Analysis

  • max time kernel
    16s
  • max time network
    152s
  • platform
    android_x64
  • resource
    android-x64-20240611.1-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240611.1-enlocale:en-usos:android-10-x64system
  • submitted
    14-06-2024 22:45

General

  • Target

    abd4fbe636a55ac5bb053d95dd405b14_JaffaCakes118.apk

  • Size

    29.9MB

  • MD5

    abd4fbe636a55ac5bb053d95dd405b14

  • SHA1

    ce4cd9407dc986cd7d1c39e1b906fbb4414ada9d

  • SHA256

    d81b4b850953be52510e319e641cd1655ed667caa76f62842b1b06a323bc3dab

  • SHA512

    93a43a4dd8a699efa7d5ebf02f9fff49c156a958830cbfc4d096745ce2c22f1e1eea0896a1dfb1f6b928d35defb854903ef5a545c0e9367464dbe041e3e5327c

  • SSDEEP

    786432:vjUIdkzEmamKZ2/Buxk38+DhiEG96kaTD0yTfPu1:oIdkumH/Yq8+s3969MyTfm1

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 1 IoCs
  • Loads dropped Dex/Jar 1 TTPs 3 IoCs

    Runs executable file dropped to the device during analysis.

  • Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

    Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Queries information about active data network 1 TTPs 1 IoCs
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
  • Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
  • Reads information about phone network operator. 1 TTPs
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • com.redantz.game.zombie
    1⤵
    • Checks if the Android device is rooted.
    • Loads dropped Dex/Jar
    • Obtains sensitive information copied to the device clipboard
    • Queries information about running processes on the device
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Queries the mobile country code (MCC)
    • Listens for changes in the sensor environment (might be used to detect emulation)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:5153

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.redantz.game.zombie/app_fiverocks/events2
    Filesize

    16KB

    MD5

    c3a6858d1713458984bf59483e3424e5

    SHA1

    1c40cc4abb480ac3fe9c3230d37c7389f171f7da

    SHA256

    9eec21f60677840c4cb8a1d2364d06064ce16c4c604183ffcad7cdda97ed5bd9

    SHA512

    26357a6cb98cc95a211f0d78eae8604ef266b8e080f24f956bb5b7e3ba1277ff08e622c81f36c4dd86d8940bef6d0fb70c8b2dfdb6584338a349b4be59694033

  • /data/data/com.redantz.game.zombie/app_fiverocks/events2-journal
    Filesize

    8KB

    MD5

    44c4e227f41cc9ff4b60c2c092b39ae1

    SHA1

    f10ccca8f7f4f6ce7356d2cffc833caeedfcdf7d

    SHA256

    c6e880ee30e6dd98719072fd1139bfee65919f703ce383d02751f487c3fde6cd

    SHA512

    9a487168c2db868b8ddda06396f2a7234794a6b2d74d05a2d54b722c6a3c6848ca67e2f62fdbf4281e4ff8f7bbd3cf9d7cd38fc3890d6d074ca2b24a079e4888

  • /data/data/com.redantz.game.zombie/app_fiverocks/events2-journal
    Filesize

    512B

    MD5

    1dc25e62e1a3973d08f25db5770e0ab1

    SHA1

    3289d7ace8fbab4e70a33c9687a6548c90216cbd

    SHA256

    0657f746970ee55c6ece706c71e48d28a0032e7a362568f93a23b95e31088ca3

    SHA512

    cd452c83197f9792559bca6e1de2997de1fff2358f2da1e39314d4c0542260253d44e171de674b48d6adce41f94dc4a3098962910e82ecd4a354da56de8183e5

  • /data/data/com.redantz.game.zombie/app_fiverocks/events2-journal
    Filesize

    8KB

    MD5

    aefccc60e77c715f8a0d5a45bf48dd4f

    SHA1

    5ce0c76dc1e6f6cbd71084b5c3bcbba8696c8e1d

    SHA256

    deb6f75f9008e89ad2f23bc06a40d1829801c62ea507e6b71cb033d835ae911b

    SHA512

    37ac0a984e26df575a9dd3bce6595dee92c9fa32dcb4689673706f689ca1e4a18ee1ee7b7d5ad87db729c61dd20064db9eb794e4d0d575c91c2400a69e95c94b

  • /data/data/com.redantz.game.zombie/app_fiverocks/events2-journal
    Filesize

    8KB

    MD5

    38cf150c96b3e544238eedfe046d6c80

    SHA1

    0b799208023e251b83c122e20c2db217880ddd56

    SHA256

    e1acc3e2211418bcd1e648a9f258a7b5717eab4ccb46c873afeaebd71ad6ef98

    SHA512

    9356a912cf824ed1fe2cad5ca8d7e7d2bc1fa8e233cb381f3bbbcc898f53f90692064f63b406a9b55b66fd4a8d424740eba6977980e6f50dd7167ace755af8f8

  • /data/data/com.redantz.game.zombie/app_fiverocks/events2-journal
    Filesize

    8KB

    MD5

    ba636a6307176d30091c8216c55c1062

    SHA1

    6a1f41aa3925c3b08215f23b517c0c7989e80a52

    SHA256

    9248b9467a5c5e66ff504d8c2212cdff9f807b289b91779d5df169e1ec8928d9

    SHA512

    13d1da7216e5b543763b5bfa5171afc7f95e9aa92d92d84286383b3e69fad63a9dd0e12c27cb204a9a78165cca599946d1b0e956efcb52546a7aaff957de5bed

  • /data/data/com.redantz.game.zombie/app_fiverocks/install
    Filesize

    36B

    MD5

    6953baeb3f8f8524772bbad5d8c15684

    SHA1

    2fcf60422acc4cfa4f73659b525b52c843fadfda

    SHA256

    8b766649c924b51938de9930e2c446e74bbd41b7e78ecc42d2135fabdb892586

    SHA512

    9b0eab0c07e6a25b7f12a6d021e229c02dba9e56c9106770e23aac42b12e698c1f6179f34502c53217089d3828932ae36d0551d0208c671c2bac1c95702076b5

  • /data/data/com.redantz.game.zombie/cache/1582435991586.jar
    Filesize

    9KB

    MD5

    e8e0527a01aefdb89afd2c508f131da1

    SHA1

    f1103e6b260c657ceb3d95f1b023af3fda8b133a

    SHA256

    f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce

    SHA512

    fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34

  • /data/data/com.redantz.game.zombie/cache/DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
    Filesize

    2.1MB

    MD5

    881ec613b4a7aee9fc4ccab0fac3500c

    SHA1

    98612188919b3a3778834264e0cf98c8f041d1d5

    SHA256

    0a397b5d0f04474cbdc02cd8993778706fcffcdf91a9a7cba8dd6e71e2852b1b

    SHA512

    1154aac87ac8555a48d0d22cbe09ba7a56ec4d3a835ad38c9ad1da52b9e388c04bffeef3dadd3b3b89f684d7ed892d66d6e8adabbe292311b88718bdda2079c5

  • /data/data/com.redantz.game.zombie/files/UnityAdsStorage-public-data.json
    Filesize

    2B

    MD5

    99914b932bd37a50b983c5e7c90ae93b

    SHA1

    bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

    SHA256

    44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

    SHA512

    27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

  • /data/user/0/com.redantz.game.zombie/cache/1582435991586.jar
    Filesize

    20KB

    MD5

    fde2ee00cbd121cfab5290b078aa3ceb

    SHA1

    e2b77d5320e155e413d040a8c20020962065b2f8

    SHA256

    2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685

    SHA512

    a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56

  • /data/user/0/com.redantz.game.zombie/cache/DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
    Filesize

    408KB

    MD5

    09090675f907af2982ab884d5a2d5fc5

    SHA1

    a61963a69f1f8b3eb4f4732a411c53161dc5bc44

    SHA256

    9057dca92fb1b7ddd6c7559bb737912099947609005aed33d1f64b1568de518a

    SHA512

    9b179480d352705080271d3a85546e8a6a6fd30a8914e5affe082d859ba0cab49290b8fc5cc63a69bfd421537fed5229e76c4d0a092b1f66e0854b4c329ad28f

  • /data/user/0/com.redantz.game.zombie/cache/DA39A3EE5E6B4B0D3255BFEF95601890AFD80709!classes2.dex
    Filesize

    4.5MB

    MD5

    bf9e9553b1aaf327bd903e68fa73a327

    SHA1

    5deccb0f474cb1f72d3a221f2fd501ea00f70dfc

    SHA256

    c98adff68ea25b3ac46c0a4f04a1cfcf84106114f52409bbba09f1821640ab8c

    SHA512

    991cd548529f9ae3604c019af31235699802762270212a7239622e6678592e6751bcf506630f81cf214c0d87a8f6f220d304c628e19988f2fb3a4122d81fb26c

  • /storage/emulated/0/Android/data/com.redantz.game.zombie/cache/UnityAdsCache/UnityAdsTest.txt
    Filesize

    4B

    MD5

    098f6bcd4621d373cade4e832627b4f6

    SHA1

    a94a8fe5ccb19ba61c4c0873d391e987982fbbd3

    SHA256

    9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08

    SHA512

    ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

  • /storage/emulated/0/Android/data/com.redantz.game.zombie/cache/UnityAdsCache/UnityAdsWebApp.html
    Filesize

    1.9MB

    MD5

    e9ade451abd22e54d9e775cada5d9dda

    SHA1

    2b2f315e8aa60587efb51a3b52e86e57763312fe

    SHA256

    531bbd57154753e5e1b3af8c3aa77b62aaa99aa4ae760dddf2a9940c702494d4

    SHA512

    0ded12cf4852bfea9e60337182bc7037c63b4a6d9b35d1aa6ae7667606b882d43208ac14f519ee2149a1760ee1b2f8effa12dd0be39facc0807cd2237c077ea7

  • /storage/emulated/0/Google/google.id
    Filesize

    36B

    MD5

    73f39b3a612463fa98884d58c24cb2cc

    SHA1

    3096eea6c8e8158ff3c6f9339b9c0680b726f16a

    SHA256

    9cc4d4b625c1a4ac2d03c1da9f1a88d552ade34eb16c7e093457d6524df7e911

    SHA512

    c014fdc5bf3d0d2330a9eaa644176df28339c77388c300fa5de5df5940862c1d428892202d24fc666b6b40625219fd0f0578c1e0feb1260d2ae44e2ef99bba94