Overview

overview

8

Static

static

6

f8f9eb87a9...18.apk

android-9-x86

8

f8f9eb87a9...18.apk

android-13-x64

8

bdxadsdk.apk

android-9-x86

bdxadsdk.apk

android-10-x64

bdxadsdk.apk

android-11-x64

gdtadv2.apk

android-9-x86

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f8f9eb87a9ff64959342535aa5acf2a2_JaffaCakes118

  • Size

    25.1MB

  • Sample

    240418-3by91sah8z

  • MD5

    f8f9eb87a9ff64959342535aa5acf2a2

  • SHA1

    150dc109eccb5cc6dac9081046a5cddfcf92c2f1

  • SHA256

    c7424b3e7f732b2ab776fd22edc9f6d368c74c836911b64351d299af5193e0b8

  • SHA512

    76b4db71ec89948cfc24d876ca71206b5df574e66f7502c4523b649f7b9fcec37ba49e4fd26ab376cfbb437253f115fca6d03f935818f14334232783ba5efc67

  • SSDEEP

    786432:ihwmC2tt7J/RdIJXnTYJY+bwUw6tTRj2LZzDsakT/ZVj:i1pp5UXvUwuRKLlDsvVVj

Score
8/10
androidbankercollectiondiscoveryevasion

Malware Config

Targets

    • Target

      f8f9eb87a9ff64959342535aa5acf2a2_JaffaCakes118

    • Size

      25.1MB

    • MD5

      f8f9eb87a9ff64959342535aa5acf2a2

    • SHA1

      150dc109eccb5cc6dac9081046a5cddfcf92c2f1

    • SHA256

      c7424b3e7f732b2ab776fd22edc9f6d368c74c836911b64351d299af5193e0b8

    • SHA512

      76b4db71ec89948cfc24d876ca71206b5df574e66f7502c4523b649f7b9fcec37ba49e4fd26ab376cfbb437253f115fca6d03f935818f14334232783ba5efc67

    • SSDEEP

      786432:ihwmC2tt7J/RdIJXnTYJY+bwUw6tTRj2LZzDsakT/ZVj:i1pp5UXvUwuRKLlDsvVVj

    Score
    8/10
    bankerdiscoveryevasioncollection

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Requests cell location

      Uses Android APIs to to get current cell location.

      collectiondiscovery

    • Checks CPU information

      Checks CPU information which indicate if the system is an emulator.

      evasiondiscovery

    • Checks known Qemu files.

      Checks for known Qemu files that exist on Android virtual device images.

      evasion

    • Checks known Qemu pipes.

      Checks for known pipes used by the Android emulator to communicate with the host.

      evasion

    • Checks memory information

      Checks memory information which indicate if the system is an emulator.

      evasiondiscovery

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Queries information about running processes on the device.

      Application may abuse the framework's APIs to collect information about running processes on the device.

      discovery

    • Queries information about the current Wi-Fi connection.

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

      discovery

    • Queries the unique device ID (IMEI, MEID, IMSI)

      discovery

    • Listens for changes in the sensor environment (might be used to detect emulation)

      evasion
    behavioral1behavioral2

    • Target

      bdxadsdk.jar

    • Size

      226KB

    • MD5

      01019a89829c15099149d94b3eb7794c

    • SHA1

      60ee42ee0e95b101aebb35dcf5d9ef07b45bb51b

    • SHA256

      1f40c03fb32598ce66cc4730496d8ca99cba9aaf2bac8918afc8cd45ed939a31

    • SHA512

      6159e6fcd2e64d68d07cc73fa7fd8f53a1b79a1df28776c3c1bb2d9e92dca37126d433e255306232da7c61a330941a8c2cf652a084adc21e81db3ba40f1af99c

    • SSDEEP

      6144:a2Qv/QiHGbiP4mF18Ys1lUH9J55LWlWobEr3:a2KQiHGOX/ls1S55LW0obEj

    Score
    1/10
    behavioral3behavioral4behavioral5

    • Target

      gdtadv2.jar

    • Size

      443KB

    • MD5

      232146e2595dbcc4917a3ae7b3663b3c

    • SHA1

      3deedba5289f3eddc87cf35c06ba6c6aa1380275

    • SHA256

      abbda9c3353d88c4de9df8880b962fe7958c610cbf54e3e57568af80cd504711

    • SHA512

      43fc0b3687d54dfaecc0a53ce290c59ba4b35540b0348f28edede81fd8e96888dabe7c008eb0d1d8d4fd23c76ace1ff570dd9175695f25a5aaad055f1dfc0d69

    • SSDEEP

      6144:Nvd0m3MKiQr/B49UXhtjKzGLCrR8A5ZpKkUuf/nVo9v1LIMyXiBqpMoZInOrGPuB:j1F/BkURZdiL7UInV8xIbXolwCO6xu

    Score
    1/10
    behavioral6

MITRE ATT&CK Matrix

Tasks