b77729771e5327a60359375f14483eaabe9a5280ba78341b4cc15aed55df5de3

Analysis

max time kernel
67s
max time network
130s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
24-05-2024 13:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6eb0f46b676ef07784cad02b158c65ac_JaffaCakes118.apk
Size

4.0MB
MD5

6eb0f46b676ef07784cad02b158c65ac
SHA1

5a00dc442c5ca2bef217dbff6fc26e40c8315b34
SHA256

b77729771e5327a60359375f14483eaabe9a5280ba78341b4cc15aed55df5de3
SHA512

7eba2705f152250096f392108cc96f0f18b4ac8b25b96264a4eea6d9ec4d63023350af7d33cd345cdc91aa30b82bb7f0445338cffd8a4acdf5777ac272e3827e
SSDEEP

98304:gUenuSYw2TeVMYwKw+QZu5iNBC28CgOXPVFszFRguv:wnuSYw8eV0bNsfvOXWFRgm

Score

8^/10

banker discovery evasion impact persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

T1418.001
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.android.comicsisland.activity

description ioc process

File opened for read /proc/cpuinfo com.android.comicsisland.activity

description	ioc	process
File opened for read	/proc/cpuinfo	com.android.comicsisland.activity

Queries information about running processes on the device 1 TTPs 4 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

T1424

Processes:

com.android.comicsisland.activitycom.android.comicsisland.activity:pushservicecom.android.comicsisland.activity:bdservice_v1com.android.comicsisland.activity:pushservice

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.android.comicsisland.activity
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.android.comicsisland.activity:pushservice
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.android.comicsisland.activity:bdservice_v1
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.android.comicsisland.activity:pushservice

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

com.android.comicsisland.activity

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.android.comicsisland.activity
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

com.android.comicsisland.activity:bdservice_v1

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.android.comicsisland.activity:bdservice_v1

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.android.comicsisland.activity

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.android.comicsisland.activity:bdservice_v1

Checks if the internet connection is available 1 TTPs 3 IoCs

discovery

T1421

Processes:

com.android.comicsisland.activity:pushservicecom.android.comicsisland.activitycom.android.comicsisland.activity:bdservice_v1

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.android.comicsisland.activity:pushservice
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.android.comicsisland.activity
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.android.comicsisland.activity:bdservice_v1

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

Processes:

flow ioc

15 alog.umeng.com
Reads information about phone network operator. 1 TTPs
discovery

T1422

flow	ioc
15	alog.umeng.com

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

T1471

Processes:

com.android.comicsisland.activitycom.android.comicsisland.activity:bdservice_v1

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.android.comicsisland.activity
Framework API call	javax.crypto.Cipher.doFinal	com.android.comicsisland.activity:bdservice_v1

com.android.comicsisland.activity
1⤵
- Checks CPU information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4336

com.android.comicsisland.activity:pushservice
1⤵
- Queries information about running processes on the device
PID:4379

com.android.comicsisland.activity:bdservice_v1
1⤵
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4425

com.android.comicsisland.activity:pushservice
1⤵
- Queries information about running processes on the device
- Checks if the internet connection is available
PID:4541

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.android.comicsisland.activity/databases/Comics.db
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.android.comicsisland.activity/databases/Comics.db-journal
Filesize
512B

MD5
cac5545132ea5bf40753a93696842738

SHA1
19c49d383490144544b868f889508ae89b24200d

SHA256
ae3dd6a1c494138e3ee13915d1673c5d3191bf518d906c0f5e8f1324de9c88c9

SHA512
5fec01a6e18d301fb9fb6c47dcd33b98b7434cbe35bbb83ea06fa03f37012baddae3bf880d0eccd51eef68a8957d2d6845c7be6a23dc225858804632944ed572

Download Submit
/data/data/com.android.comicsisland.activity/databases/Comics.db-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.android.comicsisland.activity/databases/Comics.db-wal
Filesize
104KB

MD5
c70bcdaa1867b53bf561248bddde3863

SHA1
ad80cc4b08d7d8be97e0f9ae8eb810e056ebc970

SHA256
41dbc360ec5bb4a8d09cb0fcfd73652bb80d988efbb0bc9cad875bb9ac66e519

SHA512
b72af8cf5c5fa7200eed713fdc62c5eb6e1541f0c34b4bf3d901496279090d73b0105a18a497f5326c1cec69cbcb052ee73ff71612d236c2946ea2f79753a897

Download Submit
/data/data/com.android.comicsisland.activity/databases/moplus_server_config.db-journal
Filesize
512B

MD5
31d264017890c4f30336b0f643dc14f4

SHA1
1f58bd439fb63f1c839cb64adb344bac4c0928d8

SHA256
819fe30f67737af6ea7d84e599fe973b4c3618d1710f929f93e9c58b0ec90206

SHA512
faa819f8c2dd351e0911dbb67b8bd49069a3a6cd64b9746fb26c52c5bec56bd6c9da0426db8f3182947d69a7606ec6ac5c11d0da3f01ff3dc88cd6804db2e259

Download Submit
/data/data/com.android.comicsisland.activity/databases/moplus_server_config.db-wal
Filesize
28KB

MD5
9e411106028876ac5da5b177beedd958

SHA1
469cb1c74c6fda11627078d80cdcc9a21b23e92c

SHA256
b9ca61d8ca7ee940ef55ea6f783d74674270dbccd62b2157c93c43565a8110c9

SHA512
66d1874064f7391fb30ad3758db5c0bac169bf51725a08276e8ec6a8789dd911a9cdb337ce970371c0f39e19a677db9f38ca0b9a1ddb808462fe5d218e736ef3

Download Submit
/data/data/com.android.comicsisland.activity/files/icon.png
Filesize
4KB

MD5
893807f5c44220822ce2522eac63107f

SHA1
be493b713f409e0e5447e517e484e9db9ae33aa9

SHA256
65c8461e56f2a4af90e3284eec34f6b82c7811ba96e7d8bf81da2cd58ef8f3f0

SHA512
ec9b3e5074cdb5660ce7a3eca8a49f250804e01636d7d69597e8c8c84cb154465344ec26d5fbd89bae741fea41d45b4724ea66756216dd42a4d7218028b0d32d

Download Submit
/data/data/com.android.comicsisland.activity/files/mobclick_agent_sealed_com.android.comicsisland.activity
Filesize
559B

MD5
0fbd1686d523193794ede48bd853a4d7

SHA1
15b34a9f83b9d556e2af5cb7a6fbb223fea003a7

SHA256
36545c28db8deeac2461ab922627923f503bb704f258ed3d965f739ca0e3a60f

SHA512
6583253193795881c85a11b4cddd7225a0b1a8109f7e0ac10a88f0edefd72790e074f75ace40ba1d108f15d42e4f6224056ce5543ddb4771ca05363eb419ce3d

Download Submit
/data/data/com.android.comicsisland.activity/files/umeng_it.cache
Filesize
211B

MD5
c1fc0a636c225a8154222df638e85f1e

SHA1
3af89c60601350954e579678e7f390a51759b54d

SHA256
bb4ebfd25e789c635a41b732d4db9d54b0a0d3478582af8c2a60844a8b1f64b5

SHA512
59a098e6479a3d7ec006b1ddc5cb76da629965b7f6b2087efa38aafa401c22d9cbcaba629c156725af77494b2bcfc9925e4fc0ec952ee92c40897dd9cdf03ccb

Download Submit
/storage/emulated/0/baidu/.cuid
Filesize
89B

MD5
547c3a40205274104d9876b265b5ef73

SHA1
1d75f6fee170b617c1e98a2fa3986daa7915b4a0

SHA256
1d9de5f02329d1a5da476e6162bd2cdad98df1e1ed00d833624963ebcbb42c0c

SHA512
abe5a981ea29f8547e69f3f6d9b7335fed693f2562ebe5680230efcb554c81ed014148777dbbbec0564eb356e282c19a907ecb146f14251ea0bf014e2e3c2ecd

Download Submit