Overview

overview

8

Static

static

6

0cf376a4f4...18.apk

android-9-x86

1

0cf376a4f4...18.apk

android-10-x64

1

0cf376a4f4...18.apk

android-11-x64

1

MoXiuLaunc...ne.apk

android-9-x86

8

MoXiuLaunc...ne.apk

android-10-x64

8

MoXiuLaunc...ne.apk

android-11-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0cf376a4f4279b5109f2f78d96ae48f7_JaffaCakes118

  • Size

    5.9MB

  • Sample

    240502-akjlpsbc7w

  • MD5

    0cf376a4f4279b5109f2f78d96ae48f7

  • SHA1

    934d1f4682fd7b171acc8ba00e954f76cc7d9e67

  • SHA256

    5758cc443791abe6ad93d0b466cf5155ed947f54e5b2ff747a94a7a95032381d

  • SHA512

    9c4765cef1bf856aa31f52fac38e9fa83973966203be6824c12eaab85868015fc2f51f87e55f83e4644dc50a1665c151d740df22b489b4cb3adb91c536e712b2

  • SSDEEP

    98304:UNosouzNZ1jLYnW3i7fW8VjXvEum7199wC84gj07Nk55yg3EtKmHGafX6nYRb4y:ijAJvJm7199wCxgsN0vEtGafqEd

Score
8/10
androidbankerdiscoverypersistenceransomware

Malware Config

Targets

    • Target

      0cf376a4f4279b5109f2f78d96ae48f7_JaffaCakes118

    • Size

      5.9MB

    • MD5

      0cf376a4f4279b5109f2f78d96ae48f7

    • SHA1

      934d1f4682fd7b171acc8ba00e954f76cc7d9e67

    • SHA256

      5758cc443791abe6ad93d0b466cf5155ed947f54e5b2ff747a94a7a95032381d

    • SHA512

      9c4765cef1bf856aa31f52fac38e9fa83973966203be6824c12eaab85868015fc2f51f87e55f83e4644dc50a1665c151d740df22b489b4cb3adb91c536e712b2

    • SSDEEP

      98304:UNosouzNZ1jLYnW3i7fW8VjXvEum7199wC84gj07Nk55yg3EtKmHGafX6nYRb4y:ijAJvJm7199wCxgsN0vEtGafqEd

    Score
    1/10
    behavioral1behavioral2behavioral3

    • Target

      MoXiuLauncher_alone.apk

    • Size

      5.1MB

    • MD5

      fc0b35ac9f52a680ae190c34fb5d0535

    • SHA1

      47070f7b7706a4a6d74fa9663f63f6290410730c

    • SHA256

      c187625ced04eedd4bf3708e289af4c7ad62a6bbda7095eb8272cc79fec585ca

    • SHA512

      7cc201a03cadf057e621e83cf0c0e5ad3cc6d53384c46ff890ad62fa24d987e7fe4941e5e515b838defafe32bab4c768824678dec57596472bdc719502f56172

    • SSDEEP

      98304:oNZ1jLYnW3i7fW8VjXvEum7199wC84gj07Nk55yg3EtKmHGafX6I:mjAJvJm7199wCxgsN0vEtGafqI

    Score
    8/10
    bankerdiscoverypersistenceransomware

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Registers a broadcast receiver at runtime (usually for listening for system events)

      persistence

    • Checks if the internet connection is available

      discovery

    • Queries the unique device ID (IMEI, MEID, IMSI)

      discovery

    • Changes the wallpaper (common with ransomware activity)

      ransomware
    behavioral4behavioral5behavioral6

MITRE ATT&CK Mobile v15

Tasks