Overview

overview

10

Static

static

6

3662913672...18.apk

android-9-x86

10

3662913672...18.apk

android-11-x64

10

gdtadv2.apk

android-9-x86

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3662913672c2b5e501b86d1bbc7f6028_JaffaCakes118

  • Size

    13.3MB

  • Sample

    240511-y52j1sad82

  • MD5

    3662913672c2b5e501b86d1bbc7f6028

  • SHA1

    2feabb7bf80c75cbe2aa56e6b77a05aa933f3894

  • SHA256

    dbfabe072e114c73840073fdf5bb2b4ffd53cf683ac196dbad81897a7db7ddb4

  • SHA512

    65b75a8f5f957014e7af68ee2659f6f22244fb8e4c354431165e8d4c154a934b1d963fb5bfb04c7e867eb76551331cfb4b08231c97f3aa826f1b7251d8aca52f

  • SSDEEP

    393216:0U8U7//3Crbxk3Av7f8eCSPeEepc/W4bxGM:0N2ibxkwjf8eCSPeEepKbsM

Score
10/10
jokerandroidbankercollectioncredential_accessdiscoveryevasionexecutionimpactinfostealerpersistencetrojan

Malware Config

Targets

    • Target

      3662913672c2b5e501b86d1bbc7f6028_JaffaCakes118

    • Size

      13.3MB

    • MD5

      3662913672c2b5e501b86d1bbc7f6028

    • SHA1

      2feabb7bf80c75cbe2aa56e6b77a05aa933f3894

    • SHA256

      dbfabe072e114c73840073fdf5bb2b4ffd53cf683ac196dbad81897a7db7ddb4

    • SHA512

      65b75a8f5f957014e7af68ee2659f6f22244fb8e4c354431165e8d4c154a934b1d963fb5bfb04c7e867eb76551331cfb4b08231c97f3aa826f1b7251d8aca52f

    • SSDEEP

      393216:0U8U7//3Crbxk3Av7f8eCSPeEepc/W4bxGM:0N2ibxkwjf8eCSPeEepKbsM

    Score
    10/10
    jokerbankerdiscoveryevasionimpactinfostealerpersistencetrojancollectioncredential_accessexecution

    • joker

      Joker is an Android malware that targets billing and SMS fraud.

      infostealertrojanjoker

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Requests cell location

      Uses Android APIs to to get current cell location.

      collectiondiscoveryevasion

    • Checks CPU information

      Checks CPU information which indicate if the system is an emulator.

      evasiondiscovery

    • Checks memory information

      Checks memory information which indicate if the system is an emulator.

      evasiondiscovery

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

      evasionpersistence

    • Obtains sensitive information copied to the device clipboard

      Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

      collectioncredential_accessimpact

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

      discovery

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

      discovery

    • Queries information about the current nearby Wi-Fi networks

      Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

      discovery

    • Queries the mobile country code (MCC)

      discovery

    • Registers a broadcast receiver at runtime (usually for listening for system events)

      persistence

    • Checks if the internet connection is available

      discovery

    • Schedules tasks to execute at a specified time

      Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

      executionpersistence

    • Listens for changes in the sensor environment (might be used to detect emulation)

      evasion
    behavioral1behavioral2

    • Target

      gdtadv2.jar

    • Size

      468KB

    • MD5

      6bfe094580c89ba696ef8772de47a552

    • SHA1

      210bc4afce84b6e6bb36f97f68f9d3d9d3432643

    • SHA256

      a884e386bf4ec066c9a82518c354be513182add87107552b1f4cf33dc80bddd4

    • SHA512

      7ae8c9210957f06eb177fa0472ac1fcf80f0e6b1f308ec1906fe059c38623e404b37c34d9e8702cab66efc7ebfdc5400f1506db89b75a5fd1dd915ec2c2086a5

    • SSDEEP

      6144:Nz015KiQP/B4tKQ3OTNgdJHqn+9ZMsH5EK9JKp0KMNd4IoCJlv0gxWky9+T2k57:N/Z/B/NgdliEZMs9JhZ4kykTlJ

    Score
    1/10
    behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

1
T1603

Persistence

Event Triggered Execution

1
T1624

Broadcast Receivers

1
T1624.001

Foreground Persistence

1
T1541

Scheduled Task/Job

1
T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

1
T1407

Execution Guardrails

1
T1627

Geofencing

1
T1627.001

Foreground Persistence

1
T1541

Hide Artifacts

1
T1628

User Evasion

1
T1628.002

Virtualization/Sandbox Evasion

2
T1633

System Checks

2
T1633.001

Credential Access

Clipboard Data

1
T1414

Discovery

Location Tracking

1
T1430

Process Discovery

1
T1424

Software Discovery

1
T1418

Security Software Discovery

1
T1418.001

System Information Discovery

2
T1426

System Network Configuration Discovery

1
T1422

System Network Connections Discovery

3
T1421

Lateral Movement

Collection

Clipboard Data

1
T1414

Location Tracking

1
T1430

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

1
T1471

Data Manipulation

1
T1641

Transmitted Data Manipulation

1
T1641.001

Tasks