Overview

overview

7

Static

static

6

f91e82665d...18.apk

android-9-x86

7

f91e82665d...18.apk

android-10-x64

7

f91e82665d...18.apk

android-11-x64

7

pushplugin.apk

android-9-x86

pushplugin.apk

android-10-x64

pushplugin.apk

android-11-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f91e82665d80cec11d15f4431bc8d8f2_JaffaCakes118

  • Size

    2.0MB

  • Sample

    240419-a1chbsbe44

  • MD5

    f91e82665d80cec11d15f4431bc8d8f2

  • SHA1

    783ed7e86bbef6f2ebd0596615b5bc6d8780dc52

  • SHA256

    cfcb1a5a40e6a0b5f85d34e48c223a608124b478c117681dc47b3df2c244264d

  • SHA512

    0557324ff4d9be6fcfca70ddf996278a2d531877181dbbc6a59389784075c6e84124b376c44ba55e9fc970852b31ab478052b758e52d88e2483c6dd789a88c3f

  • SSDEEP

    49152:e/6X+yQ1536YUWR3OknEAUhxdZXRQ1dugkg:Ui61531m9zSz

Score
7/10
androidcollectiondiscoveryevasion

Malware Config

Targets

    • Target

      f91e82665d80cec11d15f4431bc8d8f2_JaffaCakes118

    • Size

      2.0MB

    • MD5

      f91e82665d80cec11d15f4431bc8d8f2

    • SHA1

      783ed7e86bbef6f2ebd0596615b5bc6d8780dc52

    • SHA256

      cfcb1a5a40e6a0b5f85d34e48c223a608124b478c117681dc47b3df2c244264d

    • SHA512

      0557324ff4d9be6fcfca70ddf996278a2d531877181dbbc6a59389784075c6e84124b376c44ba55e9fc970852b31ab478052b758e52d88e2483c6dd789a88c3f

    • SSDEEP

      49152:e/6X+yQ1536YUWR3OknEAUhxdZXRQ1dugkg:Ui61531m9zSz

    Score
    7/10
    collectiondiscoveryevasion

    • Checks CPU information

      Checks CPU information which indicate if the system is an emulator.

      evasiondiscovery

    • Checks memory information

      Checks memory information which indicate if the system is an emulator.

      evasiondiscovery

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Queries information about running processes on the device.

      Application may abuse the framework's APIs to collect information about running processes on the device.

      discovery

    • Queries information about the current Wi-Fi connection.

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

      discovery

    • Queries information about the current nearby Wi-Fi networks.

      Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

      discovery

    • Queries the phone number (MSISDN for GSM devices)

      discovery

    • Reads the content of SMS inbox messages.

      collection

    • Queries the unique device ID (IMEI, MEID, IMSI)

      discovery

    • Reads information about phone network operator.

      discovery

    • Requests dangerous framework permissions

    behavioral1behavioral2behavioral3

    • Target

      pushplugin.mp

    • Size

      68KB

    • MD5

      1cc2bda5b2446238ddd1047ef0688a03

    • SHA1

      90886b519a020b36598b6b6c3b0bcdd3249fabbe

    • SHA256

      46d87a2ed30d8ef57cf2c09b17cb6351fa12f33cd67b8832663732c346ded902

    • SHA512

      56dafc0d4c8d60b21da05bc44e2d9ecc86bba6624f7036c9f1018478333545e0f5348506f655b959087e5144dc32921e9b20697052409aa8a6b6b2538ace0c41

    • SSDEEP

      1536:CjGFf21wJeTa9jz5+1k+1W8qkcXT47IDT9NgunpSOx:dFf21H4jz5H+1jcXD3vgCIo

    Score
    1/10
    behavioral4behavioral5behavioral6

MITRE ATT&CK Matrix

Tasks