Analysis
-
max time kernel
149s -
max time network
154s -
platform
android-11_x64 -
resource
android-x64-arm64-20240910-en -
resource tags
arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system -
submitted
31/10/2024, 14:50
Static task
static1
Behavioral task
behavioral1
Sample
8357b3235ec10e92cacff374a392adb6_JaffaCakes118.apk
Resource
android-x86-arm-20240910-en
Behavioral task
behavioral2
Sample
8357b3235ec10e92cacff374a392adb6_JaffaCakes118.apk
Resource
android-x64-arm64-20240910-en
General
-
Target
8357b3235ec10e92cacff374a392adb6_JaffaCakes118.apk
-
Size
24.6MB
-
MD5
8357b3235ec10e92cacff374a392adb6
-
SHA1
ef17111b273fd59dfe3e3bbaaa81e4b8cc14f03d
-
SHA256
2541f86feb55742d5c41a76ce903e77a9906a6be38926cabb5abd487504dbe2d
-
SHA512
76b08e335156fdce4b9431cbfa902622932d18cf14eabbc83c1eb3707941b159c3935b00dda56986dc32483ff9d9e37824cecede4f331a0667a896669bf52702
-
SSDEEP
786432:h+lqgp6kCs8xkAwD+amaA2ujKtkUoxsxayd/:A8gp6VVtkTxujwkUoxsxaW
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 1 IoCs
ioc Process /system/app/Superuser.apk com.redantz.game.zombie -
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.redantz.game.zombie/cache/1582435991586.jar 4778 com.redantz.game.zombie -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
description ioc Process Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.redantz.game.zombie -
Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
description ioc Process Framework service call android.accounts.IAccountManager.getAccountsAsUser vn.adflex.process -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.redantz.game.zombie -
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Queries information about active data network 1 TTPs 2 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo vn.adflex.process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.redantz.game.zombie -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.redantz.game.zombie -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.redantz.game.zombie -
Reads information about phone network operator. 1 TTPs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.redantz.game.zombie -
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo com.redantz.game.zombie -
Checks memory information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/meminfo com.redantz.game.zombie
Processes
-
vn.adflex.process1⤵
- Queries account information for other applications stored on the device
- Queries information about active data network
PID:4736
-
com.redantz.game.zombie1⤵
- Checks if the Android device is rooted.
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4778
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
9KB
MD5e8e0527a01aefdb89afd2c508f131da1
SHA1f1103e6b260c657ceb3d95f1b023af3fda8b133a
SHA256f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce
SHA512fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34
-
Filesize
20KB
MD5fde2ee00cbd121cfab5290b078aa3ceb
SHA1e2b77d5320e155e413d040a8c20020962065b2f8
SHA2562897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685
SHA512a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56
-
Filesize
153B
MD5f9431a0cde5766b6a47fe517f0dbe91f
SHA141ebffb9e03db4e211961286e6c233726d1c704f
SHA25648409024aacda3669e2112419ca8742dedca12f5310521730db60c8387710616
SHA5123102a350b8cdbfe686564eb79892a609f3cccd74d4b420f831156b1c57b736853f1cba0988d4dea7bf728f341e3ed2b997274684726afa2d97d31115e5213382
-
Filesize
64KB
MD5202561263b04ad944f149efca3bec534
SHA1ec98a49244e5da035cde3a2d6e34c63e1b2805e6
SHA256d3a6f4e75570ef598efcfcfc45f3f827af243f45340c72a474615af4c768a4c5
SHA512744c876fcc3e35ea56e0c994e51ffe0f821b7b70cac754c98f62ff5e8d2e2092695235076e72c97332bd3edacff6a0b6021ee3a330f8ab9233a52de67ae82f35
-
Filesize
512B
MD5d6960169d4b216ee18ee3abdf97c7d7b
SHA1e9944e9602f7b9703e81466bb0bffee67daade4b
SHA256204398074b9e0441136bb315c90954f6c1725a6507c20e66f2ab0e4e7d174877
SHA5125bae23b8f1056dbbb3f3cbcd6fbc16d88fd198035d01666e80eda8c792013b3d6d2607c29eb187eeaf62a80f852a43d872e7b7a9f379d70d9c1bffd3fe057a41
-
Filesize
8KB
MD5622d7738092ceed2f934e1484d34ca4f
SHA1e670e716e473b1adbafcdf333d3752bb9a246d68
SHA2566e6fb1236ec6fe160aa435296319e57b57daa9511cc16e25aa095765f520af90
SHA512bb9bc444340f35d629f5d2febcca59744d89aad1b018ba172e2d3216ea824b2f7b884822f8d6d7206179d0cc5cbf6f0a700b7df994ee65be82f98f18ccb51a0c
-
Filesize
8KB
MD54c2d03cf90de071b1ebfd3f3d940f118
SHA1cc5e94765a4e8ef0d9f4e6e1ccabd3aba2f3ba68
SHA256f8f29fb63eea4b5db8252372dc02830c67bac33f76cfe5d7b7fa1a412b16771f
SHA5123ddb90485a9e2ceec866a26b60b78533b84e2dde1f3637e17c03c1c841da699ee5d443a6ab5176c9d9fc148c0f6db126bf69ddab8fa19164f101722b2953e045
-
/data/user/0/com.redantz.game.zombie/files/.FlurrySenderIndex.info.AnalyticsData_7JNSTN36BF7HV9CN8RHK_157
Filesize42B
MD526fb911f6aaca1273b05518bc490edb2
SHA189ffe776561d993566e9a1d7a0560d17e72059f8
SHA256aaf37c64f69fc08889300e6be7be0f6c2202e0f97b541c65741539aa611706c4
SHA512dfccc884c8b785c39970f21142fde726855a7cb75c90de595c066a4a1d6f201675119c0250e31281adfce4530168f7bbe92125e980c16c099a07ef85a8c88c78
-
Filesize
44B
MD57b39e9517c6212e7e3f4acdbce1bb43b
SHA1b9203abc6c73d684825d492620ae3d90cd76fb99
SHA256d8dfbfa8c3ddc521c37295fd1bf8e0937a42df50b84e07dc0d7db58ee3926645
SHA512ed0679f654976b3201e4720aabab67cb2f7ba97745156e2453e519b2f4af1bfeb85375928bd7e52e606f3baeda40ff2e757cd510e5a30670ed709550028aab46
-
Filesize
58B
MD5da1c67381e0f4c62c8f740dfb5007190
SHA1b41a85c380a1b1de163b7ac774083e31bd0dbca8
SHA2563f32495f190b6ea74213a1ffe32274264d3173ba73096a9765d4dab0169809d4
SHA51291ed32b53781f310ebb5f50d9e173183949e9d1ff062065f4874f85b343728a0db661b54e1ae0d66236c5b659853365449c4b6e76d4007e515abe69b78be79e6
-
/data/user/0/com.redantz.game.zombie/files/.flurrydatasenderblock.17cd950a-65c9-4ec5-ab50-a758a78ea612
Filesize254B
MD551e37c65570bfc46e2b41aa3f5146b9a
SHA1a526db1061ed110784bc13b9ae8fbde93b865448
SHA25668bbcd5a32d97034aef2c631d459d10efba531167b505fe76ecffa3922c92345
SHA512b25a3f823a0d7782498f9ad8bda6bb2465bf2b16855a630cb28aec78be9bf4eb3d9992cd50c84c71751fd0cefd38ab44bfd4e89f9f7fef2d9e103b5f25bb9cc2