irata | a1b32d693eab551b8730df3bec7a5945a0d712aa763f48cf1d91e37a1cb04a8a | Triage

Sharing

General

Target

233d8ce3b428e10533fe3cca20c2e2e9_JaffaCakes118
Size

11.6MB
Sample

240508-fa2bnadh49
MD5

233d8ce3b428e10533fe3cca20c2e2e9
SHA1

4832af3ffdefb3280f4ce08dd45987158d34f632
SHA256

a1b32d693eab551b8730df3bec7a5945a0d712aa763f48cf1d91e37a1cb04a8a
SHA512

b2e59cf99917b9c83b1ca462a3918e3dff3f4d6e6ace6f1db57a7543071fdbe257a4501cda43780fee2e6f105ba089d2c0e505074b4a6b869bae0512a9558fa7
SSDEEP

196608:BpMWl1ciMlALKwfuBjvHVoG5++rGDJrDMAXUT7YFlqwWYnzjaXCKe1QzGRJLC7nc:1l1cHlAbfQjv1fg3ZUT7YDJWXCKrzG7h

Score

10^/10

irata android banker collection discovery evasion execution persistence

Malware Config

Targets

- Target
  
  233d8ce3b428e10533fe3cca20c2e2e9_JaffaCakes118
- Size
  
  11.6MB
- MD5
  
  233d8ce3b428e10533fe3cca20c2e2e9
- SHA1
  
  4832af3ffdefb3280f4ce08dd45987158d34f632
- SHA256
  
  a1b32d693eab551b8730df3bec7a5945a0d712aa763f48cf1d91e37a1cb04a8a
- SHA512
  
  b2e59cf99917b9c83b1ca462a3918e3dff3f4d6e6ace6f1db57a7543071fdbe257a4501cda43780fee2e6f105ba089d2c0e505074b4a6b869bae0512a9558fa7
- SSDEEP
  
  196608:BpMWl1ciMlALKwfuBjvHVoG5++rGDJrDMAXUT7YFlqwWYnzjaXCKe1QzGRJLC7nc:1l1cHlAbfQjv1fg3ZUT7YDJWXCKrzG7h
Score

8^/10

banker collection discovery evasion execution persistence
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Requests cell location
  Uses Android APIs to to get current cell location.
  collection discovery evasion
- Registers a broadcast receiver at runtime (usually for listening for system events)
  persistence
- Acquires the wake lock
- Checks if the internet connection is available
  discovery
- Reads information about phone network operator.
  discovery
- Schedules tasks to execute at a specified time
  Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
  execution persistence
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

Persistence

Event Triggered Execution

Broadcast Receivers

Scheduled Task/Job

Privilege Escalation

Defense Evasion

Execution Guardrails

Geofencing

Credential Access

Discovery

Location Tracking

Software Discovery

Security Software Discovery

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Location Tracking

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bankercollectiondiscoveryevasionexecutionpersistence

behavioral2

bankercollectiondiscoveryevasionexecutionpersistence

behavioral3

bankercollectiondiscoveryevasionexecutionpersistence