Overview

overview

8

Static

static

6

2ecbd122a7...18.apk

android-9-x86

7

2ecbd122a7...18.apk

android-11-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    2ecbd122a76d393b7f6daacb4905b10f_JaffaCakes118

  • Size

    30.2MB

  • Sample

    240510-m6qy5aeb24

  • MD5

    2ecbd122a76d393b7f6daacb4905b10f

  • SHA1

    e9fa6e925bb22933d6eb807f4c3a11bcfa4ac623

  • SHA256

    6c5058f7dea7f45cf8dd0c13174116a3206d09171cd9f9b4ade23e779cd4af60

  • SHA512

    5e7303492adfa0ef314cfafaacf513a28f878e86b7120be2b7477644f9ac5e4c7a10bff9b875698597bb1e537827db85f264f1ebac7257e56e7f312fe126d2f4

  • SSDEEP

    786432:gZQPgnFvCFr2fAM+KJ1d6h+0O0CylF+Vu:FP4FvjArKJI+0OyP+Vu

Score
8/10
androidcollectiondiscoveryevasionimpactpersistence

Malware Config

Targets

    • Target

      2ecbd122a76d393b7f6daacb4905b10f_JaffaCakes118

    • Size

      30.2MB

    • MD5

      2ecbd122a76d393b7f6daacb4905b10f

    • SHA1

      e9fa6e925bb22933d6eb807f4c3a11bcfa4ac623

    • SHA256

      6c5058f7dea7f45cf8dd0c13174116a3206d09171cd9f9b4ade23e779cd4af60

    • SHA512

      5e7303492adfa0ef314cfafaacf513a28f878e86b7120be2b7477644f9ac5e4c7a10bff9b875698597bb1e537827db85f264f1ebac7257e56e7f312fe126d2f4

    • SSDEEP

      786432:gZQPgnFvCFr2fAM+KJ1d6h+0O0CylF+Vu:FP4FvjArKJI+0OyP+Vu

    Score
    8/10
    discoveryevasionimpactpersistencecollection

    • Requests cell location

      Uses Android APIs to to get current cell location.

      collectiondiscoveryevasion

    • Checks CPU information

      Checks CPU information which indicate if the system is an emulator.

      evasiondiscovery

    • Checks known Qemu files.

      Checks for known Qemu files that exist on Android virtual device images.

      evasion

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

      discovery

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

      discovery

    • Registers a broadcast receiver at runtime (usually for listening for system events)

      persistence

    • Checks if the internet connection is available

      discovery

    • Reads information about phone network operator.

      discovery

    • Listens for changes in the sensor environment (might be used to detect emulation)

      evasion
    behavioral1behavioral2

MITRE ATT&CK Mobile v15

Tasks