96722dd7dbaa0712be4833540f78c4e42c1f4e55547a3ba81c43be3e0852a8a5

Analysis

max time kernel
179s
max time network
179s
platform
android_x64
resource
android-x64-arm64-20240514-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
submitted
23-05-2024 11:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6abe0004ee53e69951296aa2f20ab0ab_JaffaCakes118.apk
Size

1.3MB
MD5

6abe0004ee53e69951296aa2f20ab0ab
SHA1

5a713725e7ae253265b9da89dc6086d605b25d55
SHA256

96722dd7dbaa0712be4833540f78c4e42c1f4e55547a3ba81c43be3e0852a8a5
SHA512

ffd83adcbee317d68764a170d5dd4ba54bb8be886856872331bc2ad50702122c1003067c8d371d22d7bed9cbc95e90f2aeb1d5de2301374e17b1e63836a0f9e5
SSDEEP

24576:C3ToL0otaYtXMheh8X3lUKfcfIkuovSp0Bjbo+kwjYrwq/13tdHbZKm51Ob83z:KMQ7YtQX1wvTvSpGj35jYrwq/1XHNKmr

Score

8^/10

banker collection discovery evasion stealth trojan

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

T1418.001
Removes its main activity from the application launcher 1 TTPs 1 IoCs
stealth trojan evasion

T1628.001

Processes:

com.wemd.zfdc.ruds

pid process

4581 com.wemd.zfdc.ruds
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.wemd.zfdc.ruds

description ioc process

File opened for read /proc/cpuinfo com.wemd.zfdc.ruds

pid	process
4581	com.wemd.zfdc.ruds

description	ioc	process
File opened for read	/proc/cpuinfo	com.wemd.zfdc.ruds

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

T1407

Processes:

com.wemd.zfdc.rudscom.wemd.zfdc.ruds:daemon

ioc	pid	process
/data/user/0/com.wemd.zfdc.ruds/app_mjf/dz.jar	4581	com.wemd.zfdc.ruds
/data/user/0/com.wemd.zfdc.ruds/app_mjf/dz.jar	4647	com.wemd.zfdc.ruds:daemon

Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
collection

T1409

Processes:

com.wemd.zfdc.ruds

description ioc process

Framework service call android.accounts.IAccountManager.getAccountsAsUser com.wemd.zfdc.ruds
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

T1424

Processes:

com.wemd.zfdc.ruds

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.wemd.zfdc.ruds
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

com.wemd.zfdc.ruds

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.wemd.zfdc.ruds
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.wemd.zfdc.ruds

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.wemd.zfdc.ruds
Reads information about phone network operator. 1 TTPs
discovery

T1422

description	ioc	process
Framework service call	android.accounts.IAccountManager.getAccountsAsUser	com.wemd.zfdc.ruds

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.wemd.zfdc.ruds

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.wemd.zfdc.ruds

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.wemd.zfdc.ruds

com.wemd.zfdc.ruds
1⤵
- Removes its main activity from the application launcher
- Checks CPU information
- Loads dropped Dex/Jar
- Queries account information for other applications stored on the device
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
PID:4581

com.wemd.zfdc.ruds:daemon
1⤵
- Loads dropped Dex/Jar
PID:4647

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.wemd.zfdc.ruds/app_mjf/ddz.jar
Filesize
105KB

MD5
23ba0b249042b7ba33e92c0199b0ea4a

SHA1
99b13ee9f7307316c2337953fceed87e9942b794

SHA256
1ed0751a141b17c80a921f5e8ba90c66a56b8e73156f5cbe133b57d550ca4ef2

SHA512
0cc88e2b7c2ffa4db274d690e3bf12098ec804b9fcd9e92b57d2fa0c4161031d2e84c91d86ba8e2b6e8b4837852defa099333f76bcd454c67b31632d0cdd4861

Download Submit
/data/user/0/com.wemd.zfdc.ruds/app_mjf/dz.jar
Filesize
248KB

MD5
a54a18b58c6720991c021f433dfb2a46

SHA1
d2ffa07919f92b6e04914e39843f08fdb2a75b68

SHA256
3dd88e4418bd4271af728fc6436c873a55e6b6f5c8ed241ee2cb0ee24fe3f7f3

SHA512
e4a51b2462b247b1e5fbd947d06a2eba334f18398daadacbabcb4185f4255f05c22d656a8837a6088ffbdcaedfbdfbd8281c5dad4880c4e5021571e3fefc88cc

Download Submit
/data/user/0/com.wemd.zfdc.ruds/app_mjf/tdz.jar
Filesize
105KB

MD5
293ea5f01e27975bed5179ba79d80eac

SHA1
c5b0806a537fd1cb753e11f1a9684933317716b8

SHA256
8d86de68978e859c8262c0d0e932d3a1d57457b57ce88940620befab1bcead5b

SHA512
c7cd2881367fdf95ec4151449b359decdae1adf136388edbaaa9880c7ebd14fb3579e7a15600a856988c55d207f7ba1fd7d938f4d9168aba8a7ff1c3029d6b53

Download Submit
/data/user/0/com.wemd.zfdc.ruds/databases/lezzd
Filesize
28KB

MD5
fdb8a92e5060ce104e8f0faca55a47ce

SHA1
270d7ca30673e18cec1d2b9add71cba96dc426fe

SHA256
194b40a3911f23ea75c8f4543a13c1236ae15b02c0228a080615a1012f60e05a

SHA512
ad962634ddd027403b5677a9ca979763071ef4a9b6f0127b0c1fd4b3a8bc51f5c4fa71245c301d0dbbf60e18953a94621715ce3ca4addef82b18030e3d718122

Download Submit
/data/user/0/com.wemd.zfdc.ruds/databases/lezzd-journal
Filesize
8KB

MD5
fbe3fc555124d61996802fa0151fb4c0

SHA1
9dded503cdc96adc7b61428d12fa83914d46cca6

SHA256
cf05dacb2f1517c0818a9d76ca8d07c5b6001369ad0bfb0b4923759a388cacfa

SHA512
75f0cf7baaed3cbdd358da6cfd7cfe455cd91792820058c88febeeb1f8f01a1d7de3688aca11770e274a853eb44d5f51e7042b0691db23066119e53858133d59

Download Submit
/data/user/0/com.wemd.zfdc.ruds/databases/lezzd-journal
Filesize
512B

MD5
1199a9309690ff53b523abd5038b84a4

SHA1
88cca6bf72cefcf25f2cfac05805b658af43486a

SHA256
4e6ef18ed90bae4398a620a16438f88860e2c202417c0882d418a1d8a0cbb092

SHA512
52ded9a72840827f99535701742c89f4aad3638d0f2af38d1c93b79ffe4b530dfc3bebbcf3559ad3d2ec33f2f06fc8d8b8c813d436f7ef2552948cfd00b247c5

Download Submit
/data/user/0/com.wemd.zfdc.ruds/databases/lezzd-journal
Filesize
8KB

MD5
6245ae0d30602d0bfc6a72b3ac0666d0

SHA1
e40cbd3acbea198a0447562994360ef938c49f0f

SHA256
b25c7d2e492bec1d8a134ac710ac475a86a794ae00e89dc340cf2ae12a7fe244

SHA512
2fd0ea0b6f0523721ba07ce190ca724bfbe090a3b55c62505981780cb2d145721ffd29bad96a1b0f61c95abe5e228cb779c9dfc7a3e49bd2696b326b8433c06c

Download Submit
/data/user/0/com.wemd.zfdc.ruds/databases/lezzd-journal
Filesize
4KB

MD5
fecc9f959969519724444b72a4e95c33

SHA1
9e4943013285c355d1a896735d35ff2b8142f647

SHA256
1ed98126fda488f26122675dcada4b3d1aaeb06ae34207f4475a3c5d2c4224a9

SHA512
117a4a12341f279f671e896970b670b620fded382111b2f2afb3ff16533272e47409a4c7f9adfa6fd08db198c6de8fa45d401008390458c741cdd855641590ad

Download Submit
/data/user/0/com.wemd.zfdc.ruds/databases/lezzd-journal
Filesize
8KB

MD5
d47f05dd2d8be03b5540c1ae5b1eb66b

SHA1
a6b692ebcd5d60ddc4a3cea48ddfdf1da333ae18

SHA256
149d097927414eaddcb6d242ab9deb662be5b0e13b7f082210f3a944e359fb75

SHA512
7fea3eba52eba666418d44004d43aaa98bb78ed7ddc2a9b662a9fdb14b30c6bad105b7dcb87a64fc0fefbcf212f82344881d7ef23b6286ac86cfa7918a6b46d6

Download Submit
/data/user/0/com.wemd.zfdc.ruds/databases/lezzd-journal
Filesize
8KB

MD5
888dbd95af7ac78f514b18bcc700174d

SHA1
f7c0e8ca3f1483ffdb3ca2e1bafc729341490703

SHA256
65915673c23a4a20884ef70b2fbfa28c82ad09229404f9046b119047ffd058a4

SHA512
a01200b09bc289b3a747971412389b96aa960c246d365bff576ab4b8439a4145b0a3c0f575cc996ef28fb37268337eb9d372327519ad8f0fe259633eba92c898

Download Submit
/data/user/0/com.wemd.zfdc.ruds/files/.um/um_cache_1716462670983.env
Filesize
652B

MD5
4a8109344856abb4e215c60af8f7aff8

SHA1
b64e9038f235378cc3f925cd676f74a6730de8ad

SHA256
cfd2a064251d93d3514eeb0c0803d5a504c3547e16c097352c91eb8a2eddee6a

SHA512
44b3095b8d697b49ef0a262f45fec748d594d6d3f9976c37f96a8617b45244c68d2d75474432996f59b1ee7d3888272b555f0881f043bf0f36372d7fe04925cb

Download Submit
/data/user/0/com.wemd.zfdc.ruds/files/.umeng/exchangeIdentity.json
Filesize
162B

MD5
a1105762f9b719cc80bd84f21dd850d7

SHA1
75a1e7e1ee0193d3a4d2db45c478a52d73c551e3

SHA256
9859c67b7f1bc800739ec4eb14d7fdf2a70ce3e66164140118fff26f34ed906a

SHA512
741b376a8242d5e85daa76cc03c716d52459a9034e94284eb73451ec5a8e7715d81c481d076255cb02b39c9b3c8f13725d728fa83af9793d3e73c2d1b3eaff96

Download Submit
/data/user/0/com.wemd.zfdc.ruds/files/mobclick_agent_cached_com.wemd.zfdc.ruds1
Filesize
797B

MD5
7d3bc3e42c524a89dc625e4e9840f736

SHA1
386e15c61d9f1417c7ea35f1978e6ad7233d6b56

SHA256
3396e2677b60b1f85e3ec67c893a014dd18efa8766335529727ac520923f7faf

SHA512
1f31bdaf6a593fc935e877b0565585e13e538efd673ba76c26a6dd0083743a91931516b716f406c65c265d58e518540c89c09b34796db85dbd8319676ef1b693

Download Submit
/data/user/0/com.wemd.zfdc.ruds/files/umeng_it.cache
Filesize
352B

MD5
5ffabc05ab69c5905053c1997b8f6b83

SHA1
e30fe3db8e4f8a423a58b5cd2e9d28b63147ed8b

SHA256
0d6b7c4bf71de787eed32cba36ba7a936a8115049782dc3f4152b17e54c828c0

SHA512
b1c9d78c2d38677ab6d99ad601a0f76be7a4b8653775dd438ac6e3e95fdce1b7b70584d79cea9d15368272af350c6b16b2e3580d66c8cc3de9a8cd05c296b03c

Download Submit