Analysis
-
max time kernel
149s -
max time network
153s -
platform
android-9_x86 -
resource
android-x86-arm-20240910-en -
resource tags
arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system -
submitted
31/10/2024, 14:50
Static task
static1
Behavioral task
behavioral1
Sample
8357b3235ec10e92cacff374a392adb6_JaffaCakes118.apk
Resource
android-x86-arm-20240910-en
Behavioral task
behavioral2
Sample
8357b3235ec10e92cacff374a392adb6_JaffaCakes118.apk
Resource
android-x64-arm64-20240910-en
General
-
Target
8357b3235ec10e92cacff374a392adb6_JaffaCakes118.apk
-
Size
24.6MB
-
MD5
8357b3235ec10e92cacff374a392adb6
-
SHA1
ef17111b273fd59dfe3e3bbaaa81e4b8cc14f03d
-
SHA256
2541f86feb55742d5c41a76ce903e77a9906a6be38926cabb5abd487504dbe2d
-
SHA512
76b08e335156fdce4b9431cbfa902622932d18cf14eabbc83c1eb3707941b159c3935b00dda56986dc32483ff9d9e37824cecede4f331a0667a896669bf52702
-
SSDEEP
786432:h+lqgp6kCs8xkAwD+amaA2ujKtkUoxsxayd/:A8gp6VVtkTxujwkUoxsxaW
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 1 IoCs
ioc Process /system/app/Superuser.apk com.redantz.game.zombie -
Checks Android system properties for emulator presence. 1 TTPs 1 IoCs
description ioc Process Accessed system property key: ro.product.model com.redantz.game.zombie -
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.redantz.game.zombie/cache/1582435991586.jar 4366 com.redantz.game.zombie -
Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
description ioc Process Framework service call android.accounts.IAccountManager.getAccountsAsUser vn.adflex.process -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.redantz.game.zombie -
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Queries information about active data network 1 TTPs 2 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo vn.adflex.process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.redantz.game.zombie -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.redantz.game.zombie -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.redantz.game.zombie -
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.redantz.game.zombie -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.redantz.game.zombie -
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo com.redantz.game.zombie -
Checks memory information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/meminfo com.redantz.game.zombie
Processes
-
vn.adflex.process1⤵
- Queries account information for other applications stored on the device
- Queries information about active data network
PID:4327
-
com.redantz.game.zombie1⤵
- Checks if the Android device is rooted.
- Checks Android system properties for emulator presence.
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4366
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
9KB
MD5e8e0527a01aefdb89afd2c508f131da1
SHA1f1103e6b260c657ceb3d95f1b023af3fda8b133a
SHA256f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce
SHA512fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34
-
Filesize
148B
MD5a3b78d197d786c13687c3f0f89703bd8
SHA19967f0726b6b1ed3f198904547b81920f8329621
SHA256c5e6754556dbe01b055066f23c28ddaaf5fe67cee4baed00d59dc993335b3d97
SHA5129a47c9bb977edec9d29d22f280e0078ca931a722eaecc2b085c6b5aaf6246d17a6ad07c9faca45070bb5b89a3ee6cf896f5e2c7e73fb033e3ac57471df70a8b1
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD5c8e7c56d93bc9adc6e8aebbd8b8952a4
SHA1099af0fd3ccbd2e37b56b043a496c90866c28317
SHA2563ce3b7a07bddaf6194350b43efef55e30a7dd75be4bf4669c6f28bed1c55ddf7
SHA51207ad78e522f4f6404ccc363dcf2f58b82e7ed1f0c72a5e417347a4902555d6311acae8517440853343b664c071331aaefd73868ed1d2e21e408cde01365ab3d3
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
76KB
MD55c481331f207124ac17cbe806bebbea9
SHA15e02cb7fcf8ecddd9fca2b6fe46d98f8f85e8d05
SHA256e1eeba41abcc470f0c9184ebaca7f0cd6253f2851366e9536692f5f4a34ccdc2
SHA5121198244f02ab6dd0cfdc49c675310b7c56e16feeeb22ae0148f23724e0fb349bda953011b97e2ff649c4aefc00c2b6caf3a5f4393cda179506b3568fdf4c7483
-
/data/data/com.redantz.game.zombie/files/.FlurrySenderIndex.info.AnalyticsData_7JNSTN36BF7HV9CN8RHK_157
Filesize42B
MD5921642af305df1327991e291fbc05a71
SHA172a3cbb6601c28c33e0d2d7ce3f37e65915a3dcd
SHA256ab46c833e022fcc7b8d681571e01cbcd2cfd1f20e62984b5c97fbeb4af2b5591
SHA512b34d84dcd4fb71b03c6dbc835cf7ac54ee7b6b7b77f6bd2b2eed4b9afe9e80f19a68e470f1fe99337ffe9ca3c48ccbcbee3ac3a0c864303a58575ee2faefb115
-
Filesize
44B
MD57b39e9517c6212e7e3f4acdbce1bb43b
SHA1b9203abc6c73d684825d492620ae3d90cd76fb99
SHA256d8dfbfa8c3ddc521c37295fd1bf8e0937a42df50b84e07dc0d7db58ee3926645
SHA512ed0679f654976b3201e4720aabab67cb2f7ba97745156e2453e519b2f4af1bfeb85375928bd7e52e606f3baeda40ff2e757cd510e5a30670ed709550028aab46
-
Filesize
58B
MD5a5f0c02f29811ed6fd9e10fd32271b6d
SHA1261d0146953f9ce9f2050fdfc1ca96b56878f520
SHA256dc3fe84aaca2fa32fb143391724b0c7914de29dfe80cd23d0e4d6c2057243d00
SHA5123952e39b8cb9aee44f1743551367ceebf78959c4d0fd208958a39c71910dadb0a34f920fedb5b6005ab125c278abba53ec1a833e000bbad1120133e322d0c2c7
-
/data/data/com.redantz.game.zombie/files/.flurrydatasenderblock.45185f7d-ff83-4552-aa56-c303e709afa9
Filesize277B
MD5903e44d200f63062f1fd5ae16318cfb1
SHA175ef3cbd74005112a494c6d28e45febd4d7e7534
SHA2563f982749f7c8ae492f5b92af08ac3ed5b870b776e7a89a06619edb3660938f0b
SHA512fdcb0a7ebebb29bf5a5c9813648037fd17311d7793bb321efe90276f6febaf8936e734d307498dc3d1edb063664d573b34fa101a80a72a3c6edbd2ac6262d9b8
-
Filesize
36B
MD5902ffc542297d530f56a00769eb14369
SHA108af5dc5df4e81ee152caf3f11829d2428848321
SHA256e95798bf7c351d229a40994f8056ccffd15425bc4730d7c03b6135adaa43c1c5
SHA51256b5af3f51fa1ac81d0fab40cef17ebcc1f93a5e3c743b35739739ec223f6cf2e21af5c87e3018c1c269cea4b5fbcb658b302b5c196f743ec8840f79f281442b
-
Filesize
116B
MD52113711cd47f22fe7e028c735790e795
SHA1a45086abf2943f9f863bd5c1c10d2b70d00a2016
SHA25687c12606cac8ee4235f9294db43028a2d3ab4f1f0b8347566f096458b9dba5f7
SHA5126e242eb8e7a798ea971b839c9606913591c1026ea19c2818ca30efe19878a72516164958f818032b819cb2f64cee2da2fbd82b2cb4fa11632b15ab8ccce7e744
-
Filesize
95B
MD5862f2fca94d0cac7356b1111356d61ce
SHA1d3fd3194d78c7e4280abd4eebf3ba5ea6c752081
SHA2568a41b7e5c3f4f2cc9205e28a86bee4bb143dffc65a4eba92d97a6b57db56ad41
SHA5125bcb345ab8b7d3f691bf8d5b801bf4221bae20af34e308d96c6552ae81f022d1640107e7c7b4eb1adc0da2125db43dd9529bcf47c329cc8ae333ad20154ab17b
-
Filesize
20KB
MD5fde2ee00cbd121cfab5290b078aa3ceb
SHA1e2b77d5320e155e413d040a8c20020962065b2f8
SHA2562897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685
SHA512a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56