Overview

overview

8

Static

static

6

01375b31aa...18.apk

android-9-x86

8

01375b31aa...18.apk

android-10-x64

8

dalvikhack.apk

android-9-x86

dalvikhack.apk

android-10-x64

dalvikhack.apk

android-11-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    01375b31aa80ac8b081b19117f354330_JaffaCakes118

  • Size

    8.5MB

  • Sample

    240426-vbl1pafh56

  • MD5

    01375b31aa80ac8b081b19117f354330

  • SHA1

    7339d93a3abcfa9d1042cc5ea8f407e7386ffb3e

  • SHA256

    017bd97dc8b1ba0f2f53c8c8c3b86e9fea3faea02023c8005679e62ed3a4540c

  • SHA512

    90f86f3f8f0a74b1b04b327c2208f06ddd449c6ded39005cb3e07a9d6df940cd858d24b0993217deddfffffaa0ffc7f829a2854f72cec2d161d1766831ca86d9

  • SSDEEP

    196608:WZ+zsBHfHbSwEgnmBzyaZV9Y2pTiXWL+AQaGRkQYZgG5MqP:ucsRzSwEgnszy4V9Y8eXfCCYWGei

Score
8/10
androidbankercollectiondiscoveryevasionimpactpersistence

Malware Config

Targets

    • Target

      01375b31aa80ac8b081b19117f354330_JaffaCakes118

    • Size

      8.5MB

    • MD5

      01375b31aa80ac8b081b19117f354330

    • SHA1

      7339d93a3abcfa9d1042cc5ea8f407e7386ffb3e

    • SHA256

      017bd97dc8b1ba0f2f53c8c8c3b86e9fea3faea02023c8005679e62ed3a4540c

    • SHA512

      90f86f3f8f0a74b1b04b327c2208f06ddd449c6ded39005cb3e07a9d6df940cd858d24b0993217deddfffffaa0ffc7f829a2854f72cec2d161d1766831ca86d9

    • SSDEEP

      196608:WZ+zsBHfHbSwEgnmBzyaZV9Y2pTiXWL+AQaGRkQYZgG5MqP:ucsRzSwEgnszy4V9Y8eXfCCYWGei

    Score
    8/10
    bankercollectiondiscoveryevasionimpactpersistence

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Checks CPU information

      Checks CPU information which indicate if the system is an emulator.

      evasiondiscovery

    • Checks memory information

      Checks memory information which indicate if the system is an emulator.

      evasiondiscovery

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

      discovery

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

      discovery

    • Queries information about the current nearby Wi-Fi networks

      Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

      discovery

    • Queries the phone number (MSISDN for GSM devices)

      discovery

    • Registers a broadcast receiver at runtime (usually for listening for system events)

      persistence

    • Checks if the internet connection is available

      discovery

    • Queries the unique device ID (IMEI, MEID, IMSI)

      discovery

    • Requests cell location

      Uses Android APIs to to get current cell information.

      collectiondiscovery
    behavioral1behavioral2

    • Target

      dalvikhack.jar

    • Size

      614B

    • MD5

      200ede2b2de6668263a6cc2ff28a66b5

    • SHA1

      26df4259ceb3eecfa1e2a400ccfd8cf45d29755f

    • SHA256

      46f544fd7ab1d7979dacc0377302718f27b28686155e005b17cb3c9b565db3a6

    • SHA512

      9d82cd45f12e0a7faac241ff685aae45f5d5c8e817a5da083644f931ef6650a9f84d1b0d8d82443e234ad2095d8c27f117f832ae623ccb676e17781f20508c4c

    Score
    1/10
    behavioral3behavioral4behavioral5

MITRE ATT&CK Matrix

Tasks