3decc1cfd1666c9c1413163be9634b9bb6471bd4ca4e392e3e90a856a5ef2421

General

Target

0b06ed23abb2ca35d1b0f10c0160165a_JaffaCakes118
Size

28.4MB
Sample

240501-efty4afb5z
MD5

0b06ed23abb2ca35d1b0f10c0160165a
SHA1

462b5dd56db3f7e10a5577109d0d5b51ad56c21f
SHA256

3decc1cfd1666c9c1413163be9634b9bb6471bd4ca4e392e3e90a856a5ef2421
SHA512

9bc345f592b0976212fcbce6aabd45a0c876a5e0634b9124387fe5ba5c107176db9782e06cfa5979c3b99f8ad3fa47b7ff112372162cac6ecd4fbae639bf0335
SSDEEP

786432:YSwCxOU2o3HVql4djMKdfmxY2G9hlErJrtO1qWTahp/Go:YSwdUhMW6KdfmyfWrJpO1qLhco

Score

8^/10

Malware Config

Targets

- Target
  
  0b06ed23abb2ca35d1b0f10c0160165a_JaffaCakes118
- Size
  
  28.4MB
- MD5
  
  0b06ed23abb2ca35d1b0f10c0160165a
- SHA1
  
  462b5dd56db3f7e10a5577109d0d5b51ad56c21f
- SHA256
  
  3decc1cfd1666c9c1413163be9634b9bb6471bd4ca4e392e3e90a856a5ef2421
- SHA512
  
  9bc345f592b0976212fcbce6aabd45a0c876a5e0634b9124387fe5ba5c107176db9782e06cfa5979c3b99f8ad3fa47b7ff112372162cac6ecd4fbae639bf0335
- SSDEEP
  
  786432:YSwCxOU2o3HVql4djMKdfmxY2G9hlErJrtO1qWTahp/Go:YSwdUhMW6KdfmyfWrJpO1qLhco
Score

8^/10

banker collection discovery evasion impact persistence
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Requests cell location
  Uses Android APIs to to get current cell location.
  collection discovery
- Checks CPU information
  Checks CPU information which indicate if the system is an emulator.
  evasion discovery
- Checks memory information
  Checks memory information which indicate if the system is an emulator.
  evasion discovery
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Queries information about running processes on the device
  Application may abuse the framework's APIs to collect information about running processes on the device.
  discovery
- Queries information about the current Wi-Fi connection
  Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
  discovery
- Queries information about the current nearby Wi-Fi networks
  Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
  discovery
- Registers a broadcast receiver at runtime (usually for listening for system events)
  persistence
- Acquires the wake lock
- Checks if the internet connection is available
  discovery
- Reads information about phone network operator.
  discovery
- Listens for changes in the sensor environment (might be used to detect emulation)
  evasion
behavioral1