Overview

overview

8

Static

static

8

22682f1a7d...18.apk

android-9-x86

8

22682f1a7d...18.apk

android-11-x64

8

amap_resou..._0.apk

android-9-x86

amap_resou..._0.apk

android-10-x64

amap_resou..._0.apk

android-11-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    22682f1a7d164f88df3ba7c891426639_JaffaCakes118

  • Size

    24.6MB

  • Sample

    240508-atpjbagh3v

  • MD5

    22682f1a7d164f88df3ba7c891426639

  • SHA1

    d348cd0ae91c1fcab36a02c4998c56f1c1900aed

  • SHA256

    a26d6464a303e555f0fbf09ba2c1328c2acdb8381da510ee6a16a3829430a01b

  • SHA512

    33c4f197319eefe208f30b590596480ba6d7d225d157f6ead663173ce72f4abfcbdcf3326edef3c809731df0cdff73bae353a6a0ecde26f8ac2e86349bd2536f

  • SSDEEP

    393216:DKmqaLwqQ8hAesHepT0S+MQe/zlZaCMQe/zlZ/edGBs0VTtusF52Hw0ZzCJfvm1N:DOakqBxT0EQKQBQKJJ1UsQZz2vsN

Score
8/10
androidcollectiondiscoveryevasionimpactpersistenceupx

Malware Config

Targets

    • Target

      22682f1a7d164f88df3ba7c891426639_JaffaCakes118

    • Size

      24.6MB

    • MD5

      22682f1a7d164f88df3ba7c891426639

    • SHA1

      d348cd0ae91c1fcab36a02c4998c56f1c1900aed

    • SHA256

      a26d6464a303e555f0fbf09ba2c1328c2acdb8381da510ee6a16a3829430a01b

    • SHA512

      33c4f197319eefe208f30b590596480ba6d7d225d157f6ead663173ce72f4abfcbdcf3326edef3c809731df0cdff73bae353a6a0ecde26f8ac2e86349bd2536f

    • SSDEEP

      393216:DKmqaLwqQ8hAesHepT0S+MQe/zlZaCMQe/zlZ/edGBs0VTtusF52Hw0ZzCJfvm1N:DOakqBxT0EQKQBQKJJ1UsQZz2vsN

    Score
    8/10
    collectiondiscoveryevasionimpactpersistence

    • Requests cell location

      Uses Android APIs to to get current cell location.

      collectiondiscoveryevasion

    • Checks CPU information

      Checks CPU information which indicate if the system is an emulator.

      evasiondiscovery

    • Checks memory information

      Checks memory information which indicate if the system is an emulator.

      evasiondiscovery

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

      discovery

    • Queries information about the current nearby Wi-Fi networks

      Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

      discovery

    • Registers a broadcast receiver at runtime (usually for listening for system events)

      persistence

    • Checks if the internet connection is available

      discovery

    • Queries the unique device ID (IMEI, MEID, IMSI)

      discovery

    • Reads information about phone network operator.

      discovery
    behavioral1behavioral2

    • Target

      amap_resource1_0_0.png

    • Size

      25KB

    • MD5

      fe29e9e7455620cbe8fc94127695c40a

    • SHA1

      9726c6e02f83f4ff734f00a27e5904cfbccea088

    • SHA256

      db1d5b89899d7e3bd5a59ac1f08a865d98d95483d4bfa756818fd57a1d3678d9

    • SHA512

      0fcc444faf8d1751df717022edcbd580ee42ab8710902e4e52271bee03c7f5081d2b81f97fbdbb6cb50ac5b6ef55e70c660974d8172e09e46ef6f3e822eb7659

    • SSDEEP

      384:R2x7OeIWgvox8ESREGIEhV6p1gjIJE+roCaj12MVWMZDO6ARiSX7:RqIWgvztCG9hV6p1agMZq6Aow

    Score
    1/10
    behavioral3behavioral4behavioral5

MITRE ATT&CK Mobile v15

Tasks