cbb52bf1476d865a7a8ba167868ba116a272c5d1e5f967422a0f8ab8645d07a6

Analysis

max time kernel
175s
max time network
190s
platform
android_x86
resource
android-x86-arm-20240603-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240603-enlocale:en-usos:android-9-x86system
submitted
10/06/2024, 15:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9b3224782d88d8f311cd7e331263f45b_JaffaCakes118.apk
Size

29.3MB
MD5

9b3224782d88d8f311cd7e331263f45b
SHA1

5cc902ffa7882f99d7c7e627827b410505ebd3cf
SHA256

cbb52bf1476d865a7a8ba167868ba116a272c5d1e5f967422a0f8ab8645d07a6
SHA512

33432888e4ecea005f606243f68cbd987b2831f7e67c429105e12e39d978aa4e43504021980363b88a5d46168541761102bcf5968b4faca6e1bc0ff7257bef77
SSDEEP

786432:Rro8eMZcJQIReyBtSu8CkZT7CkvOAmKtFjpem+SJUnAyUQU:u8eMZczZ7qJZvJvOAmKtHem+SanoX

Score

8^/10

discovery evasion impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/sbin/su	/system/bin/sh -c type su
/system/app/Superuser.apk	com.android.comicsisland.activity

Queries information about running processes on the device 1 TTPs 4 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.android.comicsisland.activity:pushservice
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.android.comicsisland.activity
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.android.comicsisland.activity:ipc
Framework service call	android.app.IActivityManager.getRunningAppProcesses	io.rong.push

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.android.comicsisland.activity

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

flow	ioc
37	alog.umeng.com

Queries information about active data network 1 TTPs 3 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	io.rong.push
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.android.comicsisland.activity:pushservice
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.android.comicsisland.activity

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.android.comicsisland.activity

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 4 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.android.comicsisland.activity
Framework service call	android.app.IActivityManager.registerReceiver	com.android.comicsisland.activity:ipc
Framework service call	android.app.IActivityManager.registerReceiver	io.rong.push
Framework service call	android.app.IActivityManager.registerReceiver	com.android.comicsisland.activity:pushservice

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.android.comicsisland.activity
Framework API call	javax.crypto.Cipher.doFinal	com.android.comicsisland.activity:pushservice

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.android.comicsisland.activity

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.android.comicsisland.activity

com.android.comicsisland.activity
1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4290
- /system/bin/sh -c getprop
  2⤵
  PID:4667
- getprop
  2⤵
  PID:4667
- /system/bin/sh -c type su
  2⤵
  - Checks if the Android device is rooted.
  PID:4693

com.android.comicsisland.activity:ipc
1⤵
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4341

io.rong.push
1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4357

com.android.comicsisland.activity:pushservice
1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4465

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.android.comicsisland.activity/app_crashrecord/1004

Filesize
243B

MD5
d03166f0191165c0308490f7a55ddbff

SHA1
cded66b51337a7cb762615c08870eb3c33c2d4b2

SHA256
d48830153c42059939025aec0da2112774e07dcef2fd9141ee84189eaabbffc9

SHA512
8329e5a030bea742ed7ceabdb6b570ef07a1cca3b49064d77a4e5bbf61ee1cd629a09765a85d6d2438ec4bb3b8e97beb4056fba4e4affd90b587e6034324f567

Download Submit
/data/data/com.android.comicsisland.activity/app_crashrecord/1004

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit
/data/data/com.android.comicsisland.activity/cache/image/journal.tmp

Filesize
31B

MD5
8c92de9ce46d41a22f3b20f77404cc1d

SHA1
8671a6dca00edb72be47363a7071be65cf270373

SHA256
68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

SHA512
30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

Download Submit
/data/data/com.android.comicsisland.activity/databases/Comics.db

Filesize
4KB

MD5
44ef3571562d7dc3b3fc126d192f4020

SHA1
48529fb5101081d84787df92f1c51364880aaab7

SHA256
fddcabf76ab0e586bd4dc2822719ae1cefdbc6bcff385e94945e330fe82ea6b7

SHA512
be26b1bbe8343cae673023949333ebd11b3937f1c3bc12f7624e0ed12364d565a101e2eda849d5128029ab9936ad7ab5b207bd3568d15d7d8e269ee8d243faf8

Download Submit
/data/data/com.android.comicsisland.activity/databases/Comics.db-journal

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.android.comicsisland.activity/databases/Comics.db-shm

Filesize
189KB

MD5
5bcec26f5eae63891f8614f0d5c769d5

SHA1
4617369175d831cd7f96d2d861c1890de91ca362

SHA256
a445029736c2ceefc35bf6989783d89f982041b518a5379f5fad52a7a767bf88

SHA512
b5febbf81b2dafe271f93215132c85b2b9d02d607c88b72beb0c25aa52f361fc384ad70e24331e439c4619bf6cc4ddbbddbbb877871f4944b90689c5ae0e2a8c

Download Submit
/data/data/com.android.comicsisland.activity/databases/Comics.db-wal

Filesize
225KB

MD5
d8895348ae3bb972b17755c3890c1828

SHA1
04b9be6700e1fc5ec38e1873631a4c8110d1481d

SHA256
10426c041e47537bbe142321cd932d279a0fa9806865ebd6a5cb438f0f91dca7

SHA512
451b9b3d8c3454de20e03d9f084a96d5255ce637d275bae4bea68e35400daabf5469363e40b19ab6cd27a8c227f35fbc98811bc91f9c742077f265d2ceef22cb

Download Submit
/data/data/com.android.comicsisland.activity/databases/bugly_db_-journal

Filesize
512B

MD5
ab1586fa831b88b247673be7c1817832

SHA1
3ec7ccfd17b9bc1955d89de59e9cd0dd48b7e682

SHA256
8daa499162b01570e266b5372e7f72a570d1f12594a7f6eea8e2a3841ccd5978

SHA512
999e298ee10c104420355019fbb3ee158c0fd73227bdfd795c0796be70f3bf7e40350ae5903793f7be2a66a6eb589ed80e2bc505cdb8289fe3f133b71c70a882

Download Submit
/data/data/com.android.comicsisland.activity/databases/bugly_db_-wal

Filesize
80KB

MD5
bef44deeb8e52bd6fcf23630bb5f52a6

SHA1
0eb6d0ab644c94c261cdec2137028ad427ff717d

SHA256
b669cd1f04ee782bfae942ae023cc03889b61d340f9631416f1ff72fcee66a41

SHA512
060c759fc9637ac367d3955ef15550baf0e065fb318ced6b0ae94bda8f764b01207425c922f9a6fbdd5404231bf49d8fdb81da904111ff992618d430c4eda783

Download Submit
/data/data/com.android.comicsisland.activity/databases/com.android.comicsisland.activity-journal

Filesize
512B

MD5
968f91c6eca9be7ca0f9e47d2e781249

SHA1
2d2fc484f9565bd8d44038c59590895ef1b28234

SHA256
666d30cfcb97918126566056edd8d40601d9b5adbdc6381ac47e9193e43caaf7

SHA512
5a887b6c5d49353d75fd2c218767f67c32177443f2328e306fbf0b098bd0547398c48f6d9fdbe30a8236056d1a1f2053b92d3fac9e855071b016aa02db90f086

Download Submit
/data/data/com.android.comicsisland.activity/databases/com.android.comicsisland.activity-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.android.comicsisland.activity/databases/com.android.comicsisland.activity-wal

Filesize
32KB

MD5
8c31842c4b647c008cdfa75b3cb58ca0

SHA1
e325f0d6cd35532c77a97a50b0dfd04bd13701a5

SHA256
ea11abd0287351696e4f0474ed7d6fefbb91fef245b5c22e06a89cd900a38f9e

SHA512
d1be03fe914ae94524eb91561e509da140ac348a1820be3033e155c71ba54c236390f5fda1584afa25ceb256e33a4409d0e53ca4d91bd90371041a79b3a9ff19

Download Submit
/data/data/com.android.comicsisland.activity/databases/gtc.db-journal

Filesize
512B

MD5
478760c6816cc5da7333f784c4b3b394

SHA1
e2ae17efc1c1e0d485eacf1f33cd77fcd4809b58

SHA256
168ae35252601e3358b6ebeaa0bb0d226cd35906f7ce8b2515ae34cfe39fc92c

SHA512
a2be407110afe2731b187b3d646979cfa9bba8f20e7f47bee8b62c93f1f82cdc90d0e3fb7f327614b6a154e02d52842bd4d5f7acd4b07e781cd37e9e8182e59f

Download Submit
/data/data/com.android.comicsisland.activity/databases/gtc.db-wal

Filesize
136KB

MD5
2b156c7cf96a11343535844f54899b05

SHA1
83123955d0b5fedfde7a59668a6c628d03975f29

SHA256
4080a903d486d846e8a40ec8fee23a0a2f07bd3153f92f4fbfe97f471b53e611

SHA512
caaf53f6a9c7d820214b71da7a74c7465e5edee6e6d1decc8135400c4b36be9aeb1dcf869504106e91989194ce3211064c403b9c32b8ac92c9fc25696165a994

Download Submit
/data/data/com.android.comicsisland.activity/databases/mwsdk_analytics.db-journal

Filesize
512B

MD5
6d1c6469fa47c9fdc3b060394e5a4d9e

SHA1
8564540625109f2bc87f996fe18fee1824a63482

SHA256
8a9f0a686614315f0a53532ad7d32160f00d33c9d6621dee04f69ff4a2077e32

SHA512
76574d9d6fd39888b719edae35d5e2a5b4e44999fd6a1818652970f1e203586b2ef836fed93f54762a71ad0982a06af01c999f5a2c45b8e25bcf7d5242e498ce

Download Submit
/data/data/com.android.comicsisland.activity/databases/mwsdk_analytics.db-wal

Filesize
40KB

MD5
7dbb902c7a30b2a5d2a528f8fb007d24

SHA1
026cd8dad73967ce45bf38a30958302e79e5c8d5

SHA256
ee6644d742a8ba3e806c76bb2ae10e2ccd2250cb578dac91d3f10ae58fc35d11

SHA512
d14fdda977c0885edd597beeaae69d13a1eb4859da4d03e4a6b20b15f8f20da738a1bfcf8eebab445446230b42b2482c895a5e4f8118fe2877dcc4ce22be5341

Download Submit
/data/data/com.android.comicsisland.activity/files/.um/um_cache_1718034313167.env

Filesize
606B

MD5
a39c60c81d46f1113ccbf2d4c7dc487a

SHA1
475e0906f92e0aec221d96686f9cc244c616a96e

SHA256
768da377eacb3788c30bd5cc689d8006091b3ea741023509e2dec6d14f1892fc

SHA512
0037e5aaa4554660f9f073914cb8e8f7735468ac8d3af0f598fdf7537c22981d24578c0f186eaf00a010eecd694e570032424b7b2c65d8cec2f90ec6cac83e6f

Download Submit
/data/data/com.android.comicsisland.activity/files/NBSUserAction

Filesize
32B

MD5
80980ea109ad9fedfaaae3997e168818

SHA1
ff94d15e2e91cf8cb9753da7d8421f1797a814b4

SHA256
d909e23476b4d1ea1df5ab35e468a9d7a2c694110d5ac90add6723afd29ededd

SHA512
2bb857b9685e63d14226215c7e65616bd595b0b3a4e9e854cff1dd2b71efd385a4aaafbb82e4e7f0f3769f46b01bee868b91e94c62d979914de77d858c989a8c

Download Submit
/data/data/com.android.comicsisland.activity/files/umeng_it.cache

Filesize
310B

MD5
5067b1bc808255b4c1d777e492e314f2

SHA1
c266186aaeb036d775b23c3a00f36a118cb26eb7

SHA256
da74607ce4b0e8a4bc955f3c84d7379d8d2ec919a85264787f17f27556c7316d

SHA512
62d06282ed29b6a116d7c55d9ecd8563ece6a7c6e8ce3ee447e74ed95c36207144b077fe6c2be3732840dab9566e5bf129d37b5c846bf4d6e416e0ee342cedc2

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
65B

MD5
d672cef3b92b8836dae21af4b5dbeb31

SHA1
0bcc233f610cf318049316d93da5f6f0a0cb258d

SHA256
c206e569ec983377173b952050701be2e9db81d850504ddd8ef6b3dc6bf5dc82

SHA512
271ff4963da445151c48efe0f138f82712ddf9e6961f46ae8dc175aa3170a8a1f6769330d27207afef5f9831ceeb425c9f0e06d2046ff4acfb016b1ccf1116f6

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
111B

MD5
72c74294342d12092d288009c2b37134

SHA1
8c4cca4bad0a19f50ce3de5be630a49692e3f96e

SHA256
9505a80d4c811d6ae319a8d23318a1186fe4537f152c48b8585430254c4bbbb0

SHA512
b8747b135cef79ebf2bebf0af61acdf397a688fc672845a6356ef0a73d134e096e690e010a3da98d33024518e5d660523bae7c7efa4b06043c2d7ea248d67db5

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
213B

MD5
fac8c75c07cdabae30f6f1a5b3a69378

SHA1
a96f4859aafac86cb5137bb0b55e65cda3003362

SHA256
65378fc8be32da7914d703df17c8b1e2aa4f7f12ee3c2d2875991e753a7781c5

SHA512
3d398f5862cf9ccd1da0b75f63f260c6b97294720aab75638dc2f1757b28529ce3fe221494d1b1062c10fceaa6ece575aa7fde76fbb7deb4a1a074cc37922315

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
167B

MD5
c3cc59d3c73ffc171f9d0b4041f04a79

SHA1
a79116f6b3b4a2a751f596d88c1fed5657541c52

SHA256
72ad2a440d2c0e1ea51bbf9a9886e703cb3b9383b10f6ec290d22f9bf658d015

SHA512
07d7d64dadc94eac07a7a50a7708518c1bc6d3149a47f491a40a68d7f09c4fa767fa087c05ade0c5d043788fcc94872e6bc0464b8f3cccda588a86553e00580f

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
111B

MD5
2c9897218f9e3331a5c1cb14ceced914

SHA1
87a69cc074e6ba9c586d37eb700ca0e966d25783

SHA256
3c49d8f37173ed139fc9f40820ff9cba1693f3a4ff5758cdb4f966adb2d219c7

SHA512
d7424470cb69aab34121292b88bca2d088567199b91a611f6138c1309a27ce635a1538c78bc3734dcad138a6123a992c9571c92ddfb19ab242b9519c0a9bbb79

Download Submit
/storage/emulated/0/Adhoc/ADHOC_CLIENT_ID

Filesize
36B

MD5
fffcf2de58d2119fe308c1093940b2b1

SHA1
6c15fa20e98e9530250836e5a52ecf2fc896c380

SHA256
5acfe14b813b2d0c2f67a65511b5e0404b5d0189e1db20b1a052562d7bada8ee

SHA512
b456180bd8c623ab5e851bb09219cc4606c0cddfb8236bf893b84809176f51e1605c3f534bd89dbdac08be4cdbea0ea0d68d154dfe9b6b9e6b5ecb645fe647fd

Download Submit
/storage/emulated/0/libs/com.android.comicsisland.activity_.db

Filesize
68B

MD5
29f02a157ca0bfbe5a91143372863115

SHA1
51913437631d299e6c8758f8c2cea2b2bbd71bbf

SHA256
6039a09cad66981f53fc22cbf3bba81f6e1c140e9d9076d0cd570dd910f99c49

SHA512
14405d97d021c40ed90cef8ed1aa037387778fc5a5f2445e1c48bd72cb3fc6de9ce05de0a8b5f096994e09653552093ec7ea2c8e1daf1ee58a30e569e9eb6358

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads