Overview

overview

8

Static

static

6

03c3db1130...18.apk

android-9-x86

7

alipay_plu...sp.apk

android-9-x86

8

bdxadsdk.apk

android-9-x86

bdxadsdk.apk

android-10-x64

bdxadsdk.apk

android-11-x64

muzhiwanapp.apk

android-9-x86

8

muzhiwanapp.apk

android-10-x64

7

mzw_d.apk

android-9-x86

mzw_g.apk

android-9-x86

mzw_g.apk

android-10-x64

mzw_g.apk

android-11-x64

stasdk_core.apk

android-9-x86

7

stasdk_core.apk

android-10-x64

8

bdxadsdk.apk

android-9-x86

bdxadsdk.apk

android-10-x64

bdxadsdk.apk

android-11-x64

gdtadv2.apk

android-9-x86

gdtadv2.apk

android-10-x64

gdtadv2.apk

android-11-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    03c3db1130badaefcc531d5bfed44f98_JaffaCakes118

  • Size

    30.8MB

  • Sample

    240427-2dfp1sac4v

  • MD5

    03c3db1130badaefcc531d5bfed44f98

  • SHA1

    79137df661f19ae03742353e03319f326729f2a1

  • SHA256

    a754307414a4467ca04a1d1a70c30ae23b8e21a1ee8054b1b092b437631adee5

  • SHA512

    f3de6de56be48b5aacc2768e09558e4e125da79eb91c51d74505ca4d1e29fb16694a33063abf89e6965197ad3d028cb4f97c6e8f87a239f9f0230005cfde86c8

  • SSDEEP

    786432:7pnc2/D6i2h4fmhapfm0wCDa8dy6mPk51KyciCR6IjJx6dY:7pnqhMPm0NDa8Q61TKJR/

Score
8/10
androidbankercollectiondiscoveryevasionpersistence

Malware Config

Targets

    • Target

      03c3db1130badaefcc531d5bfed44f98_JaffaCakes118

    • Size

      30.8MB

    • MD5

      03c3db1130badaefcc531d5bfed44f98

    • SHA1

      79137df661f19ae03742353e03319f326729f2a1

    • SHA256

      a754307414a4467ca04a1d1a70c30ae23b8e21a1ee8054b1b092b437631adee5

    • SHA512

      f3de6de56be48b5aacc2768e09558e4e125da79eb91c51d74505ca4d1e29fb16694a33063abf89e6965197ad3d028cb4f97c6e8f87a239f9f0230005cfde86c8

    • SSDEEP

      786432:7pnc2/D6i2h4fmhapfm0wCDa8dy6mPk51KyciCR6IjJx6dY:7pnqhMPm0NDa8Q61TKJR/

    Score
    7/10
    evasion

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion
    behavioral1

    • Target

      alipay_plugin_20120428msp.apk

    • Size

      354KB

    • MD5

      89c04e1ebcd58eca6dd93211628ed0bc

    • SHA1

      7d1e77ce25a635299704dbd95bd95c697572ea9d

    • SHA256

      ee3c608fff51b313f4e0b3e542bedccb4d4db4c8eb44e63bf4be0d468e9ee117

    • SHA512

      3dccaeff9906401855f3071c91012926d7e9250674ea0bb89606e4862223a8343fc7b9369afe4e50031d261b45437107c018f565da5615c49721c3bf1bf6ed01

    • SSDEEP

      6144:cH8LfOo+BjGVN8TdW4zxgnm1Us3JuOK2vf5C8EcPK+WvyQcQ2fnq7:cHLxBiVN8pWggmlY25CLE8RcQ2fnq7

    Score
    8/10
    collectiondiscovery

    • Requests cell location

      Uses Android APIs to to get current cell location.

      collectiondiscovery

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

      discovery

    • Checks if the internet connection is available

      discovery
    behavioral2

    • Target

      bdxadsdk.jar

    • Size

      85KB

    • MD5

      3c850ffec5bdd850f123077ca210a411

    • SHA1

      1c1ae4678b8a3b65640f047cb1bd72bc70d66f97

    • SHA256

      516023ce55fff40074d3c3d9016c023b1fc7dfba2b59c172f89141f1484d418e

    • SHA512

      aa3611687b6140ee9214392a84bc1ef55a6425a84a4e413dfcb2e936a931b9015e1e4ec53ad73539d26622427f9e6da0eae5c58ffc18285de42fc15639d786dd

    • SSDEEP

      1536:E4A1vm52J1h/mgxeek9/Ckkf1THL8BNbM/DXO8Q/3yJ463v6hHA0UGcVrSj:e9mkJ1tmg/I/tkdP8sa80O42uXcVrE

    Score
    1/10
    behavioral3behavioral4behavioral5

    • Target

      muzhiwanapp.apk

    • Size

      6.7MB

    • MD5

      f166fff17a539f053550965c87c42054

    • SHA1

      8be071793576b6e324db218f02a017439fe826a3

    • SHA256

      efa8e431c5d5b3bda3cfc0da4392d14ef447643412bbea22536a155c7aae82b4

    • SHA512

      26869689b5a58e52e63d95b07cf04f560c4580e9bd408a432a61acace492201ffe93cb7e4166a360530eff8fa3827ae0df83ee43e30daa7f670010d59a8bab8a

    • SSDEEP

      98304:thCSkJBDmTuhW+7eF0JUQ4KMB6NQP4WfxRENHpxPOJHMMC1dh4Zadvtvc8Y6dtR3:nru6wUQMBj4WfOHp+HPC1z4mkKdYIx

    Score
    8/10
    bankerdiscoveryevasionpersistence

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Checks CPU information

      Checks CPU information which indicate if the system is an emulator.

      evasiondiscovery

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

      discovery

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

      discovery

    • Registers a broadcast receiver at runtime (usually for listening for system events)

      persistence

    • Acquires the wake lock

    • Checks if the internet connection is available

      discovery

    • Queries the unique device ID (IMEI, MEID, IMSI)

      discovery

    • Reads information about phone network operator.

      discovery
    behavioral6behavioral7

    • Target

      mzw_d

    • Size

      59KB

    • MD5

      b2a8fd2dba92c8f75869f79c70d441da

    • SHA1

      faaf88b3c3653fc205a3a125ccb77fbc87b76215

    • SHA256

      2514431fe50d909ac1385e07341ed8878b5f2400df151df5a43a59b98a31ea02

    • SHA512

      a66893a5bb935dfefdc12ea32c2407cf9d8d040ff82852b415c599beb94d002ce77ec15bbac3f78ae6758a8c7f5e83c799ad84fb8ce2e6763da88a9bb20aa7b6

    • SSDEEP

      1536:zsgtqpcH/obgLKxe7wust6XTyLaFcBowg/pL2Nka2MXX3C:zsqqKH/BKxXMXTym/pyKiXnC

    Score
    1/10
    behavioral8

    • Target

      mzw_g

    • Size

      42KB

    • MD5

      c04d422c5a4bf58a127bbf2bf014965c

    • SHA1

      3b1f3f4ad21fe0febe567e5a56996a7e61658cf9

    • SHA256

      7a28fd857e1283e351d37931cc6e23cd6de5ad2fd4d3d23337a6f162b07f3978

    • SHA512

      6cb2768a8344e3da470472ea906b5be2e33a24384efe35cdc3c0b0c24351c3b34444a4d2d6a9e21c48927b85554aaa3904fb0361071c0711841565222253e0a8

    • SSDEEP

      768:ccPeR+EU5maX9WkB/gUrXFWLKxe7X+Fu9hRv6Xf3QpD+X7aFkuzkjEC:ccPeRiNWkZbgLKxe7wuzt6XCyLaFm3

    Score
    1/10
    behavioral10behavioral11behavioral9

    • Target

      stasdk_core

    • Size

      2.1MB

    • MD5

      e1dd5bacfa75b9cf6abf6eaa1635e3c7

    • SHA1

      96a86954d989f634798c91523712c34eab06da3d

    • SHA256

      8dc8a08cb4af889317d11fec26e2c1058f2af5056a4dbc25deaec8707073947f

    • SHA512

      e62c106f91d7a7202411a6938ed721fa695257f205e93772a87c59804a899a1bafd4887d48f2c9f33e5fe3ab6965227beb3fee007515ceb926e83d0e990fcc37

    • SSDEEP

      49152:V1anRWSRRAeAOHy5mWr7cZVsjFrcZzVCuSlH7WKYnRgIpLLw:naRW0AqyJ0vsjFGzoNK7nRgIpLw

    Score
    8/10
    discoverypersistencecollectionevasion

    • Requests cell location

      Uses Android APIs to to get current cell location.

      collectiondiscovery

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

      discovery

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

      discovery

    • Queries information about the current nearby Wi-Fi networks

      Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

      discovery

    • Registers a broadcast receiver at runtime (usually for listening for system events)

      persistence

    • Checks if the internet connection is available

      discovery

    • Queries the unique device ID (IMEI, MEID, IMSI)

      discovery
    behavioral12behavioral13

    • Target

      bdxadsdk.jar

    • Size

      85KB

    • MD5

      3c850ffec5bdd850f123077ca210a411

    • SHA1

      1c1ae4678b8a3b65640f047cb1bd72bc70d66f97

    • SHA256

      516023ce55fff40074d3c3d9016c023b1fc7dfba2b59c172f89141f1484d418e

    • SHA512

      aa3611687b6140ee9214392a84bc1ef55a6425a84a4e413dfcb2e936a931b9015e1e4ec53ad73539d26622427f9e6da0eae5c58ffc18285de42fc15639d786dd

    • SSDEEP

      1536:E4A1vm52J1h/mgxeek9/Ckkf1THL8BNbM/DXO8Q/3yJ463v6hHA0UGcVrSj:e9mkJ1tmg/I/tkdP8sa80O42uXcVrE

    Score
    1/10
    behavioral14behavioral15behavioral16

    • Target

      gdtadv2.jar

    • Size

      142KB

    • MD5

      f0b930680aa93a62bb77d1916e64a3d7

    • SHA1

      fc30b5641b8d32e4efeaf409d07a4d520a95a6da

    • SHA256

      8f109682334d43d811c7d56620c5eb30c9bc1a89f3f36b91232aeb142a6f6ba7

    • SHA512

      2a503f3aefd5ed8634dbc85cd952d10625e4bc18badc0661c7cfcc3345cfb43ba1e153d9fb264703e4cf0d6c40ac601942e841b9537125072f884c283adb5b99

    • SSDEEP

      3072:mZmii8gAi97ZHbwRILfiNJkAzzBdtCQnm:m8B99TZA/3m

    Score
    1/10
    behavioral17behavioral18behavioral19

MITRE ATT&CK Matrix

Tasks