2bec83b794f0cfaa4aace73e02ea22f0f82b1c5b8b400b76494b3dde1a9543e7

Analysis

max time kernel
13s
max time network
130s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
23-05-2024 05:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

69d89ca013b9196b0515a491026a7eea_JaffaCakes118.apk
Size

10.8MB
MD5

69d89ca013b9196b0515a491026a7eea
SHA1

922c7a04fed14ac12af5ec1af7d5cfe4f2386834
SHA256

2bec83b794f0cfaa4aace73e02ea22f0f82b1c5b8b400b76494b3dde1a9543e7
SHA512

d03f7ab4ac0ce72fedf1f00fe48201def8add895b0a93cd0827d22daa454ddfdfece118f49a1ae8761225fa003f72303ed5cdb7d56dd41d81901b5e2d34f2e35
SSDEEP

196608:c1bUAvr8tX12DAN5nU5PGA6MqayHz2WGsaPJ4ktL40wHIw8veuazVRbjIUKj73a:1Aj8RpN5U5PGWA2dAHFGXWIUKj7q

Score

8^/10

discovery evasion impact

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 5 IoCs

evasion

T1426

Processes:

which sucom.cafgame.residentzombiescn

ioc	process
/sbin/su	which su
/system/bin/su	which su
/system/xbin/su	which su
/system/bin/su	com.cafgame.residentzombiescn
/system/xbin/su	com.cafgame.residentzombiescn

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

com.cafgame.residentzombiescn

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.cafgame.residentzombiescn
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.cafgame.residentzombiescn

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.cafgame.residentzombiescn
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

T1471

Processes:

com.cafgame.residentzombiescn

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.cafgame.residentzombiescn

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.cafgame.residentzombiescn

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.cafgame.residentzombiescn

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.cafgame.residentzombiescn

com.cafgame.residentzombiescn
1⤵
- Checks if the Android device is rooted.
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4252

cat /proc/bus/input/devices
2⤵
PID:4291

which su
2⤵
- Checks if the Android device is rooted.
PID:4336

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.cafgame.residentzombiescn/databases/tvuphonedownload.db
Filesize
20KB

MD5
cf513481e803974b525812ac6e7ffbed

SHA1
4297aea7562e0ca519d7a8b7e29f1efdd7638362

SHA256
6fb45e2bd77ebc7ad776fe826acf9ba505a0a193232d92ec011a038cd30ba601

SHA512
62c4b3494f092bec0a141d35af194f5a75731618e1596c974c974a43b6bbdd2335982c16b1f953fdae371acb2e2a53924c275658b1bcd681150da26d5dd5dbcf

Download Submit
/data/data/com.cafgame.residentzombiescn/databases/tvuphonedownload.db-journal
Filesize
512B

MD5
7577344a6d11d3cdfb2c6a2af39876de

SHA1
54fede7b9b72ec8823ec0cadef92dd3d26c0e42d

SHA256
89326a93d6a4d9c6eda8c4b29540b05263eb0780495ee78189baf31cf1ba5b8c

SHA512
22f1c40c7beb2d51bd3344f2a105844d3e4694a678f7c0396fd4965d95d88be93199bebcdf2ba310168a76500c9d59abc76323a2c03fbc1bdd03356945670e65

Download Submit
/data/data/com.cafgame.residentzombiescn/databases/tvuphonedownload.db-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.cafgame.residentzombiescn/databases/tvuphonedownload.db-wal
Filesize
32KB

MD5
73a35c3e1dbed7fb68f04ffbf0d1c568

SHA1
03ddb9921f752881d7ee33adc4991e75d4ab961d

SHA256
7d2a3dd3fd9a2ad96f26e48d9d34bafe444110a3d63ab527b7199486c93065a5

SHA512
7694fe64eb6e74778849ea05e0e08f8de75734bc455af72ffb2fc12cff1a9880d900c4564f039e41e5f2f9732a7abdb9c46a49b4ce3a8f1bc9074990456d7000

Download Submit