fb96a98c14c077156a74aadceabc2e518f6c167eafbb9d4c1cfca5e6431a3917

General

Target

33bdfe5081119b8113f1101fdc7234f1_JaffaCakes118
Size

19.5MB
Sample

240511-knz3zacd82
MD5

33bdfe5081119b8113f1101fdc7234f1
SHA1

897105643a9557d9dbfd3eb931241f9aa924001f
SHA256

fb96a98c14c077156a74aadceabc2e518f6c167eafbb9d4c1cfca5e6431a3917
SHA512

d02f982edaa79385f59ddde2b54289699178488752e87d0142798f1454a770a5eadfc8f0f71dee9c966959379ea24f5388c19bb016ac0db42cfdd4e24a50c02f
SSDEEP

393216:NCsk790J+R5WI44C/gY9WAtKGedBv0uvKTXRI5nOz6Vo:NCsk1SPMYf8GoN0um8W6Vo

Score

8^/10

Malware Config

Targets

- Target
  
  33bdfe5081119b8113f1101fdc7234f1_JaffaCakes118
- Size
  
  19.5MB
- MD5
  
  33bdfe5081119b8113f1101fdc7234f1
- SHA1
  
  897105643a9557d9dbfd3eb931241f9aa924001f
- SHA256
  
  fb96a98c14c077156a74aadceabc2e518f6c167eafbb9d4c1cfca5e6431a3917
- SHA512
  
  d02f982edaa79385f59ddde2b54289699178488752e87d0142798f1454a770a5eadfc8f0f71dee9c966959379ea24f5388c19bb016ac0db42cfdd4e24a50c02f
- SSDEEP
  
  393216:NCsk790J+R5WI44C/gY9WAtKGedBv0uvKTXRI5nOz6Vo:NCsk1SPMYf8GoN0um8W6Vo
Score

8^/10

banker collection discovery evasion execution persistence
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Requests cell location
  Uses Android APIs to to get current cell information.
  collection discovery
- Requests cell location
  Uses Android APIs to to get current cell location.
  collection discovery evasion
- Checks memory information
  Checks memory information which indicate if the system is an emulator.
  evasion discovery
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Queries information about the current nearby Wi-Fi networks
  Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
  discovery
- Registers a broadcast receiver at runtime (usually for listening for system events)
  persistence
- Acquires the wake lock
- Checks if the internet connection is available
  discovery
- Reads information about phone network operator.
  discovery
- Schedules tasks to execute at a specified time
  Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
  execution persistence
- Checks the presence of a debugger
  evasion
behavioral1 behavioral2
- Target
  
  sony3
- Size
  
  6.8MB
- MD5
  
  9587cfba1adc9c42bbeeac6ec60ce23a
- SHA1
  
  e1a5a3d8377b78e8afb67f87fc9c4696c928fccc
- SHA256
  
  0d236b95446c1dcc52359e9121f5ef79133ca1552edb3d4bc0230867b5c6efe0
- SHA512
  
  cf94ae910ffc4a8acd1feeeb0479e53d64c6651eec8f8e1969e084530d18ce284f946b57a4438b61bed81e9ec804206fa63e37c0051eb0952b2fe2f3923b183d
- SSDEEP
  
  196608:zK6ASF5LzDf3anTfC4FFPxhdCJ7tCHfWS:GdS7nDP9iCYX
Score

8^/10

banker collection discovery evasion execution persistence
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Requests cell location
  Uses Android APIs to to get current cell location.
  collection discovery evasion
- Checks CPU information
  Checks CPU information which indicate if the system is an emulator.
  evasion discovery
- Queries information about the current nearby Wi-Fi networks
  Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
  discovery
- Registers a broadcast receiver at runtime (usually for listening for system events)
  persistence
- Acquires the wake lock
- Checks if the internet connection is available
  discovery
- Reads information about phone network operator.
  discovery
- Schedules tasks to execute at a specified time
  Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
  execution persistence
behavioral3 behavioral4

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Targets

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Requests cell location

Requests cell location

Checks memory information

Loads dropped Dex/Jar

Queries information about the current nearby Wi-Fi networks

Registers a broadcast receiver at runtime (usually for listening for system events)

Acquires the wake lock

Checks if the internet connection is available

Reads information about phone network operator.

Schedules tasks to execute at a specified time

Checks the presence of a debugger

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Requests cell location

Checks CPU information

Queries information about the current nearby Wi-Fi networks

Registers a broadcast receiver at runtime (usually for listening for system events)

Acquires the wake lock

Checks if the internet connection is available

Reads information about phone network operator.

Schedules tasks to execute at a specified time

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4