Analysis
-
max time kernel
13s -
max time network
130s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system -
submitted
23-05-2024 05:14
Static task
static1
General
-
Target
69d89ca013b9196b0515a491026a7eea_JaffaCakes118.apk
-
Size
10.8MB
-
MD5
69d89ca013b9196b0515a491026a7eea
-
SHA1
922c7a04fed14ac12af5ec1af7d5cfe4f2386834
-
SHA256
2bec83b794f0cfaa4aace73e02ea22f0f82b1c5b8b400b76494b3dde1a9543e7
-
SHA512
d03f7ab4ac0ce72fedf1f00fe48201def8add895b0a93cd0827d22daa454ddfdfece118f49a1ae8761225fa003f72303ed5cdb7d56dd41d81901b5e2d34f2e35
-
SSDEEP
196608:c1bUAvr8tX12DAN5nU5PGA6MqayHz2WGsaPJ4ktL40wHIw8veuazVRbjIUKj73a:1Aj8RpN5U5PGWA2dAHFGXWIUKj7q
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 5 IoCs
Processes:
which sucom.cafgame.residentzombiescnioc process /sbin/su which su /system/bin/su which su /system/xbin/su which su /system/bin/su com.cafgame.residentzombiescn /system/xbin/su com.cafgame.residentzombiescn -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.cafgame.residentzombiescndescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.cafgame.residentzombiescn -
Checks if the internet connection is available 1 TTPs 1 IoCs
Processes:
com.cafgame.residentzombiescndescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.cafgame.residentzombiescn -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.cafgame.residentzombiescndescription ioc process Framework API call javax.crypto.Cipher.doFinal com.cafgame.residentzombiescn
Processes
-
com.cafgame.residentzombiescn1⤵
- Checks if the Android device is rooted.
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
-
cat /proc/bus/input/devices2⤵
-
which su2⤵
- Checks if the Android device is rooted.
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.cafgame.residentzombiescn/databases/tvuphonedownload.dbFilesize
20KB
MD5cf513481e803974b525812ac6e7ffbed
SHA14297aea7562e0ca519d7a8b7e29f1efdd7638362
SHA2566fb45e2bd77ebc7ad776fe826acf9ba505a0a193232d92ec011a038cd30ba601
SHA51262c4b3494f092bec0a141d35af194f5a75731618e1596c974c974a43b6bbdd2335982c16b1f953fdae371acb2e2a53924c275658b1bcd681150da26d5dd5dbcf
-
/data/data/com.cafgame.residentzombiescn/databases/tvuphonedownload.db-journalFilesize
512B
MD57577344a6d11d3cdfb2c6a2af39876de
SHA154fede7b9b72ec8823ec0cadef92dd3d26c0e42d
SHA25689326a93d6a4d9c6eda8c4b29540b05263eb0780495ee78189baf31cf1ba5b8c
SHA51222f1c40c7beb2d51bd3344f2a105844d3e4694a678f7c0396fd4965d95d88be93199bebcdf2ba310168a76500c9d59abc76323a2c03fbc1bdd03356945670e65
-
/data/data/com.cafgame.residentzombiescn/databases/tvuphonedownload.db-shmFilesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
/data/data/com.cafgame.residentzombiescn/databases/tvuphonedownload.db-walFilesize
32KB
MD573a35c3e1dbed7fb68f04ffbf0d1c568
SHA103ddb9921f752881d7ee33adc4991e75d4ab961d
SHA2567d2a3dd3fd9a2ad96f26e48d9d34bafe444110a3d63ab527b7199486c93065a5
SHA5127694fe64eb6e74778849ea05e0e08f8de75734bc455af72ffb2fc12cff1a9880d900c4564f039e41e5f2f9732a7abdb9c46a49b4ce3a8f1bc9074990456d7000