privateloader | 444759985eb10a2defcf276caf0516c1c36588ecf6b5cb83476062b2f0a84ff3 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

358f3acac285d20ace0608aed000fbcb_JaffaCakes118
Size

28.5MB
Sample

240511-t8hh4afh5w
MD5

358f3acac285d20ace0608aed000fbcb
SHA1

93274cfdc4c4bfdd859361d318db7c43a45f4b5d
SHA256

444759985eb10a2defcf276caf0516c1c36588ecf6b5cb83476062b2f0a84ff3
SHA512

5393a25acc6a2b40c15df6ce88b912b9e9de20d29e3f6fa77511c71044f095c5ec0fa248e6f1336e704dbb0e457d06fa5104661eda80664622391fe26597912d
SSDEEP

786432:SGfPqt9VLWasltY/y4YEl7J71GYWnFhvExcqjBMS:SGmylmJY47SYGMOqjh

Score

10^/10

privateloader android discovery evasion persistence

Malware Config

Targets

- Target
  
  358f3acac285d20ace0608aed000fbcb_JaffaCakes118
- Size
  
  28.5MB
- MD5
  
  358f3acac285d20ace0608aed000fbcb
- SHA1
  
  93274cfdc4c4bfdd859361d318db7c43a45f4b5d
- SHA256
  
  444759985eb10a2defcf276caf0516c1c36588ecf6b5cb83476062b2f0a84ff3
- SHA512
  
  5393a25acc6a2b40c15df6ce88b912b9e9de20d29e3f6fa77511c71044f095c5ec0fa248e6f1336e704dbb0e457d06fa5104661eda80664622391fe26597912d
- SSDEEP
  
  786432:SGfPqt9VLWasltY/y4YEl7J71GYWnFhvExcqjBMS:SGmylmJY47SYGMOqjh
Score

7^/10

discovery evasion persistence
- Checks memory information
  Checks memory information which indicate if the system is an emulator.
  evasion discovery
- Registers a broadcast receiver at runtime (usually for listening for system events)
  persistence
- Queries the unique device ID (IMEI, MEID, IMSI)
  discovery
behavioral1 behavioral2

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

System Checks

Credential Access

Discovery

System Information Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistence

behavioral2

discoverypersistence