irata | 710a155f9b7a1c2b5b12753f437677804bcb2daa2de3a19788cde780ea1bb13b | Triage

Sharing

General

Target

f7afedc2b2ddaed4272534494f4d5d6e_JaffaCakes118
Size

4.0MB
Sample

240418-k3hggaaa8y
MD5

f7afedc2b2ddaed4272534494f4d5d6e
SHA1

f923ced7b203bc61e154db82018448de4a1253e2
SHA256

710a155f9b7a1c2b5b12753f437677804bcb2daa2de3a19788cde780ea1bb13b
SHA512

21acf6e09a5bd6b16b82219b08ff041bdfebb6cfee7146d1226fd6826eaf4798b8e065b56efe6043b338f16765690a6ba4fffe33af0d2b5f2fe1334d1407a626
SSDEEP

98304:R6383MNJvLlID+Ymv/aLJzjUMhM/bL89V:R638Ct5Iq9/aNzjRhM/bLIV

Score

10^/10

irata android banker discovery evasion

Malware Config

Targets

- Target
  
  f7afedc2b2ddaed4272534494f4d5d6e_JaffaCakes118
- Size
  
  4.0MB
- MD5
  
  f7afedc2b2ddaed4272534494f4d5d6e
- SHA1
  
  f923ced7b203bc61e154db82018448de4a1253e2
- SHA256
  
  710a155f9b7a1c2b5b12753f437677804bcb2daa2de3a19788cde780ea1bb13b
- SHA512
  
  21acf6e09a5bd6b16b82219b08ff041bdfebb6cfee7146d1226fd6826eaf4798b8e065b56efe6043b338f16765690a6ba4fffe33af0d2b5f2fe1334d1407a626
- SSDEEP
  
  98304:R6383MNJvLlID+Ymv/aLJzjUMhM/bL89V:R638Ct5Iq9/aNzjRhM/bLIV
Score

8^/10

banker discovery evasion
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Checks CPU information
  Checks CPU information which indicate if the system is an emulator.
  evasion discovery
- Checks memory information
  Checks memory information which indicate if the system is an emulator.
  evasion discovery
- Acquires the wake lock
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Queries the unique device ID (IMEI, MEID, IMSI)
  discovery
- Reads information about phone network operator.
  discovery
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

System Checks

Credential Access

Discovery

Software Discovery

Security Software Discovery

System Information Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bankerdiscoveryevasion

behavioral2

bankerdiscoveryevasion

behavioral3

bankerdiscoveryevasion