db8fcd239c68071e3107b7e6bef0bad9dda396642de34b3b5c861cefd5854c9b

General

Target

2d39867ac2c65ba6453321f1a173d310_JaffaCakes118
Size

12.4MB
Sample

240510-ej95gsch78
MD5

2d39867ac2c65ba6453321f1a173d310
SHA1

e1d1ced4a50eb8bbff31f0ca4a44c55fa83ddb61
SHA256

db8fcd239c68071e3107b7e6bef0bad9dda396642de34b3b5c861cefd5854c9b
SHA512

f56abe44599fa25f5c3353229ca35d99629470a9cfe66d552c9d99a922ec31818c4b35b0e475e9681a2c5bfb0e979024782033a2c7990cafffcd6274ca9a850e
SSDEEP

196608:KqO+21WlBPlMbl9wWWjE6w8EwgfF+B/v75J7b284uLBCQLD42K7j6:m+ZlVlMR9bWXSlQB/vthbTXR/9y6

Score

8^/10

Malware Config

Targets

- Target
  
  2d39867ac2c65ba6453321f1a173d310_JaffaCakes118
- Size
  
  12.4MB
- MD5
  
  2d39867ac2c65ba6453321f1a173d310
- SHA1
  
  e1d1ced4a50eb8bbff31f0ca4a44c55fa83ddb61
- SHA256
  
  db8fcd239c68071e3107b7e6bef0bad9dda396642de34b3b5c861cefd5854c9b
- SHA512
  
  f56abe44599fa25f5c3353229ca35d99629470a9cfe66d552c9d99a922ec31818c4b35b0e475e9681a2c5bfb0e979024782033a2c7990cafffcd6274ca9a850e
- SSDEEP
  
  196608:KqO+21WlBPlMbl9wWWjE6w8EwgfF+B/v75J7b284uLBCQLD42K7j6:m+ZlVlMR9bWXSlQB/vthbTXR/9y6
Score

8^/10

banker discovery evasion impact persistence ransomware collection credential_access
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Requests cell location
  Uses Android APIs to to get current cell location.
  collection discovery evasion
- Checks CPU information
  Checks CPU information which indicate if the system is an emulator.
  evasion discovery
- Checks memory information
  Checks memory information which indicate if the system is an emulator.
  evasion discovery
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Obtains sensitive information copied to the device clipboard
  Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
  collection credential_access impact
- Queries information about running processes on the device
  Application may abuse the framework's APIs to collect information about running processes on the device.
  discovery
- Queries information about the current Wi-Fi connection
  Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
  discovery
- Queries information about the current nearby Wi-Fi networks
  Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
  discovery
- Queries the mobile country code (MCC)
  discovery
- Queries the phone number (MSISDN for GSM devices)
  discovery
- Registers a broadcast receiver at runtime (usually for listening for system events)
  persistence
- Checks if the internet connection is available
  discovery
- Reads information about phone network operator.
  discovery
- Changes the wallpaper (common with ransomware activity)
  ransomware
behavioral1 behavioral2
- Target
  
  plugin-deploy.jar
- Size
  
  180KB
- MD5
  
  73221f224e5d32e4f130dbe57ad395c0
- SHA1
  
  1a8f63b73dede50dd56f469d0ee9bffa84eb9d63
- SHA256
  
  8911616ac34f9c9508d25ad55183ab06dd05f1f80793d70fdf225cd56bf4ad55
- SHA512
  
  58a1203866c0c376cfedfb493c21b8733f4796f6743414b810a63aa144b1af0acd9797d132684b8f255b9ebd76ba5405d0b5518c0c353c4a9b8839939a9c5c8a
- SSDEEP
  
  3072:0axy6J5ZYUPRhL1ovWC/N7id4ZjkiKScsrqvqvdutOBkSZkujrFxqnAvGGNh:lg6+Q/L1ovrbjkZScsZvdHBhZjZExqh
Score

1^/10
behavioral3 behavioral4 behavioral5