4ac94cc0795432d349dd504020eb91e310d166474f340c36548ff422060d4f03

Sharing

Copy URL

Twitter E-mail

General

Target

f998894c7bb9d99e82c9d712d4cc627c_JaffaCakes118
Size

6.7MB
Sample

240419-f3wa4shh74
MD5

f998894c7bb9d99e82c9d712d4cc627c
SHA1

5c117b1e48e91dd704132b5243681888699c8962
SHA256

4ac94cc0795432d349dd504020eb91e310d166474f340c36548ff422060d4f03
SHA512

b05c767375671f9ec31a51052c1f4b418b9a95b4edb627ca29fdd045a6a31aa73e40067b3754ea9e55a34844a5fd4287d812006df63acd166a9f5dbcf14001db
SSDEEP

196608:W9BZESfl0u+kLJlE5HSSQu0bC5GMCTz7TZSD:0Z4kLJlErI6eT3M

Score

8^/10

Malware Config

Targets

- Target
  
  f998894c7bb9d99e82c9d712d4cc627c_JaffaCakes118
- Size
  
  6.7MB
- MD5
  
  f998894c7bb9d99e82c9d712d4cc627c
- SHA1
  
  5c117b1e48e91dd704132b5243681888699c8962
- SHA256
  
  4ac94cc0795432d349dd504020eb91e310d166474f340c36548ff422060d4f03
- SHA512
  
  b05c767375671f9ec31a51052c1f4b418b9a95b4edb627ca29fdd045a6a31aa73e40067b3754ea9e55a34844a5fd4287d812006df63acd166a9f5dbcf14001db
- SSDEEP
  
  196608:W9BZESfl0u+kLJlE5HSSQu0bC5GMCTz7TZSD:0Z4kLJlErI6eT3M
Score

8^/10

banker collection discovery evasion persistence
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Requests cell location
  Uses Android APIs to to get current cell location.
  collection discovery
- Checks CPU information
  Checks CPU information which indicate if the system is an emulator.
  evasion discovery
- Checks known Qemu files.
  Checks for known Qemu files that exist on Android virtual device images.
  evasion
- Checks memory information
  Checks memory information which indicate if the system is an emulator.
  evasion discovery
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Queries information about running processes on the device.
  Application may abuse the framework's APIs to collect information about running processes on the device.
  discovery
- Queries information about the current Wi-Fi connection.
  Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
  discovery
- Queries information about the current nearby Wi-Fi networks.
  Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
  discovery
- Acquires the wake lock
- Reads information about phone network operator.
  discovery
behavioral1 behavioral2
- Target
  
  dmss_v2.jar
- Size
  
  126KB
- MD5
  
  aa64c54de3204df266353f78f8f92743
- SHA1
  
  f30391c3c576f3ad05cae309d4b3ed63759f140f
- SHA256
  
  a9d07897e42c42c15f27ac1e3a907072bce90aeed7cf70ad3c52ea020a2bb1ac
- SHA512
  
  a3be909d084d88dc1da4c0b0fd8dfbcc63d3149308f622b094fb1b9b4a47c2e5fe9633fd7354e2ce281d222fffcfdfd3896708cb398c81f12437aa8f0720690c
- SSDEEP
  
  3072:QWDEMmwiLvzgsHGEIqTriwmelZLoALvFchukchKC+8G/ee:pDpmwiJ2Ur7mhAL+kkcPG1
Score

1^/10
behavioral3 behavioral4 behavioral5
- Target
  
  dump.jar
- Size
  
  68KB
- MD5
  
  fc86a61adb9f6c52f49836de04159cad
- SHA1
  
  ce20ad7819f749db65e64df912e62fc95179c2de
- SHA256
  
  39df03d741bb3e13392fd0c8c39fbbe903aca84b72cf1c04644ef81b13363265
- SHA512
  
  7e44d71baa4cf9db1e805ce17b37b45f9621890aefce5ee5cc5c5e6e94e6cfd144ef1221e475e066b1fe3445f45982d56a107ad6fd65c2dfb6427b680d16b355
- SSDEEP
  
  1536:rAbwGcYLL4MTeEhnlIKDCMzThhqzjUSykxl5R:aFf1JlIKfQU/AjR
Score

1^/10
behavioral6 behavioral7 behavioral8
- Target
  
  dynamic.jar
- Size
  
  77KB
- MD5
  
  c14c8a2f5d3a7c47eb2ca8c1b6e69adb
- SHA1
  
  4e57b3c0f34427aba8a5be40c2e9b627172a89c8
- SHA256
  
  7d7ada76ea057847b5c47ed0f16a6d0e52cdbebbbdb08c1a9519acf70a1a4107
- SHA512
  
  2be420b849c0fa84d3c594ab6bc85255eb54915e05aac5fd3d711e8dc93f484c5a2add2c662a858d4c2ce316a716c9e930122e9cb1047be7482c495242d766e4
- SSDEEP
  
  1536:fLAphepUaQbf6B7Xpy0lL8laR5pSbz1yBjwUP6SrL4z:cuXYm7XpywIoSb8scFL4z
Score

1^/10
behavioral10 behavioral11 behavioral9

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Targets

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Requests cell location

Checks CPU information

Checks known Qemu files.

Checks memory information

Loads dropped Dex/Jar

Makes use of the framework's foreground persistence service

Queries information about running processes on the device.

Queries information about the current Wi-Fi connection.

Queries information about the current nearby Wi-Fi networks.

Acquires the wake lock

Reads information about phone network operator.

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11