Overview

overview

8

Static

static

6

ec81ce353e...18.apk

android-9-x86

8

ec81ce353e...18.apk

android-10-x64

8

__pasys_re...ds.apk

android-9-x86

__pasys_re...ds.apk

android-10-x64

__pasys_re...ds.apk

android-11-x64

gdtad.apk

android-9-x86

gdtad.apk

android-10-x64

gdtad.apk

android-11-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ec81ce353edacffe55e3e47c7b6e2dde_JaffaCakes118

  • Size

    9.5MB

  • Sample

    240411-c6vxzaab93

  • MD5

    ec81ce353edacffe55e3e47c7b6e2dde

  • SHA1

    f1448e32bff1a492dd9c93269c33942264b93bf5

  • SHA256

    593e77c1895cce54a856d5a99640724ba2183898c29ccd2a02c93632da027c8b

  • SHA512

    cd269053e003d2330343d8cad3f9e03b7955beea9d531557670dc8bd164267cad7f04f3d36d23de5d7b3403192b9b2de09b67c532c6adf43c757318c8ac26144

  • SSDEEP

    196608:G/kN7sV+AeV9/PYXm3uWNM69niVkzFhtGpSzcfMzvbGJ6bmhOOR4279+k2r:G/A7sV+5jmm+49vdG+rCtPRr9La

Score
8/10
androidbankercollectiondiscoveryevasion

Malware Config

Targets

    • Target

      ec81ce353edacffe55e3e47c7b6e2dde_JaffaCakes118

    • Size

      9.5MB

    • MD5

      ec81ce353edacffe55e3e47c7b6e2dde

    • SHA1

      f1448e32bff1a492dd9c93269c33942264b93bf5

    • SHA256

      593e77c1895cce54a856d5a99640724ba2183898c29ccd2a02c93632da027c8b

    • SHA512

      cd269053e003d2330343d8cad3f9e03b7955beea9d531557670dc8bd164267cad7f04f3d36d23de5d7b3403192b9b2de09b67c532c6adf43c757318c8ac26144

    • SSDEEP

      196608:G/kN7sV+AeV9/PYXm3uWNM69niVkzFhtGpSzcfMzvbGJ6bmhOOR4279+k2r:G/A7sV+5jmm+49vdG+rCtPRr9La

    Score
    8/10
    bankercollectiondiscoveryevasion

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Requests cell location

      Uses Android APIs to to get current cell location.

      collectiondiscovery

    • Checks CPU information

      Checks CPU information which indicate if the system is an emulator.

      evasiondiscovery

    • Queries information about running processes on the device.

      Application may abuse the framework's APIs to collect information about running processes on the device.

      discovery

    • Queries the phone number (MSISDN for GSM devices)

      discovery

    • Reads the content of the calendar entry data.

      collection

    • Acquires the wake lock

    • Reads information about phone network operator.

      discovery
    behavioral1behavioral2

    • Target

      __pasys_remote_feeds.jar

    • Size

      51KB

    • MD5

      998d0c80e8909e287ddcddb327473b10

    • SHA1

      f8325e2e823feaee99348910f15b21fbe5a44280

    • SHA256

      0ff2445f8cb3a2f3a188744f7f0c7e64056db4dcbe228acf368bd07063c059a0

    • SHA512

      bdb6349308e8c719524a7b14d84ec7a2abf1dd64a3d2e4ce04eb942df71860c2d03b0dfd5d032565dbbd564416a568d43db5d28c528a95ca57841c065da1d4d2

    • SSDEEP

      768:4y9d5mXbldQcKnJU5WEsG0YZhE+a8azMv0MgyKvgQ6eGjL8i0kitSD7rKTN:J9kobJREVZzavzMhgyxBek8i0tKnKTN

    Score
    1/10
    behavioral3behavioral4behavioral5

    • Target

      gdtad.jar

    • Size

      69KB

    • MD5

      595b2a62c7377a811a24307102751b11

    • SHA1

      55814431108f7f847ea252bc4b21cf70a37280b6

    • SHA256

      e53cba6378e274af8716011e0ec56a2c1209c3aecd6f2aa2384f0034348ae4a7

    • SHA512

      31d168d07dc5b9da8a57db387e9a4a5b6bee6f26218cd80f078b8fde4cac947a7b122e78a1c43165b10afe8a0583abfc102f001bba6168691e4f7049f699eb2f

    • SSDEEP

      1536:lsxryGVNeJOwxZhAt0fBovXjEl0hISz2qr+0L/R+GGgrHTPZIRJ:pGLeJfxZhAt0q7ECF2yrzQ

    Score
    1/10
    behavioral6behavioral7behavioral8

MITRE ATT&CK Mobile v15

Tasks