Overview

overview

8

Static

static

6

fa84ca282f...18.apk

android-9-x86

8

fa84ca282f...18.apk

android-13-x64

8

night.apk

android-9-x86

1

night.apk

android-10-x64

1

night.apk

android-11-x64

1

white.apk

android-9-x86

white.apk

android-10-x64

white.apk

android-11-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fa84ca282f3b047f13106e006ae930ba_JaffaCakes118

  • Size

    25.7MB

  • Sample

    240419-rz9j4seh24

  • MD5

    fa84ca282f3b047f13106e006ae930ba

  • SHA1

    9d84c549de34ac38c85b8a793f24faa88fa0aee1

  • SHA256

    934145fa41c3cce105c994c9fe5129b9976c8d929107a53775b977df6c25d768

  • SHA512

    ca490a8b278a939aa09e3f66f56412fcfb8672b86c0a8fde58d2133e797e7bb21dd99aebbb35ba395c07bbce29b63bbe6e91e58d09fdfbec52f357b649bd8bf4

  • SSDEEP

    786432:eme8i7o6+8Qe+Xjwi9D9nyEHgFIQS1d78:6JouQe6wi9D9yEgIQsd78

Score
8/10
androidbankercollectiondiscoveryevasion

Malware Config

Targets

    • Target

      fa84ca282f3b047f13106e006ae930ba_JaffaCakes118

    • Size

      25.7MB

    • MD5

      fa84ca282f3b047f13106e006ae930ba

    • SHA1

      9d84c549de34ac38c85b8a793f24faa88fa0aee1

    • SHA256

      934145fa41c3cce105c994c9fe5129b9976c8d929107a53775b977df6c25d768

    • SHA512

      ca490a8b278a939aa09e3f66f56412fcfb8672b86c0a8fde58d2133e797e7bb21dd99aebbb35ba395c07bbce29b63bbe6e91e58d09fdfbec52f357b649bd8bf4

    • SSDEEP

      786432:eme8i7o6+8Qe+Xjwi9D9nyEHgFIQS1d78:6JouQe6wi9D9yEgIQsd78

    Score
    8/10
    bankerdiscoveryevasioncollection

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Requests cell location

      Uses Android APIs to to get current cell location.

      collectiondiscovery

    • Checks CPU information

      Checks CPU information which indicate if the system is an emulator.

      evasiondiscovery

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Queries information about running processes on the device.

      Application may abuse the framework's APIs to collect information about running processes on the device.

      discovery

    • Queries information about the current Wi-Fi connection.

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

      discovery

    • Queries the unique device ID (IMEI, MEID, IMSI)

      discovery

    • Reads information about phone network operator.

      discovery

    • Listens for changes in the sensor environment (might be used to detect emulation)

      evasion
    behavioral1behavioral2

    • Target

      night.skin

    • Size

      14KB

    • MD5

      98746113dd1d6f112b027ce3d5102c00

    • SHA1

      154e22cdc1398e00e08d8f50d9a4af702ad0bbb7

    • SHA256

      725c50c35679ee46899962fb15d0b7f26bf1b95ffa355d48a087bec47f1a2494

    • SHA512

      6ee7b1503f6936ffcad61c3a24c0f7c216433508b57c39193a63b3fe5c9fb303a4a9f5dc63fa8c6b99d993479ea0c9ceffc0671b7ac47c39c5d068c10a29f197

    • SSDEEP

      192:jLIhd3KzevVrFSUu4gTQm+VT9G5DdozL/9gh:jLISoFSUu48Qm6e8L/Kh

    Score
    1/10
    behavioral3behavioral4behavioral5

    • Target

      white.skin

    • Size

      2KB

    • MD5

      e46ca277e4779bd23408a130e1574a1c

    • SHA1

      e8ea1d802720c8b659e97f0475fb981a4a047a91

    • SHA256

      32bfaac1b365a514e6e123d8ff13d70e8261cafbf9cdc1d3b7d959961c1c1053

    • SHA512

      56a24d1899c39c9ffa3fde0b63ee23cd9c13fc32b5254e0a6bf2fbe2776df8bb9830e68e8ff5d09665f821715f02a8eafc74bd96f65696e127dcbf1264c1e6c9

    Score
    1/10
    behavioral6behavioral7behavioral8

MITRE ATT&CK Mobile v15

Tasks