Overview

overview

10

Static

static

10

4e7d171fcd...18.apk

android-9-x86

8

4e7d171fcd...18.apk

android-10-x64

8

4e7d171fcd...18.apk

android-11-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4e7d171fcdcc00e1882872750b1f8fe6_JaffaCakes118

  • Size

    5.8MB

  • Sample

    240517-fhbqzaac65

  • MD5

    4e7d171fcdcc00e1882872750b1f8fe6

  • SHA1

    e71bc1f849bd0afb0b36a3ee3574577cedb90cdb

  • SHA256

    8386715c5fc28c0c5de37fbde8004c29ad1022b15141107633b2b48799fa0df7

  • SHA512

    43be43293f73d18ae861109e11c7afbc8759819ca01431ac5b3720da52db320b661acb87dfa666ac490c907e0fe383e87911af9bef9b9979eeb8ce6042c503ff

  • SSDEEP

    98304:M0XCcDlfLwJ55mHgLljLWH6yE6eQTsddYU46uR3M13PxuqUsRt/OI5w5tPP:9XCcDljwfJLWH68pKcRhqUGUUw5dP

Score
10/10
irataandroidbankercollectiondiscoveryevasionexecutionpersistence

Malware Config

Targets

    • Target

      4e7d171fcdcc00e1882872750b1f8fe6_JaffaCakes118

    • Size

      5.8MB

    • MD5

      4e7d171fcdcc00e1882872750b1f8fe6

    • SHA1

      e71bc1f849bd0afb0b36a3ee3574577cedb90cdb

    • SHA256

      8386715c5fc28c0c5de37fbde8004c29ad1022b15141107633b2b48799fa0df7

    • SHA512

      43be43293f73d18ae861109e11c7afbc8759819ca01431ac5b3720da52db320b661acb87dfa666ac490c907e0fe383e87911af9bef9b9979eeb8ce6042c503ff

    • SSDEEP

      98304:M0XCcDlfLwJ55mHgLljLWH6yE6eQTsddYU46uR3M13PxuqUsRt/OI5w5tPP:9XCcDljwfJLWH68pKcRhqUGUUw5dP

    Score
    8/10
    bankercollectiondiscoveryevasionexecutionpersistence

    • Checks if the Android device is rooted.

      evasion

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Requests cell location

      Uses Android APIs to to get current cell information.

      collectiondiscovery

    • Requests cell location

      Uses Android APIs to to get current cell location.

      collectiondiscoveryevasion

    • Checks the application is allowed to request package installs through the package installer

      Checks the application is allowed to install additional applications (Might try to install applications from unknown sources).

      evasion

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

      discovery

    • Queries information about the current nearby Wi-Fi networks

      Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

      discovery

    • Registers a broadcast receiver at runtime (usually for listening for system events)

      persistence

    • Acquires the wake lock

    • Checks if the internet connection is available

      discovery

    • Queries the unique device ID (IMEI, MEID, IMSI)

      discovery

    • Reads information about phone network operator.

      discovery

    • Schedules tasks to execute at a specified time

      Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

      executionpersistence
    behavioral1behavioral2behavioral3

MITRE ATT&CK Mobile v15

Tasks