a491ba78d147e29e73d0602a76edf622224932b3c16877f7afb8702c1a4db5b9

General

Target

0839d451cd7314446fcb906f13e2ca5d_JaffaCakes118
Size

24.1MB
Sample

240429-v36jeagc28
MD5

0839d451cd7314446fcb906f13e2ca5d
SHA1

606268b3114bed5f11dfad5608a3a8fd03c89bb0
SHA256

a491ba78d147e29e73d0602a76edf622224932b3c16877f7afb8702c1a4db5b9
SHA512

c12d34cbe60871cafdd7eac898b4a823b3ed0559038962e38047a3ecf2b55b5e1f595686eac3de8971492630e1a9e4d90b3142e83922ef0026b6fb1735772e92
SSDEEP

786432:rzTcdd8Z1G1ncAMuhka1s/g/rSJfG7hTi:zcddAqSmkD/E7hTi

Score

8^/10

Malware Config

Targets

- Target
  
  0839d451cd7314446fcb906f13e2ca5d_JaffaCakes118
- Size
  
  24.1MB
- MD5
  
  0839d451cd7314446fcb906f13e2ca5d
- SHA1
  
  606268b3114bed5f11dfad5608a3a8fd03c89bb0
- SHA256
  
  a491ba78d147e29e73d0602a76edf622224932b3c16877f7afb8702c1a4db5b9
- SHA512
  
  c12d34cbe60871cafdd7eac898b4a823b3ed0559038962e38047a3ecf2b55b5e1f595686eac3de8971492630e1a9e4d90b3142e83922ef0026b6fb1735772e92
- SSDEEP
  
  786432:rzTcdd8Z1G1ncAMuhka1s/g/rSJfG7hTi:zcddAqSmkD/E7hTi
Score

8^/10

banker collection discovery evasion impact persistence
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Requests cell location
  Uses Android APIs to to get current cell location.
  collection discovery
- Checks CPU information
  Checks CPU information which indicate if the system is an emulator.
  evasion discovery
- Checks memory information
  Checks memory information which indicate if the system is an emulator.
  evasion discovery
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Queries information about running processes on the device
  Application may abuse the framework's APIs to collect information about running processes on the device.
  discovery
- Queries information about the current Wi-Fi connection
  Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
  discovery
- Queries information about the current nearby Wi-Fi networks
  Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
  discovery
- Queries the mobile country code (MCC)
  discovery
- Registers a broadcast receiver at runtime (usually for listening for system events)
  persistence
- Checks if the internet connection is available
  discovery
- Reads information about phone network operator.
  discovery
behavioral1
- Target
  
  dynamic1110.jar
- Size
  
  104KB
- MD5
  
  107eabce49ca6d6271d3607ee05d89eb
- SHA1
  
  ed852fdc035601fc3ac3a137d3b84d27b56d4b16
- SHA256
  
  5d11a5c137b06acf8dbb77518019d3fe8158adfb9eef9b3667b76af9a1626c17
- SHA512
  
  87299be749ea4cd6fd02fc80d533a9114e3cf4a6c21d8e022100fdf134e71b60dc169829b1658fbdb6167e71877808dd7adc471a92f16d1bcdb80e09082fd29c
- SSDEEP
  
  3072:tDHHFvptvQG2hS2wiGNssr5Gt3Jm8nPmM:9HHr9Q9CN/9X8OM
Score

1^/10
behavioral2 behavioral3 behavioral4
- Target
  
  gdtadv2.jar
- Size
  
  73KB
- MD5
  
  07843c6d5969b685d39a7dadf635237e
- SHA1
  
  3070199d4c497ad96e7f0d2beaa5ab9d8772234c
- SHA256
  
  e344405b31ad9a52e9bcea6bc6ad7d0858ba4008102283adb1c72d86443ac796
- SHA512
  
  b4e3e245641ce61757d5cfb74f6b39ec7ba4a2aeb0818a589af852e99a2669f849d334b1c57e4edb1c50ba5f3ecdf928650007d206c34f83e9eb8682d7455c8f
- SSDEEP
  
  1536:YrNP+qzuTVQX1K9MR4/u6g591bFcEQIkkRM5E7Pe6NEkEC:8xzvK9M8g591bFcEbDume6NEK
Score

1^/10
behavioral5 behavioral6 behavioral7