768b7958e37e840af851d66a92d5f1e9832cd4900f399104f37bcf3c7e89bfbc

Analysis

max time kernel
173s
max time network
183s
platform
android_x64
resource
android-x64-20240514-en
resource tags

androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
submitted
22-05-2024 01:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6583916fdacf16bf82776bbe86cf38bc_JaffaCakes118.apk
Size

12.4MB
MD5

6583916fdacf16bf82776bbe86cf38bc
SHA1

b4d9007946d4c4dc354ef53e1318a68e856ba2b3
SHA256

768b7958e37e840af851d66a92d5f1e9832cd4900f399104f37bcf3c7e89bfbc
SHA512

82379c2609751b7b4235cce82151a84c3a1918e60868959eb0a0bcd8a0a2ef693516bae2bd0f671f7886c69ddcda52f68a444279d3178673863261d49f86131f
SSDEEP

393216:9MKt/m4wmrGbq8PRgxP1GF3SP5IsUss4bU:Gsr98YUFCP5IsUss4w

Score

7^/10

discovery evasion impact persistence

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

cn.zymk.comic

description ioc process

File opened for read /proc/cpuinfo cn.zymk.comic

description	ioc	process
File opened for read	/proc/cpuinfo	cn.zymk.comic

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

Processes:

cn.zymk.comiccn.zymk.comic:pushservice

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	cn.zymk.comic
Framework service call	android.app.IActivityManager.getRunningAppProcesses	cn.zymk.comic:pushservice

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

Broadcast Receivers

T1624.001

Processes:

cn.zymk.comic:pushservicecn.zymk.comic

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	cn.zymk.comic:pushservice
Framework service call	android.app.IActivityManager.registerReceiver	cn.zymk.comic

Checks if the internet connection is available 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

Processes:

cn.zymk.comiccn.zymk.comic:pushservice

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	cn.zymk.comic
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	cn.zymk.comic:pushservice

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

Data Encrypted for Impact
T1471

Processes:

cn.zymk.comic

description ioc process

Framework API call javax.crypto.Cipher.doFinal cn.zymk.comic

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	cn.zymk.comic

cn.zymk.comic
1⤵
- Checks CPU information
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:5181

cn.zymk.comic:pushservice
1⤵
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:5249

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/cn.zymk.comic/databases/.ua/ua.db

Filesize
32KB

MD5
38564ad4c73e5619bc2264b0c44997a5

SHA1
e55f6fe1b20347ad4cd58d77af0b0feb149f63d0

SHA256
1820a909a310bf7bc4ddaab6c8be3954dedd53612749f7bd08fefbef31670ec8

SHA512
30d84731a3d8380e63bb73227623e86bd779476474269f252abe546028531c77658573874444e66b862ea049724e93a9344b1d4fd9f26c0fe02a79a4079a9a7d

Download Submit
/data/data/cn.zymk.comic/databases/.ua/ua.db

Filesize
32KB

MD5
4aa7cb7538b958475ec44ccb1653629d

SHA1
f59b0ea9bff836114c83739c0da8133e6827ed9a

SHA256
0efc8c7e7a04972a8338725e27ea2472fb213e49f8400768df82b4fd99446c3a

SHA512
94b3867fc6797df96f9d05d7bf14776fb36600787abf8b7432cd00d397a8210e4380cffc0342f673e8d79ad38d707ac3273526d57e8bb8a14028ffa34b71456a

Download Submit
/data/data/cn.zymk.comic/databases/.ua/ua.db-journal

Filesize
12KB

MD5
9a76edef3005a752ec98f5b29e74affb

SHA1
696943310ce24f74db45f25446ce26a9db427e22

SHA256
d56299e2bd00cbba3eaf6140578e6b051f2313da07b38501c44cd062f0892792

SHA512
eb5f5b632e654c9d8b1516b35cc0aed07ffca19437368847e32b0ed24158157c2f7fe58b169e41a7135e8f6e5d7a35fb3100d7233f5e4c843fb206307f86db62

Download Submit
/data/data/cn.zymk.comic/databases/.ua/ua.db-journal

Filesize
512B

MD5
4a6dbf6d5708f9e8f6dc8c18b6135578

SHA1
f5c23c7ab440c25f102a5f06cc1ff3d3e3ecd8b0

SHA256
ea67521f6a78db8da9292534c93e5a4dc238dac1f3a546ed5ce5590152e4c05a

SHA512
df610da450abfd37ba44b1d4d396e97995fa8bd8580d302ab608e0ed5b2cd35fc692b274881b8fd31505c59b152268e50f7d060f591c3c1dcc85a754e9945b85

Download Submit
/data/data/cn.zymk.comic/databases/.ua/ua.db-journal

Filesize
8KB

MD5
92a48720866104b07f405e31d7a6b9a2

SHA1
c5439a8bc4959203f30781a17b23208c896cc676

SHA256
79854490c0885217515493f2345f66d13e4c89573bf8994b0d899b5f777ad522

SHA512
52c2f47f77f585da67208ec0c58a0fd130ddefcd4ccf98dfd10854b4b3203a5778b7cd87486369812a5f7544cc122767276d3e61a4971aabe4262304b0b6a8a9

Download Submit
/data/data/cn.zymk.comic/databases/.ua/ua.db-journal

Filesize
8KB

MD5
fed958c096ffd4339bfa31e624712a72

SHA1
96c1ac8ea91d618c73869d04c462a2abf1184b59

SHA256
91206350d23c57c40d0a4288c2590c7bc974e85ae044b71e9b6578062c8085f7

SHA512
c6784fa4b44bae843029e3a3768dc28b9eae9030fe827c5b583fd74f9adbf9734f1f97dab37b7e8bb37f35dffaa8f4402128575b774faaa06d7bb73fcbce00a8

Download Submit
/data/data/cn.zymk.comic/databases/.ua/ua.db-journal

Filesize
16KB

MD5
4de897c1f3950a24be9646d9ed6fed08

SHA1
7d1ad763f73cb039466611f54e3034de7c0d8a15

SHA256
a1eb75ef9c5290a450509c25499e3de2a544b838c1b422c32f0d4cc7ade83c6b

SHA512
16953d24dd45c66792ded2b888295df2915bb67d546dfb5ed88452efcadba75dc368a39659ada6d16e39f6063f8be4dbd8275b8b1352af5fd496b785b6fe8192

Download Submit
/data/data/cn.zymk.comic/databases/cc/cc.db

Filesize
36KB

MD5
0908e924aa236931dc7166fef6e00862

SHA1
7782648d6d8f6e835bd47058d4852932c096a467

SHA256
38f8548795ca7470b449dd1de9598c07a247ba59883c0764c9c96ff0b7d31d7f

SHA512
3c16fbc5172aed04cd206e776c46d26e911732c6e3631536410a71f1d217449475727ac9b3175e827c5ce645a1da9e05900258ee6ca27c936a9060f241361dee

Download Submit
/data/data/cn.zymk.comic/databases/cc/cc.db

Filesize
36KB

MD5
67c12933d1e0e63d9801a6aa43092ce7

SHA1
b6936908554e4a1986b8eb08289e2d3545e8ff74

SHA256
abda5dd4cc2e7dbb951637c4b49d6990f9f34411fab4dee1a387dbcc8e7eed40

SHA512
db8b818daa3ff4ec7678645f84bf8b45c809bcbb758ea78b28982d071572655bba2d20e6f1ca4f0d057ab34fa655c5bc40457dc65050180351a2fc04a47175dd

Download Submit
/data/data/cn.zymk.comic/databases/cc/cc.db-journal

Filesize
512B

MD5
160bc0445da33ba2389a89c7d04d4078

SHA1
4f15c5904de490fa856a8602a313a2c1b6fc69c9

SHA256
6e54dbe9a805e9aa6dbf733d0d7c828cbfd4a5aa6b67502a29541ffe2cdf3eb3

SHA512
3d184a1c587750837ae93d2a3e0bf9b0924bb59adf3001e03ae991ae5f55be0dff6528a8a7820212989419a037cb148b55224525523c906acfdbcf1d5d35e481

Download Submit
/data/data/cn.zymk.comic/databases/cc/cc.db-journal

Filesize
8KB

MD5
57ec95790b591ff42ec949d24eaf51cc

SHA1
1242919e970a07300ed717aff31bc9199004e54f

SHA256
4b94e5e7c1596807b05cd5301844c2cfb3146a4259a11ede64cef29e560fcb60

SHA512
ca85aabaccb966e6409376558744606113cd8ae06d5a3f34a02fe3d279a4cf449676f780f5d47b28b130c9c6ca2a08972367e26e77e4f4c5a158aab6cd96ae11

Download Submit
/data/data/cn.zymk.comic/databases/cc/cc.db-journal

Filesize
8KB

MD5
8892fe912b3d3ca77a14eb3895b43a2c

SHA1
76c13794a377ca885f4d47c5fb83cd822a613580

SHA256
932d7dd15d17fca9969d7275da667ad13cb39e50cccfbe0c28ede993b31a5352

SHA512
fe880f786a671626a834deb36581c6dfaad1bf72c09618848cf2bdfbac12d9c79765d700986963cb1e69c1d0d3f5ae522aec594b2cfd4c86391e9792d8d0bb7e

Download Submit
/data/data/cn.zymk.comic/databases/cc/cc.db-journal

Filesize
12KB

MD5
32dfeaf272aaa304455a1cf5dfa9282b

SHA1
170e57062b73b130db3a69344274b64034e66a2b

SHA256
9bc2ccb49eabcd331b0206c14708ad2c027916da9ca25e29737f2f295bdf5340

SHA512
3647ee548d11afbb8c0c1cada6f2ee744c9216fa99c7204b6de3588739fcb595b60c0e45257d4ef72fc9dd62e6d49601cc379c7e672d4514c35c156be87cba3c

Download Submit
/data/data/cn.zymk.comic/databases/cc/cc.db-journal

Filesize
8KB

MD5
4fac9ad2cb119f8ee24e3b589f83144a

SHA1
6f18748d750ab1a757a55234a68c51227a4b5dcf

SHA256
55fb2f0dd3877eab0b825355fb293468b90c18a6619647565b2908fa627a363c

SHA512
56422085c6d8ef3e5cd1c4c48c1e9b7b23a4ac950271e0f33393e93b52d07c764708c3b783747a424c529bcd29583e1bd4dac68122d477b71e3fea9b07b0bec1

Download Submit
/data/data/cn.zymk.comic/databases/cc/cc.db-journal

Filesize
8KB

MD5
6c3ee899a524d10a2debbb1a1a0ee11f

SHA1
683b4b7851edaddcbebe7a730df8ab3b1e5670f7

SHA256
c2f9578f6e96ad5a47cb36c2d18c8338e225129d0d16347135e046c64fd004dd

SHA512
41c24e2f3036bcc2ed3758cf8f3173ab517dd8b72ed76d1b1856815247ebadc156583658d960749b8ef1ade1f44c914120c2468806456a556225392374f9f335

Download Submit
/data/data/cn.zymk.comic/files/.um/um_cache_1716341237012.env

Filesize
1KB

MD5
f347e2cad6d7b66c88626a3f7cd2afeb

SHA1
f0662188c376c059cfcad3c9ad9892e77932fb57

SHA256
508f8d5e9ebe93bb929829f172ffac6b7e7fd98f167fad66e7e0e5c1fb2c5923

SHA512
469abebe8258e8168381e34c82aa877941352007a6e4de83ebefd97b2b523b0fbdab9e2bb227ee5c17922aa238e4a5d7df98f2a792c0760068d21ac47bc99e71

Download Submit
/data/data/cn.zymk.comic/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
d237bc01fc902765055c9e7d0124ca14

SHA1
dec0166a3178d9d6cdc62a44490a19bf083734e7

SHA256
bb3207f57d04c22b3cb4b06c37d9413d7f2bc311f35c3e6b07665a38cc48bb03

SHA512
7a6c45cbe6c6e4c3ab907e42aeb8ae6c10f87911cf43557348ed218956818408aefe7542cae9ab3d826cc3f2c3c4152200bf16febc3ae3453c7e55dfe8cd3bd9

Download Submit
/data/data/cn.zymk.comic/files/exid.dat

Filesize
58B

MD5
a8bc281c9812b4ac4ddef490ebc28b39

SHA1
d68969c9e98b01b85d7e76bf4c5642447af2f0ce

SHA256
a1ff8ce5af3c9e685744f1ea8cbb2ce003a0f9ebab7e516f45b3bb57798ed54f

SHA512
d5d7b7c190e145096ee6935e08879d19c6632578d21db04ed14ba58ed9bc05ce33d9e33daaec60561ccadccb3fa46810e75e27ab7afd321f4bdf89554ccb973a

Download Submit
/data/data/cn.zymk.comic/files/umeng_it.cache

Filesize
433B

MD5
33a0430dfc9d95c8294744caceaeeee7

SHA1
55ba9dbb28b7305f6f179448048b1b12c5c609a7

SHA256
59b678607bb25dfee12c3b74eb2a79dc8bf57bd89404ab1aaa9d6fddcff240ff

SHA512
d3faa13fcc2003c88cd4a8a5a355ba03fd97a0634a1492f6ce70b6cfe11c2ff496480f39b96d43742a8d1153f3b401f8298d1ce2402743ecd33f943d11270516

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
111B

MD5
99cd5de263c9fa24b2675db277d03c0f

SHA1
66959606a2af12ff2b98a1ac378d0953154add04

SHA256
98243ade5476430a0ac14733f90bd0c4b6162d170994bf3dc7c89b69ec35fda8

SHA512
fd86550625cfa79ef1a0393ad7a4671d4150322559bf7596be12142095a6de30cb88fc281ddf4325ca913151a65706bfe874b216115733c6e18f215bfbd70e15

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
213B

MD5
bfa9e8c4b4c2ed13963d0cc3ceb1d6ab

SHA1
243eb8af7aa8bd14b9c2922e82f0a1dde885da51

SHA256
45421020dbc8e400d1dc7faf1b723a649a536bf7c4083c8b1686f2d0f5b06518

SHA512
96ce7eaf3ccb9fb2450a13c66400abb083a0309cfe171a89217e4186f6576215903dcabe0df2fd0323fcc6c6bbffda740d7042a4c57c6e600c68421de7675371

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
111B

MD5
c4d63c2ed238d5da318ea9e497609971

SHA1
f6f46869f2f62ddccd634caea75ba8a6d5476efd

SHA256
188b74cd0c3b10031b2357b4f18e605d28259d131f0352ec1495cdaf3181bf06

SHA512
1f0af19fad730719fb92a2cb95fb1a32fe89c0b1eb2d8f8fd71b236b89ab3d4919b2d3deae1021a8dd8cac5abc6d89fc63711973b272410adf58dd0802ceceb9

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
167B

MD5
6b18f6478f97ef768ccb88de4aee2010

SHA1
eec1ce09fd3cd9fe4818923e57fa3f2f413fc439

SHA256
74c190b323749da75c0d73978eb7b052cf85699c049121ae6d72d8b531966dc5

SHA512
1c483e6a1af67ce326fb1069bcb8b1a9d80a4b467b941c9561102ba0b476aae83db09195e53727438bb9d385fec0522ec55c3577bd816b177e31cd1670f5ec06

Download Submit
/storage/emulated/0/data/.push_deviceid

Filesize
32B

MD5
162b091c5f3af6b2f8f081195698912a

SHA1
ccc42c8a7b0db9c9b79d375198ece4ebe44fea7b

SHA256
6a95b4e7474e816c0add924d1ee9ddef166627789773560700c509027fb0e17a

SHA512
da579ecd2fd0879ddfb70d601b1ff170cb7105945ce602b7d82680cbb61011f3691dc9c6642685cde281b47825b4954e5c070be4c62421c8ae0508b2102cab38

Download Submit