ad6c78be833afa15ef6b4c2657e6af45e7d58e506586d28ce48924a0bc5c8ab8 | Triage

Submit
Reports

Overview

overview

8

Static

static

6

4c989daab8...18.apk

android-9-x86

8

4c989daab8...18.apk

android-10-x64

8

ONEKEY.apk

android-9-x86

7

ONEKEY.apk

android-10-x64

1

ONEKEY.apk

android-11-x64

7

Sharing

General

Target

4c989daab8a65354154c915e2751e094_JaffaCakes118
Size

5.8MB
Sample

240516-xqpq8sbe53
MD5

4c989daab8a65354154c915e2751e094
SHA1

c75f85bfbcf14297f82dd2e486febdbe2273f8cb
SHA256

ad6c78be833afa15ef6b4c2657e6af45e7d58e506586d28ce48924a0bc5c8ab8
SHA512

1f1179448bae4d3e562a1f897898220f2c141b1030cd76d9699ec206966fedcb2a0b129ad5d0b7b5e19721f671b1a3c42ab13f4f5e3585eaf1b713e3ff7e1e8a
SSDEEP

98304:w9MM4SiZSV3+NEZQfYWKbWbwPreXZVqv5GzH5dvOajpg2wG3kRqLDmxX9BBKCVTO:AMMSsVO/fYWsWUEZEBWlOcpuDRikNBoF

Score

8^/10

android banker discovery evasion impact persistence privilege_escalation

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

4c989daab8a65354154c915e2751e094_JaffaCakes118.apk

Resource

android-x86-arm-20240514-en

banker discovery evasion impact persistence

android-9-x86

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

4c989daab8a65354154c915e2751e094_JaffaCakes118.apk

Resource

android-x64-20240514-en

banker discovery evasion impact persistence

android-10-x64

9 signatures

150 seconds

Behavioral task

behavioral3

Sample

ONEKEY.apk

Resource

android-x86-arm-20240514-en

impact privilege_escalation

android-9-x86

1 signatures

150 seconds

Behavioral task

behavioral4

Sample

ONEKEY.apk

Resource

android-x64-20240514-en

android-10-x64

0 signatures

150 seconds

Behavioral task

behavioral5

Sample

ONEKEY.apk

Resource

android-x64-arm64-20240514-en

impact privilege_escalation

android-11-x64

1 signatures

150 seconds

Malware Config

Targets

- Target
  
  4c989daab8a65354154c915e2751e094_JaffaCakes118
- Size
  
  5.8MB
- MD5
  
  4c989daab8a65354154c915e2751e094
- SHA1
  
  c75f85bfbcf14297f82dd2e486febdbe2273f8cb
- SHA256
  
  ad6c78be833afa15ef6b4c2657e6af45e7d58e506586d28ce48924a0bc5c8ab8
- SHA512
  
  1f1179448bae4d3e562a1f897898220f2c141b1030cd76d9699ec206966fedcb2a0b129ad5d0b7b5e19721f671b1a3c42ab13f4f5e3585eaf1b713e3ff7e1e8a
- SSDEEP
  
  98304:w9MM4SiZSV3+NEZQfYWKbWbwPreXZVqv5GzH5dvOajpg2wG3kRqLDmxX9BBKCVTO:AMMSsVO/fYWsWUEZEBWlOcpuDRikNBoF
Score

8^/10

banker discovery evasion impact persistence
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Checks CPU information
  Checks CPU information which indicate if the system is an emulator.
  evasion discovery
- Queries information about the current Wi-Fi connection
  Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
  discovery
- Registers a broadcast receiver at runtime (usually for listening for system events)
  persistence
- Acquires the wake lock
- Checks if the internet connection is available
  discovery
- Queries the unique device ID (IMEI, MEID, IMSI)
  discovery
- Reads information about phone network operator.
  discovery
behavioral1 behavioral2
- Target
  
  ONEKEY
- Size
  
  29KB
- MD5
  
  03c07f5a3d84f2d7eac8dba4fd880acb
- SHA1
  
  562edc965a36e05999bb2d68ade25254814a9fdb
- SHA256
  
  a66fe4a58cef37c755b25190c5ea24e19662fc7bd88614bbec7c23e3ad457b6b
- SHA512
  
  38527bfab75343417eafa9005546b43b47ee3700fccbd482212144b7b83cd082b9d42262960e4b0a3709d78c35b601a2855c08df2171e6599b162eca74d951c6
- SSDEEP
  
  768:O1mdz5f3YaeX0SumPUn0BTwdcrYo9P3ueMcdGxQ:ImfIaQqKrP3nMIGxQ
Score

7^/10

impact privilege_escalation
- Tries to add a device administrator.
  privilege_escalation impact
behavioral3 behavioral4 behavioral5

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

bankerdiscoveryevasionimpactpersistence

behavioral2

bankerdiscoveryevasionimpactpersistence

behavioral3

impactprivilege_escalation

behavioral4

behavioral5

impactprivilege_escalation

© 2018-2024

Terms | Privacy