4b56ac24ecf6c7700daf021ba818496feec061d3def85ee5ada2f79f5bc0761c

Analysis

max time kernel
177s
max time network
194s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
02/06/2024, 14:22

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

8e5ede909a9e74c936e68819ce9afe84_JaffaCakes118.apk
Size

31.0MB
MD5

8e5ede909a9e74c936e68819ce9afe84
SHA1

905065d6b7ac46f45806a8794ff3b56cb7eafdbd
SHA256

4b56ac24ecf6c7700daf021ba818496feec061d3def85ee5ada2f79f5bc0761c
SHA512

c1223e1e906bd78d766e4c3b73dff6e60f3956ac0267e4859958ce9ab6a92043fb6323ae51ede2514cb6dcaa851d85b29767e8471f0eb5e2dfe7bb1593dd3d0f
SSDEEP

786432:aEro8eM4hQx99GK5J28CkZT7CkC5li+2NYzvien876uC3JsSMGAw6:s8eM4uMK5TJZvJC5li+VKen0xC3MGI

Score

8^/10

discovery evasion impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	com.android.comicsisland.activity
/sbin/su	/system/bin/sh -c type su

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.android.comicsisland.activity

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.android.comicsisland.activity

Queries information about running processes on the device 1 TTPs 4 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.android.comicsisland.activity
Framework service call	android.app.IActivityManager.getRunningAppProcesses	io.rong.push
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.android.comicsisland.activity:ipc
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.android.comicsisland.activity:pushservice

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.android.comicsisland.activity

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.android.comicsisland.activity:pushservice
Framework service call	android.app.IActivityManager.registerReceiver	com.android.comicsisland.activity

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.android.comicsisland.activity

Checks if the internet connection is available 1 TTPs 3 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.android.comicsisland.activity
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	io.rong.push
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.android.comicsisland.activity:pushservice

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

flow	ioc
41	alog.umeng.com

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.android.comicsisland.activity
Framework API call	javax.crypto.Cipher.doFinal	com.android.comicsisland.activity:pushservice

com.android.comicsisland.activity
1⤵
- Checks if the Android device is rooted.
- Checks CPU information
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4290
- /system/bin/sh -c getprop
  2⤵
  PID:4752
- getprop
  2⤵
  PID:4752
- /system/bin/sh -c type su
  2⤵
  - Checks if the Android device is rooted.
  PID:4778

com.android.comicsisland.activity:ipc
1⤵
- Queries information about running processes on the device
PID:4356

io.rong.push
1⤵
- Queries information about running processes on the device
- Checks if the internet connection is available
PID:4372

com.android.comicsisland.activity:pushservice
1⤵
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4412

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.android.comicsisland.activity/app_crashrecord/1004

Filesize
243B

MD5
5ec568ce7c29f179b53fa89a47c4c085

SHA1
ab244898c4093557fd8fa9003b1e532b61885d8d

SHA256
50c93d1e7a0dffaef2fe059efe676ae8e8c6cb44407b659814ffb17e363e19d1

SHA512
d2d6ddd9e7a7ebf1667496f812f6ba62d922ac3b32eb8f8f8dc547a7073d78bc8a9a76bc4f152cce2190be5f8377a80337182717dbacba25abb11ff3f2124a85

Download Submit
/data/data/com.android.comicsisland.activity/app_crashrecord/1004

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit
/data/data/com.android.comicsisland.activity/cache/image/journal.tmp

Filesize
31B

MD5
8c92de9ce46d41a22f3b20f77404cc1d

SHA1
8671a6dca00edb72be47363a7071be65cf270373

SHA256
68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

SHA512
30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

Download Submit
/data/data/com.android.comicsisland.activity/databases/Comics.db

Filesize
4KB

MD5
50e8325483d071bf61e332bf0e6305d0

SHA1
f2572c0bb114283739069c781817db9ed5fbad82

SHA256
acece3f452c0b0c82ae7a0cfa39831b8a2c10c6657136656333d2f3eaf59b832

SHA512
184f641ae8795b7f6bb0f6f87637bba91bd8d2cb52ef693b0760481f50bd3007f220937d3c47957118e63eca2543b8fd45fe0fbea701e599ef73f6a715c899aa

Download Submit
/data/data/com.android.comicsisland.activity/databases/Comics.db-journal

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.android.comicsisland.activity/databases/Comics.db-shm

Filesize
189KB

MD5
b0bfd0e7da053a6a7c4035f31bc150e7

SHA1
c5b83922e7ddd5f42c27db1fa25bfd1e0e2a89a7

SHA256
876e532932fd456fb0c8f01f2ec18a14b7fa5b73b35054a24ba044e1f08a000d

SHA512
c548e6643b47f15aaf1573c9a2c031e0b64914a9e672e1b6a6bd40c0f55eba8bb2cd2781dd373c6598383d65d4ed9e9f184218156c110696001d79d0ecc89977

Download Submit
/data/data/com.android.comicsisland.activity/databases/Comics.db-wal

Filesize
225KB

MD5
2bfe3616da6576f426f399045e4ddce0

SHA1
982a56f6560760cb8264f3e1f295979334f0090c

SHA256
7888a75a2ae6e1e331a43d422ea70a4a03dbb96eeb0a2ad2e0a4496fde84a9da

SHA512
cddf881c64208c1caa398680c16b5b38bc600863d3cdb3f5b2c9b92542b569fd280e85e0f764d76f0261ba0fc3f5ae99f8617be596c2fcfd44154863935dfbf8

Download Submit
/data/data/com.android.comicsisland.activity/databases/bugly_db_-journal

Filesize
512B

MD5
352ee9186de11073c5e76afd55b82fbe

SHA1
947eb4b9d80de186dc94f49454d600c033ff997b

SHA256
1d1894842ffe5ee5cee8b4e82e457dc74aabcc0b0638338bc7d54500166389c1

SHA512
bf3faf2b6aade62ba07a035505c5feac163d56cde9ef31e9e8d0243d08e158d6a911dab7db3fb4d0c849bfbc6521c60b5b5d71d351496bb2a536d8edbd8f0a70

Download Submit
/data/data/com.android.comicsisland.activity/databases/bugly_db_-wal

Filesize
80KB

MD5
910b3b6bae7eb26967efe16d9766c78a

SHA1
9436fbbc647676048938fabba72a406eccc9026a

SHA256
4e1cb414d3e729fe56a0e25f1a304ebd65a2421d8e2ea317f9fdb464882da8c5

SHA512
bee2e7d9800b835ef82fb70e3901ab5e9b2cf5f35bb3265fbf1b036151b20cb6ec790697b40e2618cbf0a34d34713f24934e7a7dfd7bbe0ee84013af44669d1e

Download Submit
/data/data/com.android.comicsisland.activity/databases/com.android.comicsisland.activity-journal

Filesize
512B

MD5
701d51b4611f758cf14479736a60b6e2

SHA1
1d282974255c94829bcce53cdb7618ca8fb9050f

SHA256
a79f815db3e68f0a3eb069957bc8ae742b9ba14bd8b3810ba747df04a7b4ed4d

SHA512
eda5531c645afa705b1e4ce645a7390f41c1cee9302de992b94a95e0fdd4abe37e4e51521b665a3400956dc94ed8ba5c0d30515399fdd90da2ffdf4dd0b9d6df

Download Submit
/data/data/com.android.comicsisland.activity/databases/com.android.comicsisland.activity-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.android.comicsisland.activity/databases/com.android.comicsisland.activity-wal

Filesize
32KB

MD5
f65cce9760640153740b4fd01929b94d

SHA1
fa11d9bc8f913920eb401b71f510ed94df23b7e7

SHA256
32fc7d4afe3beb642cc95f8c51c7b219aeddd5983614de817ec5aacb4304128f

SHA512
606bbd97870f88d552ad205005dbd6e0bd7e519819b817b392e3ef7c1ffe1677837c122de62b13a6547ff39959d8a73469d77fb03e27aac1761780afb0ebd053

Download Submit
/data/data/com.android.comicsisland.activity/databases/gtc.db-journal

Filesize
512B

MD5
e386a7d959023c7f6119f7898e31f5d5

SHA1
19f4660a1ff0a8c64c4e67d48b523101c8b0da2b

SHA256
d34220b1a871857c93f7a21e63477c215290110aa83158f6af2b077fbd33b5bf

SHA512
7abf1d11d018f8a165c72f7f255a92cd80dbd462fcaeef494065534c96f3dea307c409b47e0391984e716102eae7d5b6a051548938f653b2cf70789ca434c102

Download Submit
/data/data/com.android.comicsisland.activity/databases/gtc.db-wal

Filesize
136KB

MD5
859f0454b64ac8ce65f54fa50524d231

SHA1
f7c4e7f008995228388b4046d51ec51bca98326e

SHA256
ea194765513aab0abb2cbffe84f80ca879df0d0e46a786390cca4968bab4d8a8

SHA512
8c2108981f936f01a4ede02a718ac1b8d8add15a8eca5d088691afaa08ef071eb1e2e290774fb504f6c0568e3e826220764250dc94e5a2eedd024eddddbeb552

Download Submit
/data/data/com.android.comicsisland.activity/databases/mwsdk_analytics.db-journal

Filesize
512B

MD5
5ca7135e92f1812e5c349e6e82f0b1a1

SHA1
a23ada478ad8db7912c9fd6b3326823ce22169d4

SHA256
4fd1bff59d804761a168312e37109a2133fce814943ddf1191d1b7c3e30fb24f

SHA512
3859c68ebe9df6986f5aa4b3f8b7da1b85ddc8c7a0e610a1ee556a91158ece482421e463c90435b10caadf1b70e7ceb35e513c294cc34bd8faa9f37f4487408f

Download Submit
/data/data/com.android.comicsisland.activity/databases/mwsdk_analytics.db-wal

Filesize
40KB

MD5
a902afcfa060336dbafe1235ee9bd79b

SHA1
6c478cc790b06b5cea46467d52987bb9f7a4b322

SHA256
1385b7aa4610497b4a91665469b165d87d7652ec149211f468357cc6d1429ab8

SHA512
3eac1023511982e2e2505371bc2f3a01e1d1488a2364821a73420b29952602c5f70062e63feb00580835253221f6ad50a4f2a97e842a2a0a16943023d21eca2e

Download Submit
/data/data/com.android.comicsisland.activity/files/.um/um_cache_1717338226017.env

Filesize
613B

MD5
9e9f114c223597e5473c1f2a9edbc35a

SHA1
771f7bccc3d5f8d26af02975cccf058cad4d5290

SHA256
78ca205d415e0f04171c65bd168a2f82a98dea1583e1a3c9683ca61de8c45c6f

SHA512
7148c1763398039dd92ad8bb98f6da2a746844282ece35002662ab1481e9068749bb4b3d099d5873da391bbffaa68ecd07115b3c2a50628b04b9bd45c0f5a996

Download Submit
/data/data/com.android.comicsisland.activity/files/NBSUserAction

Filesize
32B

MD5
80980ea109ad9fedfaaae3997e168818

SHA1
ff94d15e2e91cf8cb9753da7d8421f1797a814b4

SHA256
d909e23476b4d1ea1df5ab35e468a9d7a2c694110d5ac90add6723afd29ededd

SHA512
2bb857b9685e63d14226215c7e65616bd595b0b3a4e9e854cff1dd2b71efd385a4aaafbb82e4e7f0f3769f46b01bee868b91e94c62d979914de77d858c989a8c

Download Submit
/data/data/com.android.comicsisland.activity/files/umeng_it.cache

Filesize
310B

MD5
adcd0eb4c85b634c4675de8821c05beb

SHA1
a9a7418a39715e18fb979e789ae51e0f74bf3a43

SHA256
4122438cd990618b96a3efc34ab58f93161953b272dde53ad4b31897ff6e0bad

SHA512
75f3825704be8ec78442da67c745e7d5c0341c81449b5f2c03c3c8feb9fea232f0a39cf4036a9ab21ba3ba8515795a4cc61546f9b25dc72d0509be6f77fabfaf

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
76B

MD5
fe92a46b85064a2c120507431bc3693b

SHA1
7da2568f6fbb74e07b7b56817a9c67214cebbe35

SHA256
666a23423baa65416c8845006e3c25ce777d1b1ad7d534e743b9635d99b1a40b

SHA512
27aa76b9d0d1f6c6d89bda986893c5229bfea88f2adf388f8d32ab076f4523310b44362041f6c036124f40c2669d3d75aa162b831a366d409ba34d8fbef9eb43

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
111B

MD5
e506a7e8a6efebabef994c35166cdb3a

SHA1
6ad0419993588b63f57f5c2a4c7af211d067d8a0

SHA256
d495305ca45480596036290d3ab35008c844f8135e05c24837db534885e291a8

SHA512
98d00e746d8b6a025aa0b607e2b515facd4063a34922fcfbaccc2840455e19678a438423f01920e7f2149b981e852bcf1b87495022606de5a80bc216276a83cc

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
213B

MD5
1f6d0db076a918cfb12c56dc6dc8b0e0

SHA1
b3f99d64a3d2fe92e6af390b01584d50caf7d800

SHA256
19f9c230ea012c1b5e5f609f0f4ace1144a96fa196c5932743778dff88512fb1

SHA512
d337b0543dddcb234ace713cc0d6fae719a8fb11db1a3a89e995fb832581e9259ab012f21a24730f068ce52627586f370e86d98f03a68e7e96ef7edaa056aa4a

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
167B

MD5
25d19e04da93af9b4d5cd6c6109c0d4a

SHA1
6ede7775514d96dcff577b43ddf8f91e1b2d86e0

SHA256
42ba71309bbc0a32c5804bb73bd0ef36a856126305e1ef16e1b1203140f8c1e9

SHA512
7ffa647d920a7a8a90349002c6349d68bd529acb899e9a6a4c984b0a01ad7122aa4d585f2213a3c92a25b3304a425f4e8d0e7ac4627751e36115c51c02e54852

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
65B

MD5
d9895a4d3b4de284f7551f042e90e94d

SHA1
2a14fb4afde30fdf9fe4f1b007f85bd7386e792a

SHA256
0bf15de871f2cbeeaa88fe383d7b4af279f874cdf01d12d9d044dcebfe5fdf58

SHA512
4eb0af021c2027229a29bf2b1bc562c70a5825aeeac00c404615628271663dc401ac21fc0f5f8fe7deb760c892b66a54fc8387a964f45e45bb67931660c886f9

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
111B

MD5
197e410d193765b9181a4a81f2e0ed59

SHA1
f5e9274e190bcda82484b54640cf1b0b257e70e2

SHA256
5d41dfd26731439dee08a1113bd40c09f69bc8a6d586255cd40cf7137f0e044e

SHA512
e1ece8a0cac6099b74b0649ce2bfac2d5f1f0622cb80923d9d66769661e7ddc3b35c8f1d1ee1dfe97ba51bed4b271fe2f08c9a2eb6083a67d01169cc4d4abf6e

Download Submit
/storage/emulated/0/Adhoc/ADHOC_CLIENT_ID

Filesize
36B

MD5
2be90c2dbcb701809a3500686ac5316c

SHA1
314f3cbd28a564eb921d1777bcc27e9b23b7d945

SHA256
f14b709fc95c4cdc16577ca2a45b239d7d5596d54f66eaf29bf1dd8aea56d243

SHA512
97a2a64275c97c2f4fe37799df8641301a94b3f198462d4d95bd8afbadcff4f492456fc8d034b4e39c152e30daa02c97572f39090979df64e2059a6c17b39cc0

Download Submit
/storage/emulated/0/libs/com.android.comicsisland.activity_.db

Filesize
68B

MD5
9072ca0f7d35def5d3e2fe3e035c454a

SHA1
f3540537dd15cfe9f155c4c5c88583d466dbefac

SHA256
dc3f817e989a806b06448c47e988e4d566dce47f5d504343aec19e468378a07d

SHA512
79a432cb33cbbea4ae09f4150a0f270e1589c35d29a40d705a4a00214a2b3a26fe9155c0740da9bc8f574f36b6a7c584e5a550c256e045fff6447010b4bbbced

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads