Overview

overview

8

Static

static

6

f7d208f489...18.apk

android-9-x86

8

f7d208f489...18.apk

android-13-x64

alipay_msp.apk

android-9-x86

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f7d208f489a09d7022d673b70810c703_JaffaCakes118

  • Size

    17.3MB

  • Sample

    240418-mpf3labh61

  • MD5

    f7d208f489a09d7022d673b70810c703

  • SHA1

    8fc88c2b16da36fc17c75c19cc9023f44982a0eb

  • SHA256

    d0c52be0a4316f52c646c7bafd5bbf46287e914273a036b1596977733e20daa3

  • SHA512

    4b7c3f7b3d93db213d24dc5a5345baa3036e7770b1657cfdeca12991a37ac0891853d122db259258ff41626ca6027bb4a01993bc00d44b280c39980bc914416d

  • SSDEEP

    393216:ikGDMunasybUpEQ3Yd81S8gsqNaWDuhVOv4Ik/dMZ3eN349k:LAMsasIu53b1yW8u04Iodd49k

Score
8/10
androidbankercollectiondiscoveryevasion

Malware Config

Targets

    • Target

      f7d208f489a09d7022d673b70810c703_JaffaCakes118

    • Size

      17.3MB

    • MD5

      f7d208f489a09d7022d673b70810c703

    • SHA1

      8fc88c2b16da36fc17c75c19cc9023f44982a0eb

    • SHA256

      d0c52be0a4316f52c646c7bafd5bbf46287e914273a036b1596977733e20daa3

    • SHA512

      4b7c3f7b3d93db213d24dc5a5345baa3036e7770b1657cfdeca12991a37ac0891853d122db259258ff41626ca6027bb4a01993bc00d44b280c39980bc914416d

    • SSDEEP

      393216:ikGDMunasybUpEQ3Yd81S8gsqNaWDuhVOv4Ik/dMZ3eN349k:LAMsasIu53b1yW8u04Iodd49k

    Score
    8/10
    bankercollectiondiscoveryevasion

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Requests cell location

      Uses Android APIs to to get current cell location.

      collectiondiscovery

    • Checks CPU information

      Checks CPU information which indicate if the system is an emulator.

      evasiondiscovery

    • Checks known Qemu files.

      Checks for known Qemu files that exist on Android virtual device images.

      evasion

    • Checks known Qemu pipes.

      Checks for known pipes used by the Android emulator to communicate with the host.

      evasion

    • Checks memory information

      Checks memory information which indicate if the system is an emulator.

      evasiondiscovery

    • Queries account information for other applications stored on the device.

      Application may abuse the framework's APIs to collect account information stored on the device.

      collection

    • Queries information about running processes on the device.

      Application may abuse the framework's APIs to collect information about running processes on the device.

      discovery

    • Queries information about the current Wi-Fi connection.

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

      discovery

    • Queries information about the current nearby Wi-Fi networks.

      Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

      discovery

    • Queries the unique device ID (IMEI, MEID, IMSI)

      discovery

    • Reads information about phone network operator.

      discovery
    behavioral1behavioral2

    • Target

      alipay_msp.apk

    • Size

      354KB

    • MD5

      89c04e1ebcd58eca6dd93211628ed0bc

    • SHA1

      7d1e77ce25a635299704dbd95bd95c697572ea9d

    • SHA256

      ee3c608fff51b313f4e0b3e542bedccb4d4db4c8eb44e63bf4be0d468e9ee117

    • SHA512

      3dccaeff9906401855f3071c91012926d7e9250674ea0bb89606e4862223a8343fc7b9369afe4e50031d261b45437107c018f565da5615c49721c3bf1bf6ed01

    • SSDEEP

      6144:cH8LfOo+BjGVN8TdW4zxgnm1Us3JuOK2vf5C8EcPK+WvyQcQ2fnq7:cHLxBiVN8pWggmlY25CLE8RcQ2fnq7

    Score
    8/10
    collectiondiscovery

    • Requests cell location

      Uses Android APIs to to get current cell location.

      collectiondiscovery

    • Queries information about the current Wi-Fi connection.

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

      discovery
    behavioral3

MITRE ATT&CK Matrix

Tasks