Overview

overview

8

Static

static

8

022908fecf...18.apk

android-9-x86

8

amap_resou..._0.apk

android-9-x86

amap_resou..._0.apk

android-10-x64

amap_resou..._0.apk

android-11-x64

autonavi_R..._0.apk

android-9-x86

autonavi_R..._0.apk

android-10-x64

autonavi_R..._0.apk

android-11-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    022908fecf20f5e09b657d999ea50c5b_JaffaCakes118

  • Size

    29.4MB

  • Sample

    240328-lent1shd4v

  • MD5

    022908fecf20f5e09b657d999ea50c5b

  • SHA1

    4e34ba5aa41858e881ebd34e9a041456f91fc176

  • SHA256

    d7444040ee5604b7bfe47452a583be4148ee4b45a056da6ab0164d1f6d7f3943

  • SHA512

    8aacd8b54736b70a5f08aa95965b17ee8b8cd62af01ea31cb67a72f477d0aa24bdf5d63fc30b3f7a6170a00d59c93cdd385905eafca4a39162c7561fc7c768c6

  • SSDEEP

    786432:6/8Z8nQRHd23i2TsES5OxpMqKFi/p4Thn2JIjhwfnr6hC:6JnQWvICOqKFig2JGCfnms

Score
8/10
androidcollectiondiscoveryevasionpersistenceupx

Malware Config

Targets

    • Target

      022908fecf20f5e09b657d999ea50c5b_JaffaCakes118

    • Size

      29.4MB

    • MD5

      022908fecf20f5e09b657d999ea50c5b

    • SHA1

      4e34ba5aa41858e881ebd34e9a041456f91fc176

    • SHA256

      d7444040ee5604b7bfe47452a583be4148ee4b45a056da6ab0164d1f6d7f3943

    • SHA512

      8aacd8b54736b70a5f08aa95965b17ee8b8cd62af01ea31cb67a72f477d0aa24bdf5d63fc30b3f7a6170a00d59c93cdd385905eafca4a39162c7561fc7c768c6

    • SSDEEP

      786432:6/8Z8nQRHd23i2TsES5OxpMqKFi/p4Thn2JIjhwfnr6hC:6JnQWvICOqKFig2JGCfnms

    Score
    8/10
    collectiondiscoveryevasionpersistence

    • Requests cell location

      Uses Android APIs to to get current cell location.

      collectiondiscovery

    • Checks known Qemu files.

      Checks for known Qemu files that exist on Android virtual device images.

      evasion

    • Checks known Qemu pipes.

      Checks for known pipes used by the Android emulator to communicate with the host.

      evasion

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

      evasionpersistence

    • Reads information about phone network operator.

      discovery

    • Listens for changes in the sensor environment (might be used to detect emulation)

      evasion
    behavioral1

    • Target

      amap_resource1_0_0.png

    • Size

      22KB

    • MD5

      ac05cb594daed922c0e594e6e95823bd

    • SHA1

      7cc513a2fd4b1aafbed793a1cbd8f8b7a96d40b1

    • SHA256

      f2e5deeba939befff1c9bc3fe0754f429ebb31c768186f72cc76485aa527c7b8

    • SHA512

      0ee2cb626abdaa20ba9abc16ea9affaae2f3075433e5f4198f37b1d59dcb2961ec705432974f3cf6fa8a1bdc895b0dc31aec47da0edeea7c69ab57a883b263a5

    • SSDEEP

      384:mvWgvox88EhV6p1gjIJj38D8I3FBJwPg2:CWgvz5hV6p1jI3Fq

    Score
    1/10
    behavioral2behavioral3behavioral4

    • Target

      autonavi_Resource1_1_0.png

    • Size

      1016KB

    • MD5

      ca416b9a195afd3fad887b83b5c4338e

    • SHA1

      3c2fe205b7c4daa8eba4139fdfd4a88c46b135e4

    • SHA256

      eefa1beadbd54e830187eec627b1145767a223a75e0a51142b809adff26d6e73

    • SHA512

      612f6d24c7b2e85f8a41648df6a2256204363c9d6195f738ad15e2c7c0bd9993d4c24c27cf1e006ad8637274ed35d916ca251e1d7c2704861ce5e758e4ff337d

    • SSDEEP

      12288:qXo3+VPNODQ/zDuXUE3bc6vf6Sk42buEkB2yU5F3v:yMEO8/vxELc6vf6yjLwyUPv

    Score
    1/10
    behavioral5behavioral6behavioral7

MITRE ATT&CK Mobile v15

Tasks