218bd1e0a103bb0438971b70afdd9622dd49dd511e9fed764d395face7d4499f

General

Target

02df50169784fdbc30a293d446b0aed3_JaffaCakes118
Size

31.6MB
Sample

240427-kta12afg6x
MD5

02df50169784fdbc30a293d446b0aed3
SHA1

8c27fed020348b8e9b54b54c261bb8ed3bbbe934
SHA256

218bd1e0a103bb0438971b70afdd9622dd49dd511e9fed764d395face7d4499f
SHA512

d9a6aafd74f682b2ba93cd9b9c0b697963a5f444c571c4907f4051976ecd5c5b2fe751afe04c084c0a78ed1123ad209ca1c4fde105a6a0e1cbb36c3ec4f3fa69
SSDEEP

786432:xu6oEJuSRf6hBCr9+AB0UuFbRK5iHUEHMPpd+9/qZ0K:xu6ATAz8W/+Zs0K

Score

8^/10

Malware Config

Targets

- Target
  
  02df50169784fdbc30a293d446b0aed3_JaffaCakes118
- Size
  
  31.6MB
- MD5
  
  02df50169784fdbc30a293d446b0aed3
- SHA1
  
  8c27fed020348b8e9b54b54c261bb8ed3bbbe934
- SHA256
  
  218bd1e0a103bb0438971b70afdd9622dd49dd511e9fed764d395face7d4499f
- SHA512
  
  d9a6aafd74f682b2ba93cd9b9c0b697963a5f444c571c4907f4051976ecd5c5b2fe751afe04c084c0a78ed1123ad209ca1c4fde105a6a0e1cbb36c3ec4f3fa69
- SSDEEP
  
  786432:xu6oEJuSRf6hBCr9+AB0UuFbRK5iHUEHMPpd+9/qZ0K:xu6ATAz8W/+Zs0K
Score

8^/10

banker discovery evasion impact persistence
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Checks CPU information
  Checks CPU information which indicate if the system is an emulator.
  evasion discovery
- Checks memory information
  Checks memory information which indicate if the system is an emulator.
  evasion discovery
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Queries information about running processes on the device
  Application may abuse the framework's APIs to collect information about running processes on the device.
  discovery
- Queries information about the current Wi-Fi connection
  Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
  discovery
- Registers a broadcast receiver at runtime (usually for listening for system events)
  persistence
- Checks if the internet connection is available
  discovery
- Queries the unique device ID (IMEI, MEID, IMSI)
  discovery
- Reads information about phone network operator.
  discovery
behavioral1 behavioral2
- Target
  
  DaemonClient.zip
- Size
  
  411KB
- MD5
  
  59e2d0e1b4ed0e0be6bcd81f08fdeaa6
- SHA1
  
  c9a35bfa1e9309651bfb96cd200db5b5b0cc22a6
- SHA256
  
  78ac2c9431209e6cf92ccc354bafe1ad193b578818a469ea5a634d6cf6899022
- SHA512
  
  db693536738b4e3059c01f2f6b1cd7fb89ed4e307ae1a06f5e2b69d0ae54deb99be6929aa2cd4b051822155b32d1923d6783f71743c8fd9dc05a685069468951
- SSDEEP
  
  12288:kuzvm6tQiy82dr9nJstgk5im6geSZV6ca:Bvm6a7d9ne/5im6HST6ca
Score

1^/10
behavioral3 behavioral4 behavioral5

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Targets

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Checks CPU information

Checks memory information

Makes use of the framework's foreground persistence service

Queries information about running processes on the device

Queries information about the current Wi-Fi connection

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks if the internet connection is available

Queries the unique device ID (IMEI, MEID, IMSI)

Reads information about phone network operator.

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5