Analysis
-
max time kernel
11s -
max time network
190s -
platform
android_x64 -
resource
android-x64-20240514-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system -
submitted
18/05/2024, 08:49
Static task
static1
Behavioral task
behavioral1
Sample
53eb5b9ca3430299c42da952ce634f4a_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
53eb5b9ca3430299c42da952ce634f4a_JaffaCakes118.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral3
Sample
alipay_msp.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral4
Sample
alipay_msp.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral5
Sample
legudzbait.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral6
Sample
legudzbait.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral7
Sample
legudzbait.apk
Resource
android-x64-arm64-20240514-en
General
-
Target
53eb5b9ca3430299c42da952ce634f4a_JaffaCakes118.apk
-
Size
10.2MB
-
MD5
53eb5b9ca3430299c42da952ce634f4a
-
SHA1
4f78ddebd344dd08e074abeb6e83f073c4ff92ea
-
SHA256
1e65987c63389d24af9551cbad99ce69461a6ab6f2cdff434fbf968f0a8ea10b
-
SHA512
05a83618cf4f6180cda9d47944625579fa707c118adcdc74e9d832b77c82c5e559a3eef06283157d568f2b245c720c7688574ee28e00073e012c75a53a0ed860
-
SSDEEP
196608:qmNUBCLy7/2MJa3NGvFD0FDkB1ss5duxzduExdu0rduYzdu4qdu4vij9zFjFn+e+:rUBCtyadGvFik4vzhCc4
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 1 IoCs
ioc Process /system/app/Superuser.apk com.fdcz.zsct -
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
description ioc Process File opened for read /proc/meminfo com.fdcz.zsct -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.fdcz.zsct -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.fdcz.zsct -
Checks if the internet connection is available 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.fdcz.zsct -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.fdcz.zsct
Processes
-
com.fdcz.zsct1⤵
- Checks if the Android device is rooted.
- Checks memory information
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:5118
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5218d70d7431af16487df887fb16c0680
SHA146b541860d69fe195242519f6c578f56bdf87bd8
SHA256aaaafd2aaab766fcc42f71b10d6996334d11e89cd16dba770e311fc8f472217b
SHA512efb518e27264fde6a42a629aad82bee48d219c95d090dd78a8769ff1b3a246a8ae03c799a342006e21a5fb38dd061fd1c6acfb81b301a18e5d7c2c5a6e955ce9
-
Filesize
332B
MD563e7266564f48ced2f09186709ec64fb
SHA1e06c1e5afad533477cb302447dba7b86b4d575be
SHA256e023ac7d92012e559c26ae2bf37708abbaf02c2b0419edf2af31e11c19a369da
SHA5128dddf5f393bc083dddf6f4fe7383b4e49e91a4a468b795c42012268bc36f87b1be90d55c88f986916a682a5009c14902e7178ea5c8ed3a85b68b858a4ba838f1
-
Filesize
56B
MD5bd0f8f8f3ad93fa07623422ec6e72003
SHA1c3589295e7a4ddcf35bcd7a2c13bfd381783821a
SHA2567fe875398dea7537a57a77c5275cbc8647aaf63ab6fd9148443b65df2e1d0647
SHA5122ec3e073321262b667afbf98fe4e9f51e4c0c58baaad506b120239031f10699d699b94470bef13007bd6199df3d3b03f1eaf147c0cba5178aee7e267072b1c0b
-
Filesize
207B
MD561e4f945ebd12ba8d5bc2be6c046ab44
SHA142b5b887957995045898a7f69bf94d7420893a85
SHA2567c22d681a92e2303f4a387a1c005144516397a343566e88aab1207f83f7f6e0d
SHA512f467ff07de63dd6493e8c30b2de11d58b0a925057e2aea8346dbcade372b7ef03e086c2e4cf025cb113c7ce7779806ca0a2a8f500917e6540eb3bf5b9ddaa842
-
Filesize
64KB
MD5d0c3a96fd4613bbe9a7f08f67817fe9f
SHA1b709da4d43d8d5d6b82404b7745a74521396dcdb
SHA256bd8887e69c9750093b5807720db7a91340ea0dbda08373b81a9835e391a0d5f8
SHA512f6e196a698f3b041df76195ed2556c40c63fcd682ff094c600b64b3463b8ea8b270a1b53703e930a0f86771793bc9936c512eb76fae702f739140dbca71bcb42
-
Filesize
8KB
MD5fc9100ba630147674a5e2e2b4ecc786d
SHA11c3ab999bc9e5765f2361ded64481fe4306448cc
SHA256d88c72a6bbe7e55fb09985757cdfc0831ca9966c7ceb30ddd1819c0fa3fafe39
SHA512d1327bc2d021c2bb3ca5503af482b3749c85a84962860ca2d88c5acf3b68ce271e981fb47d3869009d44428f4fca96410d0257aeb8f2c2e9886489c13d74c053
-
Filesize
12KB
MD5366f1fed615da343413daca1b7a63ded
SHA1e9e2d9350ab1f2fe8ec9ac833cf396ced1361b21
SHA2561f310a7ee19245706d1e68b8e13fec4b9039c962b2c67770fca257687964c1e5
SHA51274acf887a4d6c6fc78b82d7cc729873a71a411aa118f77146afa3e7c64a02fe9288930766b0758e1bbac996c9a4f09aa6c0b9d446f7b368e5438539a697acff3
-
Filesize
512B
MD574b4ab2a9a52c2c804a6c9cdeb51d179
SHA1e3f22fc0b06135b8d52fa108ca6a7196422d18ae
SHA256eab70a08b31200ebc8914b51131ea251cb7c7ec3dc9c768f2457346e21e4d1b9
SHA5126703ef49914287e7eef1d80ccb7653c40b46afaa959b79e3b2b3bdebfae84d2539912be6326dc830e4b791a9e75d88154db668e47a4f230e235e5f23e74677f3
-
Filesize
8KB
MD59088412642126827ecee2db22c8ee637
SHA11fe347e00f46c65fc94ca688332b604ab2196246
SHA256d1b670f6b7b676e4c591eafe992ac6ecf73790c5dd89eccbd5e17d251c703993
SHA512b7b7508ff1c573e98bbf7f598fe3dcaae69fedba5ab94627539e24158d76dc34d4fe2d28547d47ef1f7eb0b08110825682d8eb7e103e71b668991833d4a03899
-
Filesize
8KB
MD5bc891a8d8dfc26fa24262bceef1aefc1
SHA1e886f53f8aa8ba465af95febfdb6ec660adb7ad8
SHA25615f430f2c85f3d01792d2c6742d964029d5c11268329414ca04f8ec3a56a6725
SHA512da9bafc4628f0c6a262771f95959027a48034b8812b5a0886719a79e2a5fb4c57d954ce02c92b1a2d40cf5a6508868ea0441f8bedb4890ccdbfb8e4ab51f338b
-
Filesize
8KB
MD529837506cf8ed74f091383df8c997311
SHA16c06cde0bfacf5ce27552416527b8643ccbe816a
SHA256dc39926cd7cf8767be4aca982c21eae5dab308f3248c4c29c89d6bcdac7dade3
SHA512f582dc8c58a69482683bfee9fbab97efb269ba8a7762282c104e2f61006159e2ad50db6eb978293b52ffb39dff7ec16dd5c273acc9565f369db580ddb0e71011