051fd97224ea0c84e6835f153dfdf815e74a96c9cf38364bf6b2ec58dae8e837

General

Target

01d79d6d2923632c2dbf9fb1fb90df34_JaffaCakes118
Size

17.2MB
Sample

240426-2r5lasdg39
MD5

01d79d6d2923632c2dbf9fb1fb90df34
SHA1

27ef2a0ebbf10457c296b2bae74152503ecac301
SHA256

051fd97224ea0c84e6835f153dfdf815e74a96c9cf38364bf6b2ec58dae8e837
SHA512

916be6e7e561883146bf961c91854a7db7b27ec057ac508c11ad6ffec40dddd8b84a41ca862bd43573da4204898d507b73dedd7981490e01d139761bc3125047
SSDEEP

393216:2Wf4XIfzQKyWzcoLTyHPnompOTXyNBzifgPeqfWc5MlA:MnPWwNoYBQgPfQA

Score

8^/10

Malware Config

Targets

- Target
  
  01d79d6d2923632c2dbf9fb1fb90df34_JaffaCakes118
- Size
  
  17.2MB
- MD5
  
  01d79d6d2923632c2dbf9fb1fb90df34
- SHA1
  
  27ef2a0ebbf10457c296b2bae74152503ecac301
- SHA256
  
  051fd97224ea0c84e6835f153dfdf815e74a96c9cf38364bf6b2ec58dae8e837
- SHA512
  
  916be6e7e561883146bf961c91854a7db7b27ec057ac508c11ad6ffec40dddd8b84a41ca862bd43573da4204898d507b73dedd7981490e01d139761bc3125047
- SSDEEP
  
  393216:2Wf4XIfzQKyWzcoLTyHPnompOTXyNBzifgPeqfWc5MlA:MnPWwNoYBQgPfQA
Score

1^/10
behavioral1
- Target
  
  ccplaymerket.apk
- Size
  
  5.9MB
- MD5
  
  fec090046d831ce52cf95b5487b866ff
- SHA1
  
  f004c200eb9b2b78ea24cb4d7b9e7aab7de258e7
- SHA256
  
  86632ccbff13be30bb5628e130facf92e8d84e22f95eb5fbf117695209b7f83f
- SHA512
  
  df647a0887a0e714604c1643877fc9f1197bef76e89324df8edd2fdabe91898ea44fca652851c67af3db52a27d9bcc7873bd9fe68289d9db1c4437ae57a830ad
- SSDEEP
  
  98304:EXB2RaqiyR/tRSbgxPCnOpdtXU0jkys0X8bp9Tf7eKtw2k69O0d8gkgv4FSuoyA7:EXBHfOCnQdaPyseW/htu0yNtkubium
Score

8^/10

banker collection credential_access discovery evasion persistence
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion credential_access
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Requests cell location
  Uses Android APIs to to get current cell location.
  collection discovery
- Queries information about running processes on the device
  Application may abuse the framework's APIs to collect information about running processes on the device.
  discovery
- Queries information about the current Wi-Fi connection
  Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
  discovery
- Registers a broadcast receiver at runtime (usually for listening for system events)
  persistence
- Checks if the internet connection is available
  discovery
- Reads information about phone network operator.
  discovery
- Listens for changes in the sensor environment (might be used to detect emulation)
  evasion
behavioral2 behavioral3
- Target
  
  rtk_app.apk
- Size
  
  2.6MB
- MD5
  
  6c7958fa0aaab85d1301461def35d378
- SHA1
  
  1d98e95cbf378edbff4cc279640a622eeb0dc51a
- SHA256
  
  3a69b0a413ee44e8da2a558457f3b9df4d8e65368586cf9d2dc48df75be700d1
- SHA512
  
  528073f2c0419b516e7ada1ec79c148328c5397c41c6f19389f22189279c0b50879d0c4c90a9330c2aa05e554dcf4792b9e3d4722ddf7c3cbdcd257494197732
- SSDEEP
  
  49152:wA1OFsf1w8ZLkmCWwB/ImagZ7xHC0vqz6DxJY0E9kh6RLddpt4KgQM:bOSw8mmCWwB/ImvHCWzYE6RG
Score

8^/10

banker collection credential_access discovery evasion impact persistence
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion credential_access
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Checks CPU information
  Checks CPU information which indicate if the system is an emulator.
  evasion discovery
- Queries information about the current Wi-Fi connection
  Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
  discovery
- Registers a broadcast receiver at runtime (usually for listening for system events)
  persistence
- Checks if the internet connection is available
  discovery
- Queries the unique device ID (IMEI, MEID, IMSI)
  discovery
- Reads information about phone network operator.
  discovery
behavioral4 behavioral5

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Targets

Makes use of the framework's Accessibility service

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Requests cell location

Queries information about running processes on the device

Queries information about the current Wi-Fi connection

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks if the internet connection is available

Reads information about phone network operator.

Listens for changes in the sensor environment (might be used to detect emulation)

Makes use of the framework's Accessibility service

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Checks CPU information

Queries information about the current Wi-Fi connection

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks if the internet connection is available

Queries the unique device ID (IMEI, MEID, IMSI)

Reads information about phone network operator.

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5