Overview

overview

8

Static

static

6

fa7eb2c8d1...18.apk

android-9-x86

8

fa7eb2c8d1...18.apk

android-13-x64

8

gdtadv2.apk

android-9-x86

gdtadv2.apk

android-10-x64

gdtadv2.apk

android-11-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fa7eb2c8d1fb4d692602ec420a2cb24c_JaffaCakes118

  • Size

    8.3MB

  • Sample

    240419-rqx5qafe2w

  • MD5

    fa7eb2c8d1fb4d692602ec420a2cb24c

  • SHA1

    701972a96ad7ad03afd46f622f680ad7d815c16f

  • SHA256

    b4a14e47ff4a65969de05364cbf8c644c53468a7c4d88899d39982f929ac4ab0

  • SHA512

    82c8fd9ec9aac8d7a7a5cdd21b1856f577f91db9bb108ac495c4865ae875498be485504b49ddba91f0432b8b3cf7eccd8f2b68ad6cdc63601173c3a1b5459dee

  • SSDEEP

    196608:ag4OVJo/uB0QLGZ1SLPA9ZqiauWjzhQQx55xLQMn6H9o4iAn7HaHvHtYvpMqaFN7:a9OJ9LGZ1SrA2qWjzGQx55d5n6H9o+nm

Score
8/10
androidbankercollectiondiscoveryevasion

Malware Config

Targets

    • Target

      fa7eb2c8d1fb4d692602ec420a2cb24c_JaffaCakes118

    • Size

      8.3MB

    • MD5

      fa7eb2c8d1fb4d692602ec420a2cb24c

    • SHA1

      701972a96ad7ad03afd46f622f680ad7d815c16f

    • SHA256

      b4a14e47ff4a65969de05364cbf8c644c53468a7c4d88899d39982f929ac4ab0

    • SHA512

      82c8fd9ec9aac8d7a7a5cdd21b1856f577f91db9bb108ac495c4865ae875498be485504b49ddba91f0432b8b3cf7eccd8f2b68ad6cdc63601173c3a1b5459dee

    • SSDEEP

      196608:ag4OVJo/uB0QLGZ1SLPA9ZqiauWjzhQQx55xLQMn6H9o4iAn7HaHvHtYvpMqaFN7:a9OJ9LGZ1SrA2qWjzGQx55d5n6H9o+nm

    Score
    8/10
    bankercollectiondiscoveryevasion

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Requests cell location

      Uses Android APIs to to get current cell location.

      collectiondiscovery

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Queries information about running processes on the device.

      Application may abuse the framework's APIs to collect information about running processes on the device.

      discovery

    • Queries information about the current Wi-Fi connection.

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

      discovery

    • Queries information about the current nearby Wi-Fi networks.

      Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

      discovery

    • Reads information about phone network operator.

      discovery
    behavioral1behavioral2

    • Target

      gdtadv2.jar

    • Size

      240KB

    • MD5

      f73389c27d23a9090a7a6c81e231b774

    • SHA1

      25924157d4122f40ef78e86aea40b589457900f9

    • SHA256

      8e2be609b620003e353d8b554a486fca1256c8021b44ae8c1580545da828725a

    • SHA512

      9699a5ec4a7b076146b263f28637a349ce03d18287bc9d03ce6c4c73c055f8f4d16d65de30ea4ab625bb0805a14e4ddc2ed302e47cc908c447f353cd15024c32

    • SSDEEP

      6144:mnTJSUfOFvZ4bzbvq2S5A7KLPRfU+peOOh0OK:mVOB6nquKVBkJh0OK

    Score
    1/10
    behavioral3behavioral4behavioral5

MITRE ATT&CK Mobile v15

Tasks