Analysis
-
max time kernel
179s -
max time network
179s -
platform
android_x64 -
resource
android-x64-arm64-20240514-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system -
submitted
23-05-2024 11:09
Static task
static1
Behavioral task
behavioral1
Sample
6abe0004ee53e69951296aa2f20ab0ab_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
6abe0004ee53e69951296aa2f20ab0ab_JaffaCakes118.apk
Resource
android-x64-20240514-en
General
-
Target
6abe0004ee53e69951296aa2f20ab0ab_JaffaCakes118.apk
-
Size
1.3MB
-
MD5
6abe0004ee53e69951296aa2f20ab0ab
-
SHA1
5a713725e7ae253265b9da89dc6086d605b25d55
-
SHA256
96722dd7dbaa0712be4833540f78c4e42c1f4e55547a3ba81c43be3e0852a8a5
-
SHA512
ffd83adcbee317d68764a170d5dd4ba54bb8be886856872331bc2ad50702122c1003067c8d371d22d7bed9cbc95e90f2aeb1d5de2301374e17b1e63836a0f9e5
-
SSDEEP
24576:C3ToL0otaYtXMheh8X3lUKfcfIkuovSp0Bjbo+kwjYrwq/13tdHbZKm51Ob83z:KMQ7YtQX1wvTvSpGj35jYrwq/1XHNKmr
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
-
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
Processes:
com.wemd.zfdc.rudscom.wemd.zfdc.ruds:daemonioc pid process /data/user/0/com.wemd.zfdc.ruds/app_mjf/dz.jar 4581 com.wemd.zfdc.ruds /data/user/0/com.wemd.zfdc.ruds/app_mjf/dz.jar 4647 com.wemd.zfdc.ruds:daemon -
Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
Processes:
com.wemd.zfdc.rudsdescription ioc process Framework service call android.accounts.IAccountManager.getAccountsAsUser com.wemd.zfdc.ruds -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.wemd.zfdc.rudsdescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.wemd.zfdc.ruds -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.wemd.zfdc.rudsdescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.wemd.zfdc.ruds -
Checks if the internet connection is available 1 TTPs 1 IoCs
Processes:
com.wemd.zfdc.rudsdescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.wemd.zfdc.ruds -
Reads information about phone network operator. 1 TTPs
Processes
-
com.wemd.zfdc.ruds1⤵
- Removes its main activity from the application launcher
- Checks CPU information
- Loads dropped Dex/Jar
- Queries account information for other applications stored on the device
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
-
com.wemd.zfdc.ruds:daemon1⤵
- Loads dropped Dex/Jar
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/user/0/com.wemd.zfdc.ruds/app_mjf/ddz.jarFilesize
105KB
MD523ba0b249042b7ba33e92c0199b0ea4a
SHA199b13ee9f7307316c2337953fceed87e9942b794
SHA2561ed0751a141b17c80a921f5e8ba90c66a56b8e73156f5cbe133b57d550ca4ef2
SHA5120cc88e2b7c2ffa4db274d690e3bf12098ec804b9fcd9e92b57d2fa0c4161031d2e84c91d86ba8e2b6e8b4837852defa099333f76bcd454c67b31632d0cdd4861
-
/data/user/0/com.wemd.zfdc.ruds/app_mjf/dz.jarFilesize
248KB
MD5a54a18b58c6720991c021f433dfb2a46
SHA1d2ffa07919f92b6e04914e39843f08fdb2a75b68
SHA2563dd88e4418bd4271af728fc6436c873a55e6b6f5c8ed241ee2cb0ee24fe3f7f3
SHA512e4a51b2462b247b1e5fbd947d06a2eba334f18398daadacbabcb4185f4255f05c22d656a8837a6088ffbdcaedfbdfbd8281c5dad4880c4e5021571e3fefc88cc
-
/data/user/0/com.wemd.zfdc.ruds/app_mjf/tdz.jarFilesize
105KB
MD5293ea5f01e27975bed5179ba79d80eac
SHA1c5b0806a537fd1cb753e11f1a9684933317716b8
SHA2568d86de68978e859c8262c0d0e932d3a1d57457b57ce88940620befab1bcead5b
SHA512c7cd2881367fdf95ec4151449b359decdae1adf136388edbaaa9880c7ebd14fb3579e7a15600a856988c55d207f7ba1fd7d938f4d9168aba8a7ff1c3029d6b53
-
/data/user/0/com.wemd.zfdc.ruds/databases/lezzdFilesize
28KB
MD5fdb8a92e5060ce104e8f0faca55a47ce
SHA1270d7ca30673e18cec1d2b9add71cba96dc426fe
SHA256194b40a3911f23ea75c8f4543a13c1236ae15b02c0228a080615a1012f60e05a
SHA512ad962634ddd027403b5677a9ca979763071ef4a9b6f0127b0c1fd4b3a8bc51f5c4fa71245c301d0dbbf60e18953a94621715ce3ca4addef82b18030e3d718122
-
/data/user/0/com.wemd.zfdc.ruds/databases/lezzd-journalFilesize
8KB
MD5fbe3fc555124d61996802fa0151fb4c0
SHA19dded503cdc96adc7b61428d12fa83914d46cca6
SHA256cf05dacb2f1517c0818a9d76ca8d07c5b6001369ad0bfb0b4923759a388cacfa
SHA51275f0cf7baaed3cbdd358da6cfd7cfe455cd91792820058c88febeeb1f8f01a1d7de3688aca11770e274a853eb44d5f51e7042b0691db23066119e53858133d59
-
/data/user/0/com.wemd.zfdc.ruds/databases/lezzd-journalFilesize
512B
MD51199a9309690ff53b523abd5038b84a4
SHA188cca6bf72cefcf25f2cfac05805b658af43486a
SHA2564e6ef18ed90bae4398a620a16438f88860e2c202417c0882d418a1d8a0cbb092
SHA51252ded9a72840827f99535701742c89f4aad3638d0f2af38d1c93b79ffe4b530dfc3bebbcf3559ad3d2ec33f2f06fc8d8b8c813d436f7ef2552948cfd00b247c5
-
/data/user/0/com.wemd.zfdc.ruds/databases/lezzd-journalFilesize
8KB
MD56245ae0d30602d0bfc6a72b3ac0666d0
SHA1e40cbd3acbea198a0447562994360ef938c49f0f
SHA256b25c7d2e492bec1d8a134ac710ac475a86a794ae00e89dc340cf2ae12a7fe244
SHA5122fd0ea0b6f0523721ba07ce190ca724bfbe090a3b55c62505981780cb2d145721ffd29bad96a1b0f61c95abe5e228cb779c9dfc7a3e49bd2696b326b8433c06c
-
/data/user/0/com.wemd.zfdc.ruds/databases/lezzd-journalFilesize
4KB
MD5fecc9f959969519724444b72a4e95c33
SHA19e4943013285c355d1a896735d35ff2b8142f647
SHA2561ed98126fda488f26122675dcada4b3d1aaeb06ae34207f4475a3c5d2c4224a9
SHA512117a4a12341f279f671e896970b670b620fded382111b2f2afb3ff16533272e47409a4c7f9adfa6fd08db198c6de8fa45d401008390458c741cdd855641590ad
-
/data/user/0/com.wemd.zfdc.ruds/databases/lezzd-journalFilesize
8KB
MD5d47f05dd2d8be03b5540c1ae5b1eb66b
SHA1a6b692ebcd5d60ddc4a3cea48ddfdf1da333ae18
SHA256149d097927414eaddcb6d242ab9deb662be5b0e13b7f082210f3a944e359fb75
SHA5127fea3eba52eba666418d44004d43aaa98bb78ed7ddc2a9b662a9fdb14b30c6bad105b7dcb87a64fc0fefbcf212f82344881d7ef23b6286ac86cfa7918a6b46d6
-
/data/user/0/com.wemd.zfdc.ruds/databases/lezzd-journalFilesize
8KB
MD5888dbd95af7ac78f514b18bcc700174d
SHA1f7c0e8ca3f1483ffdb3ca2e1bafc729341490703
SHA25665915673c23a4a20884ef70b2fbfa28c82ad09229404f9046b119047ffd058a4
SHA512a01200b09bc289b3a747971412389b96aa960c246d365bff576ab4b8439a4145b0a3c0f575cc996ef28fb37268337eb9d372327519ad8f0fe259633eba92c898
-
/data/user/0/com.wemd.zfdc.ruds/files/.um/um_cache_1716462670983.envFilesize
652B
MD54a8109344856abb4e215c60af8f7aff8
SHA1b64e9038f235378cc3f925cd676f74a6730de8ad
SHA256cfd2a064251d93d3514eeb0c0803d5a504c3547e16c097352c91eb8a2eddee6a
SHA51244b3095b8d697b49ef0a262f45fec748d594d6d3f9976c37f96a8617b45244c68d2d75474432996f59b1ee7d3888272b555f0881f043bf0f36372d7fe04925cb
-
/data/user/0/com.wemd.zfdc.ruds/files/.umeng/exchangeIdentity.jsonFilesize
162B
MD5a1105762f9b719cc80bd84f21dd850d7
SHA175a1e7e1ee0193d3a4d2db45c478a52d73c551e3
SHA2569859c67b7f1bc800739ec4eb14d7fdf2a70ce3e66164140118fff26f34ed906a
SHA512741b376a8242d5e85daa76cc03c716d52459a9034e94284eb73451ec5a8e7715d81c481d076255cb02b39c9b3c8f13725d728fa83af9793d3e73c2d1b3eaff96
-
/data/user/0/com.wemd.zfdc.ruds/files/mobclick_agent_cached_com.wemd.zfdc.ruds1Filesize
797B
MD57d3bc3e42c524a89dc625e4e9840f736
SHA1386e15c61d9f1417c7ea35f1978e6ad7233d6b56
SHA2563396e2677b60b1f85e3ec67c893a014dd18efa8766335529727ac520923f7faf
SHA5121f31bdaf6a593fc935e877b0565585e13e538efd673ba76c26a6dd0083743a91931516b716f406c65c265d58e518540c89c09b34796db85dbd8319676ef1b693
-
/data/user/0/com.wemd.zfdc.ruds/files/umeng_it.cacheFilesize
352B
MD55ffabc05ab69c5905053c1997b8f6b83
SHA1e30fe3db8e4f8a423a58b5cd2e9d28b63147ed8b
SHA2560d6b7c4bf71de787eed32cba36ba7a936a8115049782dc3f4152b17e54c828c0
SHA512b1c9d78c2d38677ab6d99ad601a0f76be7a4b8653775dd438ac6e3e95fdce1b7b70584d79cea9d15368272af350c6b16b2e3580d66c8cc3de9a8cd05c296b03c