SHA256
9c7b7707ba205f4aa595a17a50b7f7378066eac6aa135c4f1ef10522bae39ae8

SHA512
019d260cad9fd5b2b522754cce8ee3eeb3cfb7ea956ec58a909080f60be805363b5892a7a4d68a4d59d9f604f2bc6bb87b21c674d3aaeb57c8626b20faba660b

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit