Analysis
-
max time kernel
16s -
max time network
152s -
platform
android_x64 -
resource
android-x64-20240611.1-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240611.1-enlocale:en-usos:android-10-x64system -
submitted
14-06-2024 22:45
Static task
static1
Behavioral task
behavioral1
Sample
abd4fbe636a55ac5bb053d95dd405b14_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral2
Sample
abd4fbe636a55ac5bb053d95dd405b14_JaffaCakes118.apk
Resource
android-x64-20240611.1-en
Behavioral task
behavioral3
Sample
abd4fbe636a55ac5bb053d95dd405b14_JaffaCakes118.apk
Resource
android-x64-arm64-20240611.1-en
General
-
Target
abd4fbe636a55ac5bb053d95dd405b14_JaffaCakes118.apk
-
Size
29.9MB
-
MD5
abd4fbe636a55ac5bb053d95dd405b14
-
SHA1
ce4cd9407dc986cd7d1c39e1b906fbb4414ada9d
-
SHA256
d81b4b850953be52510e319e641cd1655ed667caa76f62842b1b06a323bc3dab
-
SHA512
93a43a4dd8a699efa7d5ebf02f9fff49c156a958830cbfc4d096745ce2c22f1e1eea0896a1dfb1f6b928d35defb854903ef5a545c0e9367464dbe041e3e5327c
-
SSDEEP
786432:vjUIdkzEmamKZ2/Buxk38+DhiEG96kaTD0yTfPu1:oIdkumH/Yq8+s3969MyTfm1
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 1 IoCs
Processes:
com.redantz.game.zombieioc process /system/app/Superuser.apk com.redantz.game.zombie -
Loads dropped Dex/Jar 1 TTPs 3 IoCs
Runs executable file dropped to the device during analysis.
Processes:
com.redantz.game.zombieioc pid process /data/user/0/com.redantz.game.zombie/cache/DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 5153 com.redantz.game.zombie /data/user/0/com.redantz.game.zombie/cache/DA39A3EE5E6B4B0D3255BFEF95601890AFD80709!classes2.dex 5153 com.redantz.game.zombie /data/user/0/com.redantz.game.zombie/cache/1582435991586.jar 5153 com.redantz.game.zombie -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.redantz.game.zombiedescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.redantz.game.zombie -
Queries information about active data network 1 TTPs 1 IoCs
Processes:
com.redantz.game.zombiedescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.redantz.game.zombie -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.redantz.game.zombiedescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.redantz.game.zombie -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
com.redantz.game.zombiedescription ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.redantz.game.zombie -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
-
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
Processes:
com.redantz.game.zombiedescription ioc process Framework API call android.hardware.SensorManager.registerListener com.redantz.game.zombie -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.redantz.game.zombiedescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.redantz.game.zombie -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.redantz.game.zombiedescription ioc process Framework API call javax.crypto.Cipher.doFinal com.redantz.game.zombie -
Checks CPU information 2 TTPs 1 IoCs
-
Checks memory information 2 TTPs 1 IoCs
Processes
-
com.redantz.game.zombie1⤵
- Checks if the Android device is rooted.
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Listens for changes in the sensor environment (might be used to detect emulation)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.redantz.game.zombie/app_fiverocks/events2Filesize
16KB
MD5c3a6858d1713458984bf59483e3424e5
SHA11c40cc4abb480ac3fe9c3230d37c7389f171f7da
SHA2569eec21f60677840c4cb8a1d2364d06064ce16c4c604183ffcad7cdda97ed5bd9
SHA51226357a6cb98cc95a211f0d78eae8604ef266b8e080f24f956bb5b7e3ba1277ff08e622c81f36c4dd86d8940bef6d0fb70c8b2dfdb6584338a349b4be59694033
-
/data/data/com.redantz.game.zombie/app_fiverocks/events2-journalFilesize
8KB
MD544c4e227f41cc9ff4b60c2c092b39ae1
SHA1f10ccca8f7f4f6ce7356d2cffc833caeedfcdf7d
SHA256c6e880ee30e6dd98719072fd1139bfee65919f703ce383d02751f487c3fde6cd
SHA5129a487168c2db868b8ddda06396f2a7234794a6b2d74d05a2d54b722c6a3c6848ca67e2f62fdbf4281e4ff8f7bbd3cf9d7cd38fc3890d6d074ca2b24a079e4888
-
/data/data/com.redantz.game.zombie/app_fiverocks/events2-journalFilesize
512B
MD51dc25e62e1a3973d08f25db5770e0ab1
SHA13289d7ace8fbab4e70a33c9687a6548c90216cbd
SHA2560657f746970ee55c6ece706c71e48d28a0032e7a362568f93a23b95e31088ca3
SHA512cd452c83197f9792559bca6e1de2997de1fff2358f2da1e39314d4c0542260253d44e171de674b48d6adce41f94dc4a3098962910e82ecd4a354da56de8183e5
-
/data/data/com.redantz.game.zombie/app_fiverocks/events2-journalFilesize
8KB
MD5aefccc60e77c715f8a0d5a45bf48dd4f
SHA15ce0c76dc1e6f6cbd71084b5c3bcbba8696c8e1d
SHA256deb6f75f9008e89ad2f23bc06a40d1829801c62ea507e6b71cb033d835ae911b
SHA51237ac0a984e26df575a9dd3bce6595dee92c9fa32dcb4689673706f689ca1e4a18ee1ee7b7d5ad87db729c61dd20064db9eb794e4d0d575c91c2400a69e95c94b
-
/data/data/com.redantz.game.zombie/app_fiverocks/events2-journalFilesize
8KB
MD538cf150c96b3e544238eedfe046d6c80
SHA10b799208023e251b83c122e20c2db217880ddd56
SHA256e1acc3e2211418bcd1e648a9f258a7b5717eab4ccb46c873afeaebd71ad6ef98
SHA5129356a912cf824ed1fe2cad5ca8d7e7d2bc1fa8e233cb381f3bbbcc898f53f90692064f63b406a9b55b66fd4a8d424740eba6977980e6f50dd7167ace755af8f8
-
/data/data/com.redantz.game.zombie/app_fiverocks/events2-journalFilesize
8KB
MD5ba636a6307176d30091c8216c55c1062
SHA16a1f41aa3925c3b08215f23b517c0c7989e80a52
SHA2569248b9467a5c5e66ff504d8c2212cdff9f807b289b91779d5df169e1ec8928d9
SHA51213d1da7216e5b543763b5bfa5171afc7f95e9aa92d92d84286383b3e69fad63a9dd0e12c27cb204a9a78165cca599946d1b0e956efcb52546a7aaff957de5bed
-
/data/data/com.redantz.game.zombie/app_fiverocks/installFilesize
36B
MD56953baeb3f8f8524772bbad5d8c15684
SHA12fcf60422acc4cfa4f73659b525b52c843fadfda
SHA2568b766649c924b51938de9930e2c446e74bbd41b7e78ecc42d2135fabdb892586
SHA5129b0eab0c07e6a25b7f12a6d021e229c02dba9e56c9106770e23aac42b12e698c1f6179f34502c53217089d3828932ae36d0551d0208c671c2bac1c95702076b5
-
/data/data/com.redantz.game.zombie/cache/1582435991586.jarFilesize
9KB
MD5e8e0527a01aefdb89afd2c508f131da1
SHA1f1103e6b260c657ceb3d95f1b023af3fda8b133a
SHA256f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce
SHA512fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34
-
/data/data/com.redantz.game.zombie/cache/DA39A3EE5E6B4B0D3255BFEF95601890AFD80709Filesize
2.1MB
MD5881ec613b4a7aee9fc4ccab0fac3500c
SHA198612188919b3a3778834264e0cf98c8f041d1d5
SHA2560a397b5d0f04474cbdc02cd8993778706fcffcdf91a9a7cba8dd6e71e2852b1b
SHA5121154aac87ac8555a48d0d22cbe09ba7a56ec4d3a835ad38c9ad1da52b9e388c04bffeef3dadd3b3b89f684d7ed892d66d6e8adabbe292311b88718bdda2079c5
-
/data/data/com.redantz.game.zombie/files/UnityAdsStorage-public-data.jsonFilesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
/data/user/0/com.redantz.game.zombie/cache/1582435991586.jarFilesize
20KB
MD5fde2ee00cbd121cfab5290b078aa3ceb
SHA1e2b77d5320e155e413d040a8c20020962065b2f8
SHA2562897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685
SHA512a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56
-
/data/user/0/com.redantz.game.zombie/cache/DA39A3EE5E6B4B0D3255BFEF95601890AFD80709Filesize
408KB
MD509090675f907af2982ab884d5a2d5fc5
SHA1a61963a69f1f8b3eb4f4732a411c53161dc5bc44
SHA2569057dca92fb1b7ddd6c7559bb737912099947609005aed33d1f64b1568de518a
SHA5129b179480d352705080271d3a85546e8a6a6fd30a8914e5affe082d859ba0cab49290b8fc5cc63a69bfd421537fed5229e76c4d0a092b1f66e0854b4c329ad28f
-
/data/user/0/com.redantz.game.zombie/cache/DA39A3EE5E6B4B0D3255BFEF95601890AFD80709!classes2.dexFilesize
4.5MB
MD5bf9e9553b1aaf327bd903e68fa73a327
SHA15deccb0f474cb1f72d3a221f2fd501ea00f70dfc
SHA256c98adff68ea25b3ac46c0a4f04a1cfcf84106114f52409bbba09f1821640ab8c
SHA512991cd548529f9ae3604c019af31235699802762270212a7239622e6678592e6751bcf506630f81cf214c0d87a8f6f220d304c628e19988f2fb3a4122d81fb26c
-
/storage/emulated/0/Android/data/com.redantz.game.zombie/cache/UnityAdsCache/UnityAdsTest.txtFilesize
4B
MD5098f6bcd4621d373cade4e832627b4f6
SHA1a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA2569f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff
-
/storage/emulated/0/Android/data/com.redantz.game.zombie/cache/UnityAdsCache/UnityAdsWebApp.htmlFilesize
1.9MB
MD5e9ade451abd22e54d9e775cada5d9dda
SHA12b2f315e8aa60587efb51a3b52e86e57763312fe
SHA256531bbd57154753e5e1b3af8c3aa77b62aaa99aa4ae760dddf2a9940c702494d4
SHA5120ded12cf4852bfea9e60337182bc7037c63b4a6d9b35d1aa6ae7667606b882d43208ac14f519ee2149a1760ee1b2f8effa12dd0be39facc0807cd2237c077ea7
-
/storage/emulated/0/Google/google.idFilesize
36B
MD573f39b3a612463fa98884d58c24cb2cc
SHA13096eea6c8e8158ff3c6f9339b9c0680b726f16a
SHA2569cc4d4b625c1a4ac2d03c1da9f1a88d552ade34eb16c7e093457d6524df7e911
SHA512c014fdc5bf3d0d2330a9eaa644176df28339c77388c300fa5de5df5940862c1d428892202d24fc666b6b40625219fd0f0578c1e0feb1260d2ae44e2ef99bba94