Overview

overview

8

Static

static

6

f7871bb5dc...18.apk

android-9-x86

8

f7871bb5dc...18.apk

android-11-x64

8

clean_robot.apk

android-9-x86

7

clean_robot.apk

android-10-x64

7

clean_robot.apk

android-11-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f7871bb5dc9d79fd0b0e689bfbeb84c1_JaffaCakes118

  • Size

    13.2MB

  • Sample

    240418-h6qwxaee98

  • MD5

    f7871bb5dc9d79fd0b0e689bfbeb84c1

  • SHA1

    40c0de006ea3672f7f1ff18ac1da393cfd7ba4df

  • SHA256

    e7858e0c3ac80b923e07b79839354a5312cf5aa111ea0ccd761eff679fea3739

  • SHA512

    b5bd93ced7f3924997cb141dd1c9b3d4803f628704a568eabf28d9c47e6bf127644edac83f7b0502abd730dd093cf310438b049333c0521ebb3b3910fee4ed39

  • SSDEEP

    196608:mCbn3KLX2w0WJyTiDhpDUQGNeFRlhKE1l9kzd/1y+Zh7lyFRjbBU6ZS6s0YXBAHP:n3KKGdZGcrnKEz+y+X70xwK36kQQ4u

Score
8/10
androidcollectiondiscoveryevasion

Malware Config

Targets

    • Target

      f7871bb5dc9d79fd0b0e689bfbeb84c1_JaffaCakes118

    • Size

      13.2MB

    • MD5

      f7871bb5dc9d79fd0b0e689bfbeb84c1

    • SHA1

      40c0de006ea3672f7f1ff18ac1da393cfd7ba4df

    • SHA256

      e7858e0c3ac80b923e07b79839354a5312cf5aa111ea0ccd761eff679fea3739

    • SHA512

      b5bd93ced7f3924997cb141dd1c9b3d4803f628704a568eabf28d9c47e6bf127644edac83f7b0502abd730dd093cf310438b049333c0521ebb3b3910fee4ed39

    • SSDEEP

      196608:mCbn3KLX2w0WJyTiDhpDUQGNeFRlhKE1l9kzd/1y+Zh7lyFRjbBU6ZS6s0YXBAHP:n3KKGdZGcrnKEz+y+X70xwK36kQQ4u

    Score
    8/10
    collectiondiscoveryevasion

    • Requests cell location

      Uses Android APIs to to get current cell location.

      collectiondiscovery

    • Checks CPU information

      Checks CPU information which indicate if the system is an emulator.

      evasiondiscovery

    • Checks known Qemu files.

      Checks for known Qemu files that exist on Android virtual device images.

      evasion

    • Checks known Qemu pipes.

      Checks for known pipes used by the Android emulator to communicate with the host.

      evasion

    • Checks memory information

      Checks memory information which indicate if the system is an emulator.

      evasiondiscovery

    • Queries information about running processes on the device.

      Application may abuse the framework's APIs to collect information about running processes on the device.

      discovery

    • Queries information about the current Wi-Fi connection.

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

      discovery

    • Listens for changes in the sensor environment (might be used to detect emulation)

      evasion
    behavioral1behavioral2

    • Target

      clean_robot.apk

    • Size

      138KB

    • MD5

      4b31ed065618d2553b64c83127ecf698

    • SHA1

      aa5cee4147e90c362e9f1e804f31af06cffd60c7

    • SHA256

      0ef662cefa04b69c128212edb3847a0b14876a52cd4175527c9489f87d0136cf

    • SHA512

      6febfe8d2ad16ded31439917775e2a032bfe3d01b1bb37461d3c104faeaa978fe5d771af5b845777575ace8007a0bd8bbc823314c41c0e4aec089209ee5c3fe6

    • SSDEEP

      3072:/5DT5xLlH4v9tmgcn6sQfqCeqR6Z188nWFcFXq80:/5DT/LlHQggK6heqR6IyCcF0

    Score
    7/10
    discovery

    • Queries information about running processes on the device.

      Application may abuse the framework's APIs to collect information about running processes on the device.

      discovery

    • Queries information about the current Wi-Fi connection.

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

      discovery
    behavioral3behavioral4behavioral5

MITRE ATT&CK Matrix

Tasks