adb7b4b94aeac56bb69697a57dc7a5487bc873de6376df0726608cee73726b35

General

Target

0279300628e7f34cdae4fd2fa9c52ef3_JaffaCakes118
Size

6.6MB
Sample

240427-fldpqsbe57
MD5

0279300628e7f34cdae4fd2fa9c52ef3
SHA1

ac0f54f98e7156ce6db80c09ff5a4326a09c7cda
SHA256

adb7b4b94aeac56bb69697a57dc7a5487bc873de6376df0726608cee73726b35
SHA512

30d3115965c9c04c9f153ec7c88ae0f1738aa07d66bc4a68f12b477f9c22b206e934ca07098c983dc3df284fe5128b446e0d99360ae1bdff43be87f2b5293deb
SSDEEP

98304:/Xvts2mSpPk5CD3x2SDZmsQnKaSvXVfVx8wQOvxZ9YiWAFXP+Qswh1gRT:9s2mSp8uxDvQ+tjqk9YiWAFXFLTgZ

Score

8^/10

Malware Config

Targets

- Target
  
  0279300628e7f34cdae4fd2fa9c52ef3_JaffaCakes118
- Size
  
  6.6MB
- MD5
  
  0279300628e7f34cdae4fd2fa9c52ef3
- SHA1
  
  ac0f54f98e7156ce6db80c09ff5a4326a09c7cda
- SHA256
  
  adb7b4b94aeac56bb69697a57dc7a5487bc873de6376df0726608cee73726b35
- SHA512
  
  30d3115965c9c04c9f153ec7c88ae0f1738aa07d66bc4a68f12b477f9c22b206e934ca07098c983dc3df284fe5128b446e0d99360ae1bdff43be87f2b5293deb
- SSDEEP
  
  98304:/Xvts2mSpPk5CD3x2SDZmsQnKaSvXVfVx8wQOvxZ9YiWAFXP+Qswh1gRT:9s2mSp8uxDvQ+tjqk9YiWAFXFLTgZ
Score

8^/10

banker discovery evasion persistence collection credential_access impact
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Checks memory information
  Checks memory information which indicate if the system is an emulator.
  evasion discovery
- Obtains sensitive information copied to the device clipboard
  Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
  collection credential_access impact
- Queries information about the current Wi-Fi connection
  Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
  discovery
- Queries the mobile country code (MCC)
  discovery
- Registers a broadcast receiver at runtime (usually for listening for system events)
  persistence
- Checks if the internet connection is available
  discovery
- Queries the unique device ID (IMEI, MEID, IMSI)
  discovery
behavioral1 behavioral2 behavioral3
- Target
  
  launcher3.apk
- Size
  
  5.7MB
- MD5
  
  d279dfe58f0054050233e18ee2cea9ed
- SHA1
  
  cc85f1492dd2614e2360b67c72d05681f063d373
- SHA256
  
  826b6da121cdca3a3c074872db48d65496202dc1d2aeb7bf9e2ad1b3f64a54f3
- SHA512
  
  7b683c357326ca699270c6f922baae0066c5e69dd7d61f4248811e11c8a872933dfcb049a39fba491fdfeabaf753aaa9a67a06b2d14096a4b7f5c38310bdd44d
- SSDEEP
  
  98304:ms2mSpPk5CD3x2SDZmsQnKaSvXVfVx8wQOvxZ9YiWAFXP+Qb:ms2mSp8uxDvQ+tjqk9YiWAFXFb
Score

7^/10

collection discovery evasion persistence ransomware
- Checks CPU information
  Checks CPU information which indicate if the system is an emulator.
  evasion discovery
- Checks memory information
  Checks memory information which indicate if the system is an emulator.
  evasion discovery
- Queries information about the current Wi-Fi connection
  Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
  discovery
- Reads the content of SMS inbox messages.
  collection
- Reads the content of the SMS messages.
  collection
- Reads the content of the call log.
  collection
- Registers a broadcast receiver at runtime (usually for listening for system events)
  persistence
- Checks if the internet connection is available
  discovery
- Changes the wallpaper (common with ransomware activity)
  ransomware
behavioral4
- Target
  
  xiubizhi.apk
- Size
  
  1.1MB
- MD5
  
  af8d88227ec2ced57189143288f896d1
- SHA1
  
  5e0d4b5453b899ce6d2ca16e8e90f49ec27a3dd4
- SHA256
  
  4e3d5540768c98546f8c1b8192bbb2aeeccb1a7bc3e8210f7321083ce76879d8
- SHA512
  
  35dd0b7af8a8a54d224a6c8d8bd88b6dc5672f64eaa2e0aef0c5fc1375f3e9c0351e233fb77ed25a120f7e04d46a19cf0d242d33d74998a7060b91ec8edc10a9
- SSDEEP
  
  24576:1cPNnPWxR92iX574jV0vzZxfE6z11ojpmkDb60QHid50Il/9F+:2Pk2ljV0LZxfE/pmkD+0QHZU+
Score

8^/10

banker discovery persistence
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Queries information about the current Wi-Fi connection
  Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
  discovery
- Registers a broadcast receiver at runtime (usually for listening for system events)
  persistence
- Checks if the internet connection is available
  discovery
- Queries the unique device ID (IMEI, MEID, IMSI)
  discovery
behavioral5 behavioral6 behavioral7

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Targets

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Checks memory information

Obtains sensitive information copied to the device clipboard

Queries information about the current Wi-Fi connection

Queries the mobile country code (MCC)

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks if the internet connection is available

Queries the unique device ID (IMEI, MEID, IMSI)

Checks CPU information

Checks memory information

Queries information about the current Wi-Fi connection

Reads the content of SMS inbox messages.

Reads the content of the SMS messages.

Reads the content of the call log.

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks if the internet connection is available

Changes the wallpaper (common with ransomware activity)

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Queries information about the current Wi-Fi connection

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks if the internet connection is available

Queries the unique device ID (IMEI, MEID, IMSI)

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7