1ca758d6cc0765ca8d598e5ae1d5ebd4383ac7aaad132f08925e84985fe3df36

General

Target

019cec6b609d29acd409693e4236065c_JaffaCakes118
Size

1.3MB
Sample

240426-zdj2bsce8v
MD5

019cec6b609d29acd409693e4236065c
SHA1

86aa94cb28e76acb4c912992d9a351eddb51d01f
SHA256

1ca758d6cc0765ca8d598e5ae1d5ebd4383ac7aaad132f08925e84985fe3df36
SHA512

a9b9b44449d91c595d4794b747e5b38b44ddf493f6f43ea432afed60be39418d559dfbf529c5260ec2a01eb05f5389e1611190b4a0006a19113600744d77773d
SSDEEP

24576:P+oL0otaYtXMZMIc7T61VaxP5PFA1ryp5jo+2IjOtuq/13tdHbZKm51Ob833:FQ7YtkcX61icdyXvTjOtuq/1XHNKmjbH

Score

8^/10

Malware Config

Targets

- Target
  
  019cec6b609d29acd409693e4236065c_JaffaCakes118
- Size
  
  1.3MB
- MD5
  
  019cec6b609d29acd409693e4236065c
- SHA1
  
  86aa94cb28e76acb4c912992d9a351eddb51d01f
- SHA256
  
  1ca758d6cc0765ca8d598e5ae1d5ebd4383ac7aaad132f08925e84985fe3df36
- SHA512
  
  a9b9b44449d91c595d4794b747e5b38b44ddf493f6f43ea432afed60be39418d559dfbf529c5260ec2a01eb05f5389e1611190b4a0006a19113600744d77773d
- SSDEEP
  
  24576:P+oL0otaYtXMZMIc7T61VaxP5PFA1ryp5jo+2IjOtuq/13tdHbZKm51Ob833:FQ7YtkcX61icdyXvTjOtuq/1XHNKmjbH
Score

8^/10

banker collection discovery evasion persistence stealth trojan
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Removes its main activity from the application launcher
  stealth trojan evasion
- Checks CPU information
  Checks CPU information which indicate if the system is an emulator.
  evasion discovery
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Queries account information for other applications stored on the device
  Application may abuse the framework's APIs to collect account information stored on the device.
  collection
- Queries information about running processes on the device
  Application may abuse the framework's APIs to collect information about running processes on the device.
  discovery
- Queries information about the current Wi-Fi connection
  Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
  discovery
- Registers a broadcast receiver at runtime (usually for listening for system events)
  persistence
- Checks if the internet connection is available
  discovery
- Queries the unique device ID (IMEI, MEID, IMSI)
  discovery
- Reads information about phone network operator.
  discovery
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Targets

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Removes its main activity from the application launcher

Checks CPU information

Loads dropped Dex/Jar

Queries account information for other applications stored on the device

Queries information about running processes on the device

Queries information about the current Wi-Fi connection

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks if the internet connection is available

Queries the unique device ID (IMEI, MEID, IMSI)

Reads information about phone network operator.

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

behavioral3