a012d6597b9d5aecbfdb6f9f703af68f5bd10dc2e124c703c1aef30782097398

Sharing

Copy URL

Twitter E-mail

General

Target

08ef503db8c99962453679dd99eb0062_JaffaCakes118
Size

19.4MB
Sample

240430-d5zp7sbh7v
MD5

08ef503db8c99962453679dd99eb0062
SHA1

87adb3f5e47337ebcff97b8a932a33031c3e96da
SHA256

a012d6597b9d5aecbfdb6f9f703af68f5bd10dc2e124c703c1aef30782097398
SHA512

0671dce241601fc9841e8d0973b0c41378316dc20b98ab91683ac61392d461929dbf1b592909313ac025b309ca759096da1ba93a4448137077395aac9f56a322
SSDEEP

393216:4GDLY0FG79Zu+r4uv6McMG+QS/wGf81WILDIkfE3MWVak/XqNqF0x:bLXFG7H7vaMn+3PIkfYZak/XqNqF0x

Score

8^/10

Malware Config

Targets

- Target
  
  08ef503db8c99962453679dd99eb0062_JaffaCakes118
- Size
  
  19.4MB
- MD5
  
  08ef503db8c99962453679dd99eb0062
- SHA1
  
  87adb3f5e47337ebcff97b8a932a33031c3e96da
- SHA256
  
  a012d6597b9d5aecbfdb6f9f703af68f5bd10dc2e124c703c1aef30782097398
- SHA512
  
  0671dce241601fc9841e8d0973b0c41378316dc20b98ab91683ac61392d461929dbf1b592909313ac025b309ca759096da1ba93a4448137077395aac9f56a322
- SSDEEP
  
  393216:4GDLY0FG79Zu+r4uv6McMG+QS/wGf81WILDIkfE3MWVak/XqNqF0x:bLXFG7H7vaMn+3PIkfYZak/XqNqF0x
Score

8^/10

banker discovery evasion impact persistence
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Checks CPU information
  Checks CPU information which indicate if the system is an emulator.
  evasion discovery
- Checks memory information
  Checks memory information which indicate if the system is an emulator.
  evasion discovery
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Queries information about running processes on the device
  Application may abuse the framework's APIs to collect information about running processes on the device.
  discovery
- Queries information about the current Wi-Fi connection
  Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
  discovery
- Registers a broadcast receiver at runtime (usually for listening for system events)
  persistence
- Checks if the internet connection is available
  discovery
- Queries the unique device ID (IMEI, MEID, IMSI)
  discovery
- Reads information about phone network operator.
  discovery
behavioral1 behavioral2
- Target
  
  deploy_plugin.jetaa
- Size
  
  83KB
- MD5
  
  2355e51ddc3f8f8eb2331f58c833d8b7
- SHA1
  
  732acb77a14559a0b5c14cbf19046292f12ee2b1
- SHA256
  
  f5b35fb0766f670032198287829d9b1a8b4914492a53567284b5dbab07e9ea33
- SHA512
  
  1c5d91d4b4d38d9e96a2ea1bd335aa1ac36e9a61e831c5472970c04ce66814ef15571ac995f5bc02a63a604a41f85c238e9c56eb3f06e442cf1f548308b06fe3
- SSDEEP
  
  1536:K3OpzhhPYshL6sluwoLmETj6tBxmsl2KTgp4s6UFEuwkK4ZgL6nK1zeZ:qmzz36coL5vGzmM2HGa6m5K1iZ
Score

1^/10
behavioral3 behavioral4 behavioral5
- Target
  
  sohu_spec.png
- Size
  
  1KB
- MD5
  
  95b556d27272769e1fed513dfb27f181
- SHA1
  
  d9c4c138acdc7f9c41f51604b4e44c5a48bd68f8
- SHA256
  
  ac7e3b8dfdfc35ddd03e44964abffff860115fc962fbb21e6c862d59d5bda837
- SHA512
  
  ac1967d6b38c5e6285ef2edc52af8361f9ada50311ec4cbe1ff86a047c3ab1a91be7e179adbc9bade3b6dcc457a812996e083b85a1a0c9d705468c9ce47a9a2d
Score

1^/10
behavioral6 behavioral7 behavioral8