Overview

overview

8

Static

static

6

2eead97aac...18.apk

android-9-x86

8

2eead97aac...18.apk

android-10-x64

8

2eead97aac...18.apk

android-11-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    2eead97aac36b390bc83715d7f68200a_JaffaCakes118

  • Size

    602KB

  • Sample

    240510-nqyvgaca6s

  • MD5

    2eead97aac36b390bc83715d7f68200a

  • SHA1

    5505f3396d3b443a426ce4e85f67fb742d4b76ea

  • SHA256

    643f95a8a9c9653e3ef58ebd331e3e7d1ef711440e21a507624d7f9a2891f0bd

  • SHA512

    da6e53caebb24fa7aeb2b0bc29c1b6e5303079eff7abc77fff8fb1f2c3b79a4a0b8b974eed472cdef0be514c7b6408715e2019f1321e01729a4b16551790d111

  • SSDEEP

    12288:EEaFZvkGGNUuWW1NVwCKn6GAx1d9H1BY+0aTBpqSol2KpElpX79b:EEaFmFN9v46flH72wOSoMKA9b

Score
8/10
androidbankercollectioncredential_accessdiscoveryevasionimpactpersistencestealthtrojan

Malware Config

Targets

    • Target

      2eead97aac36b390bc83715d7f68200a_JaffaCakes118

    • Size

      602KB

    • MD5

      2eead97aac36b390bc83715d7f68200a

    • SHA1

      5505f3396d3b443a426ce4e85f67fb742d4b76ea

    • SHA256

      643f95a8a9c9653e3ef58ebd331e3e7d1ef711440e21a507624d7f9a2891f0bd

    • SHA512

      da6e53caebb24fa7aeb2b0bc29c1b6e5303079eff7abc77fff8fb1f2c3b79a4a0b8b974eed472cdef0be514c7b6408715e2019f1321e01729a4b16551790d111

    • SSDEEP

      12288:EEaFZvkGGNUuWW1NVwCKn6GAx1d9H1BY+0aTBpqSol2KpElpX79b:EEaFmFN9v46flH72wOSoMKA9b

    Score
    8/10
    bankerdiscoveryevasionimpactpersistencestealthtrojancollectioncredential_access

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Removes its main activity from the application launcher

      stealthtrojanevasion

    • Checks Android system properties for emulator presence.

      evasion

    • Checks CPU information

      Checks CPU information which indicate if the system is an emulator.

      evasiondiscovery

    • Checks memory information

      Checks memory information which indicate if the system is an emulator.

      evasiondiscovery

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Obtains sensitive information copied to the device clipboard

      Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

      collectioncredential_accessimpact

    • Queries the mobile country code (MCC)

      discovery

    • Registers a broadcast receiver at runtime (usually for listening for system events)

      persistence

    • Checks if the internet connection is available

      discovery

    • Queries the unique device ID (IMEI, MEID, IMSI)

      discovery
    behavioral1behavioral2behavioral3

MITRE ATT&CK Mobile v15

Tasks