Analysis
-
max time kernel
178s -
max time network
179s -
platform
android_x64 -
resource
android-x64-20240514-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system -
submitted
23-05-2024 11:09
Static task
static1
Behavioral task
behavioral1
Sample
6abe0004ee53e69951296aa2f20ab0ab_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
6abe0004ee53e69951296aa2f20ab0ab_JaffaCakes118.apk
Resource
android-x64-20240514-en
General
-
Target
6abe0004ee53e69951296aa2f20ab0ab_JaffaCakes118.apk
-
Size
1.3MB
-
MD5
6abe0004ee53e69951296aa2f20ab0ab
-
SHA1
5a713725e7ae253265b9da89dc6086d605b25d55
-
SHA256
96722dd7dbaa0712be4833540f78c4e42c1f4e55547a3ba81c43be3e0852a8a5
-
SHA512
ffd83adcbee317d68764a170d5dd4ba54bb8be886856872331bc2ad50702122c1003067c8d371d22d7bed9cbc95e90f2aeb1d5de2301374e17b1e63836a0f9e5
-
SSDEEP
24576:C3ToL0otaYtXMheh8X3lUKfcfIkuovSp0Bjbo+kwjYrwq/13tdHbZKm51Ob83z:KMQ7YtQX1wvTvSpGj35jYrwq/1XHNKmr
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
-
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
Processes:
com.wemd.zfdc.rudscom.wemd.zfdc.ruds:daemonioc pid process /data/user/0/com.wemd.zfdc.ruds/app_mjf/dz.jar 5091 com.wemd.zfdc.ruds /data/user/0/com.wemd.zfdc.ruds/app_mjf/dz.jar 5168 com.wemd.zfdc.ruds:daemon -
Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
Processes:
com.wemd.zfdc.rudsdescription ioc process Framework service call android.accounts.IAccountManager.getAccountsAsUser com.wemd.zfdc.ruds -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.wemd.zfdc.rudsdescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.wemd.zfdc.ruds -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.wemd.zfdc.rudsdescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.wemd.zfdc.ruds -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.wemd.zfdc.rudsdescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.wemd.zfdc.ruds -
Checks if the internet connection is available 1 TTPs 1 IoCs
Processes:
com.wemd.zfdc.rudsdescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.wemd.zfdc.ruds -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
Processes
-
com.wemd.zfdc.ruds1⤵
- Removes its main activity from the application launcher
- Checks CPU information
- Loads dropped Dex/Jar
- Queries account information for other applications stored on the device
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
-
com.wemd.zfdc.ruds:daemon1⤵
- Loads dropped Dex/Jar
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.wemd.zfdc.ruds/app_mjf/ddz.jarFilesize
105KB
MD523ba0b249042b7ba33e92c0199b0ea4a
SHA199b13ee9f7307316c2337953fceed87e9942b794
SHA2561ed0751a141b17c80a921f5e8ba90c66a56b8e73156f5cbe133b57d550ca4ef2
SHA5120cc88e2b7c2ffa4db274d690e3bf12098ec804b9fcd9e92b57d2fa0c4161031d2e84c91d86ba8e2b6e8b4837852defa099333f76bcd454c67b31632d0cdd4861
-
/data/data/com.wemd.zfdc.ruds/app_mjf/oat/dz.jar.cur.profFilesize
734B
MD5ad70d5493c5d67325ade40bfa925e7ca
SHA10b82a38ca1b2da0c4df4935d75ad36e3481aa616
SHA2563053a0ea90d74afa8ad601c8b8b4d183a8a8b22e46efaa2ddcd4b7db54f7d9bc
SHA5120b3af28049c57740b0186b8c53d8ad8c76d182245c98a19ebced66cd151194ed59cdd4217313be181ec2dbc65eadd0bad1efcff5a8f4b48c729349649274672d
-
/data/data/com.wemd.zfdc.ruds/app_mjf/tdz.jarFilesize
105KB
MD5293ea5f01e27975bed5179ba79d80eac
SHA1c5b0806a537fd1cb753e11f1a9684933317716b8
SHA2568d86de68978e859c8262c0d0e932d3a1d57457b57ce88940620befab1bcead5b
SHA512c7cd2881367fdf95ec4151449b359decdae1adf136388edbaaa9880c7ebd14fb3579e7a15600a856988c55d207f7ba1fd7d938f4d9168aba8a7ff1c3029d6b53
-
/data/data/com.wemd.zfdc.ruds/databases/lezzdFilesize
28KB
MD5dae68dcffc3d522a79f98ebbc3b6d457
SHA16df5dce9a50f12044a2d20b8d1742ae47b82ee03
SHA25656cf91ca198812e0ef9ba4af0e96c08a32e24c917bcf2250bdebdfd7fd6f5286
SHA51223b76f988399e9c9e4f5a7e8d19ecb765abdb115b0beee35f8ca9d221bbc5ee79f0152fac4261cc91eb9e7f874b5c6e9bff2dbb1812d31412d506cf83c16adcd
-
/data/data/com.wemd.zfdc.ruds/databases/lezzd-journalFilesize
8KB
MD5186a91a73bd4c7f6e2b851f7dd9817c7
SHA19480e5ff548ff21565a9e52044b66f6fed25a2e2
SHA256d3177588ff2586a15b2a34d0e17abe1e8fd3e0a8d2bc570530c5c83b9c476edb
SHA512255db96918850fbbb9eb4e50713b2a2889a2ff027681a18260da693904a93fbd2a5d2867db1ec734ecd897388a0fd641fa986a9b32080709e6c8b3a92b06be66
-
/data/data/com.wemd.zfdc.ruds/databases/lezzd-journalFilesize
512B
MD5bc331716510f94baa4dba144f251c231
SHA1bb27d1138a3203cc131aa6f84264542885fa8c91
SHA2562a994960385e21b1f0755ce7506be3009cd064ca4f94aaf4544ad2fc4f2e7e07
SHA512df360cd110003415df360395034dc7ccc868cdd1c72121506eb8d120921b44610503f96396069c99c10b3e00ac28bbdf0029738b1e8f01750f5476ecf148197f
-
/data/data/com.wemd.zfdc.ruds/databases/lezzd-journalFilesize
8KB
MD5ae4b4b22dc8882d94f7a3219b8b7dcdb
SHA1fe729f60d4d5b1e7b36f2202cdd3dc7799b258fb
SHA256d8d0cf2afad36af496f2adf340dc9b5c66a044aeadf994d0918b3140da7898de
SHA512adfece00dae890a6181c96a01444e0ab9036622964b7164be14eea02cd9b9a79bb1feb145488c05bc48433fb0c56569641503adeb5b98735c47d84a295d751a7
-
/data/data/com.wemd.zfdc.ruds/databases/lezzd-journalFilesize
4KB
MD5ad986cb5f4ad62f8cbf6093c6dcea84e
SHA1439f63737a502b479354cc8b9c133a89424374e7
SHA25608aba88bb8b1ca2c0934f5ce417a26306b189b91651d24a2a4bc6fc12d181f18
SHA512ff6c451027d9ca85697f5a2200710a035be3671dcb58bc7ceff28f8f2508925e809f0783efd63ebc9be5f66548ebec773623d125d2cf58adf5ed945a296852a4
-
/data/data/com.wemd.zfdc.ruds/databases/lezzd-journalFilesize
8KB
MD59d521939b46752b7c9a08d83b1211189
SHA1c0f55979c51361b222282faf8723242086c1cc8a
SHA256f7140acdfc5eda949289958cfd0f0c077f367abc0ebf5acda2f922d265578f8d
SHA5124fef922cb379891a3d82269224edc04fa65bedbc7fbe9ab491bad242ff72a753f30e0790ea2d2a99ff75d54b14bda1ec99ac668a6a6d8ec402079ea6be06fb72
-
/data/data/com.wemd.zfdc.ruds/databases/lezzd-journalFilesize
8KB
MD5410d130ef42c365e5212ba2071d62049
SHA1e80cfaeb0edf99f80566a735c2b10bc03cdc2f40
SHA256bb99d1422314b8493ee49cad0c930a29053fd3e8d75bb075e8e1f1dad9588b76
SHA5127d9fea46c4a73eec78a3d3bcfda2c343b47cfc5d0260149df022e9ba1eedb48d70607b12ee9101e76e73897d2aabbc4cfcaa2f1994c89713ecc54bc87afacb9e
-
/data/data/com.wemd.zfdc.ruds/files/.um/um_cache_1716462670373.envFilesize
655B
MD5699b9c72c443bccb1bad04d6f5b9b652
SHA1303cb01a358dda590360123b6353d6b43f0973d9
SHA25624ace1a5e3a60c60248d6759dc6d5112d12f99ee9b5fb9a93c2184d3bc8b6dfd
SHA512c2865683bf2ec64662eb072b6e5fb73c8b94d993f119424976ebcf405a0934825a0eb994e9138ec35f7281a1753ceedf04e3925bf007af7a5f61f6b5e166a91c
-
/data/data/com.wemd.zfdc.ruds/files/.umeng/exchangeIdentity.jsonFilesize
162B
MD56430ec20e9fc2022904619ae2e6d5a94
SHA10496c18f5aaa0794fdec2f82f2f3e19890182178
SHA2564b95b9fb00d1debdddbb7615df4024a223c3e977c0ce221540b37a9daea6c7ce
SHA512289f40720cac0de4be4202a2b237b956927ec87de4f2db5526e1d3ea208b30e0efad947c1b44a9ce63f0fb82afe03a32c5ad4ab6081296c58ea815807b8b058e
-
/data/data/com.wemd.zfdc.ruds/files/mobclick_agent_cached_com.wemd.zfdc.ruds1Filesize
794B
MD5967e64d20cfd5ddbec245b42552813c5
SHA1637860a99967254a50ceceab44c213c5a404a517
SHA25623220be0bd16a2fa23411746c28c571c7a31154923041607b20fd39778fd945b
SHA512bbb43cb13b212710f52d6e1285a2eb4b5927a53b41403932aa80e4db21ea815b524232e14208c7ded545d7528bf99def7237ac7826ddf9be8371c91f3ff5815a
-
/data/data/com.wemd.zfdc.ruds/files/umeng_it.cacheFilesize
350B
MD50044c6f6d95bd57272ec92d4fa5b0c6a
SHA1cdfed4347f608ee19ef08e8234f6723d8f98e220
SHA256860375af05c37aea16e6f340c134cc0667f3f12d30f5b2e2d79813c85e193ec5
SHA512ea71c2caaa52732330554392e60a671d855d5741e65d25672248d2eb6ed3025f094381ac7e2ea4515518dd3a52794e7da9a121306573902c9c5393eb9eebd99b
-
/data/user/0/com.wemd.zfdc.ruds/app_mjf/dz.jarFilesize
248KB
MD5a54a18b58c6720991c021f433dfb2a46
SHA1d2ffa07919f92b6e04914e39843f08fdb2a75b68
SHA2563dd88e4418bd4271af728fc6436c873a55e6b6f5c8ed241ee2cb0ee24fe3f7f3
SHA512e4a51b2462b247b1e5fbd947d06a2eba334f18398daadacbabcb4185f4255f05c22d656a8837a6088ffbdcaedfbdfbd8281c5dad4880c4e5021571e3fefc88cc