b77729771e5327a60359375f14483eaabe9a5280ba78341b4cc15aed55df5de3

Analysis

max time kernel
67s
max time network
130s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
24-05-2024 13:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6eb0f46b676ef07784cad02b158c65ac_JaffaCakes118.apk
Size

4.0MB
MD5

6eb0f46b676ef07784cad02b158c65ac
SHA1

5a00dc442c5ca2bef217dbff6fc26e40c8315b34
SHA256

b77729771e5327a60359375f14483eaabe9a5280ba78341b4cc15aed55df5de3
SHA512

7eba2705f152250096f392108cc96f0f18b4ac8b25b96264a4eea6d9ec4d63023350af7d33cd345cdc91aa30b82bb7f0445338cffd8a4acdf5777ac272e3827e
SSDEEP

98304:gUenuSYw2TeVMYwKw+QZu5iNBC28CgOXPVFszFRguv:wnuSYw8eV0bNsfvOXWFRgm

Score

8^/10

banker discovery evasion impact persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.android.comicsisland.activity

description ioc process

File opened for read /proc/cpuinfo com.android.comicsisland.activity

description	ioc	process
File opened for read	/proc/cpuinfo	com.android.comicsisland.activity

Queries information about running processes on the device 1 TTPs 4 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

Processes:

com.android.comicsisland.activitycom.android.comicsisland.activity:pushservicecom.android.comicsisland.activity:bdservice_v1com.android.comicsisland.activity:pushservice

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.android.comicsisland.activity
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.android.comicsisland.activity:pushservice
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.android.comicsisland.activity:bdservice_v1
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.android.comicsisland.activity:pushservice

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

System Network Connections Discovery
T1421

Processes:

com.android.comicsisland.activity

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.android.comicsisland.activity
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

com.android.comicsisland.activity:bdservice_v1

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.android.comicsisland.activity:bdservice_v1

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.android.comicsisland.activity

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.android.comicsisland.activity:bdservice_v1

Checks if the internet connection is available 1 TTPs 3 IoCs

discovery

System Network Connections Discovery

T1421

Processes:

com.android.comicsisland.activity:pushservicecom.android.comicsisland.activitycom.android.comicsisland.activity:bdservice_v1

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.android.comicsisland.activity:pushservice
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.android.comicsisland.activity
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.android.comicsisland.activity:bdservice_v1

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

Processes:

flow ioc

15 alog.umeng.com
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

flow	ioc
15	alog.umeng.com

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

Processes:

com.android.comicsisland.activitycom.android.comicsisland.activity:bdservice_v1

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.android.comicsisland.activity
Framework API call	javax.crypto.Cipher.doFinal	com.android.comicsisland.activity:bdservice_v1

com.android.comicsisland.activity
1⤵
- Checks CPU information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4336

com.android.comicsisland.activity:pushservice
1⤵
- Queries information about running processes on the device
PID:4379

com.android.comicsisland.activity:bdservice_v1
1⤵
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4425

com.android.comicsisland.activity:pushservice
1⤵
- Queries information about running processes on the device
- Checks if the internet connection is available
PID:4541

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.android.comicsisland.activity/databases/Comics.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.android.comicsisland.activity/databases/Comics.db-journal

Filesize
512B

MD5
cac5545132ea5bf40753a93696842738

SHA1
19c49d383490144544b868f889508ae89b24200d

SHA256
ae3dd6a1c494138e3ee13915d1673c5d3191bf518d906c0f5e8f1324de9c88c9

SHA512
5fec01a6e18d301fb9fb6c47dcd33b98b7434cbe35bbb83ea06fa03f37012baddae3bf880d0eccd51eef68a8957d2d6845c7be6a23dc225858804632944ed572

Download Submit
/data/data/com.android.comicsisland.activity/databases/Comics.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.android.comicsisland.activity/databases/Comics.db-wal

Filesize
104KB

MD5
c70bcdaa1867b53bf561248bddde3863

SHA1
ad80cc4b08d7d8be97e0f9ae8eb810e056ebc970

SHA256
41dbc360ec5bb4a8d09cb0fcfd73652bb80d988efbb0bc9cad875bb9ac66e519

SHA512
b72af8cf5c5fa7200eed713fdc62c5eb6e1541f0c34b4bf3d901496279090d73b0105a18a497f5326c1cec69cbcb052ee73ff71612d236c2946ea2f79753a897

Download Submit
/data/data/com.android.comicsisland.activity/databases/moplus_server_config.db-journal

Filesize
512B

MD5
31d264017890c4f30336b0f643dc14f4

SHA1
1f58bd439fb63f1c839cb64adb344bac4c0928d8

SHA256
819fe30f67737af6ea7d84e599fe973b4c3618d1710f929f93e9c58b0ec90206

SHA512
faa819f8c2dd351e0911dbb67b8bd49069a3a6cd64b9746fb26c52c5bec56bd6c9da0426db8f3182947d69a7606ec6ac5c11d0da3f01ff3dc88cd6804db2e259

Download Submit
/data/data/com.android.comicsisland.activity/databases/moplus_server_config.db-wal

Filesize
28KB

MD5
9e411106028876ac5da5b177beedd958

SHA1
469cb1c74c6fda11627078d80cdcc9a21b23e92c

SHA256
b9ca61d8ca7ee940ef55ea6f783d74674270dbccd62b2157c93c43565a8110c9

SHA512
66d1874064f7391fb30ad3758db5c0bac169bf51725a08276e8ec6a8789dd911a9cdb337ce970371c0f39e19a677db9f38ca0b9a1ddb808462fe5d218e736ef3

Download Submit
/data/data/com.android.comicsisland.activity/files/icon.png

Filesize
4KB

MD5
893807f5c44220822ce2522eac63107f

SHA1
be493b713f409e0e5447e517e484e9db9ae33aa9

SHA256
65c8461e56f2a4af90e3284eec34f6b82c7811ba96e7d8bf81da2cd58ef8f3f0

SHA512
ec9b3e5074cdb5660ce7a3eca8a49f250804e01636d7d69597e8c8c84cb154465344ec26d5fbd89bae741fea41d45b4724ea66756216dd42a4d7218028b0d32d

Download Submit
/data/data/com.android.comicsisland.activity/files/mobclick_agent_sealed_com.android.comicsisland.activity

Filesize
559B

MD5
0fbd1686d523193794ede48bd853a4d7

SHA1
15b34a9f83b9d556e2af5cb7a6fbb223fea003a7

SHA256
36545c28db8deeac2461ab922627923f503bb704f258ed3d965f739ca0e3a60f

SHA512
6583253193795881c85a11b4cddd7225a0b1a8109f7e0ac10a88f0edefd72790e074f75ace40ba1d108f15d42e4f6224056ce5543ddb4771ca05363eb419ce3d

Download Submit
/data/data/com.android.comicsisland.activity/files/umeng_it.cache

Filesize
211B

MD5
c1fc0a636c225a8154222df638e85f1e

SHA1
3af89c60601350954e579678e7f390a51759b54d

SHA256
bb4ebfd25e789c635a41b732d4db9d54b0a0d3478582af8c2a60844a8b1f64b5

SHA512
59a098e6479a3d7ec006b1ddc5cb76da629965b7f6b2087efa38aafa401c22d9cbcaba629c156725af77494b2bcfc9925e4fc0ec952ee92c40897dd9cdf03ccb

Download Submit
/storage/emulated/0/baidu/.cuid

Filesize
89B

MD5
547c3a40205274104d9876b265b5ef73

SHA1
1d75f6fee170b617c1e98a2fa3986daa7915b4a0

SHA256
1d9de5f02329d1a5da476e6162bd2cdad98df1e1ed00d833624963ebcbb42c0c

SHA512
abe5a981ea29f8547e69f3f6d9b7335fed693f2562ebe5680230efcb554c81ed014148777dbbbec0564eb356e282c19a907ecb146f14251ea0bf014e2e3c2ecd

Download Submit