Overview

overview

8

Static

static

6

50355f2ab1...18.apk

android-9-x86

8

CpayPlugin.apk

android-9-x86

1

CpayPlugin.apk

android-10-x64

1

CpayPlugin.apk

android-11-x64

1

UnionPayPlugin.apk

android-9-x86

1

UnionPayPlugin.apk

android-10-x64

1

UnionPayPlugin.apk

android-11-x64

1

alipay_msp..._1.apk

android-9-x86

8

com.skymob...03.apk

android-9-x86

1

com.skymob...03.apk

android-10-x64

1

com.skymob...03.apk

android-11-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    50355f2ab15bcee48e3695156f17779e_JaffaCakes118

  • Size

    13.1MB

  • Sample

    240517-sygclseb7w

  • MD5

    50355f2ab15bcee48e3695156f17779e

  • SHA1

    ef12e2a2b6b4ee523271c4d42097af30b349bdca

  • SHA256

    af67b66fa5192be6f86293acfda7adfc83a6d8245e6bfa6b0c7d628bcd77830b

  • SHA512

    03d71517f9e21840138a9c03f2eae40d2279dc603187c2e2bba59252feb8f4b910a7abfec6622b68688a4a4736047773dc668fde3040c8f4194cbb738c23fa40

  • SSDEEP

    393216:eK5Cy1gC8IB5YuyCCl4tcBLFXDd7eR7vBL3TUMA:eK5Cy1gC8gY5CCl4tcfXDd72BL3TUMA

Score
8/10
androidbankercollectiondiscoveryevasionimpactpersistence

Malware Config

Targets

    • Target

      50355f2ab15bcee48e3695156f17779e_JaffaCakes118

    • Size

      13.1MB

    • MD5

      50355f2ab15bcee48e3695156f17779e

    • SHA1

      ef12e2a2b6b4ee523271c4d42097af30b349bdca

    • SHA256

      af67b66fa5192be6f86293acfda7adfc83a6d8245e6bfa6b0c7d628bcd77830b

    • SHA512

      03d71517f9e21840138a9c03f2eae40d2279dc603187c2e2bba59252feb8f4b910a7abfec6622b68688a4a4736047773dc668fde3040c8f4194cbb738c23fa40

    • SSDEEP

      393216:eK5Cy1gC8IB5YuyCCl4tcBLFXDd7eR7vBL3TUMA:eK5Cy1gC8gY5CCl4tcfXDd72BL3TUMA

    Score
    8/10
    bankercollectiondiscoveryevasionimpactpersistence

    • Checks if the Android device is rooted.

      evasion

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Requests cell location

      Uses Android APIs to to get current cell location.

      collectiondiscoveryevasion

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

      discovery

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

      discovery

    • Queries information about the current nearby Wi-Fi networks

      Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

      discovery

    • Registers a broadcast receiver at runtime (usually for listening for system events)

      persistence

    • Checks if the internet connection is available

      discovery

    • Reads information about phone network operator.

      discovery

    • Requests dangerous framework permissions

    behavioral1

    • Target

      CpayPlugin.apk

    • Size

      69KB

    • MD5

      597c5bd5040144f044a4ab618895795f

    • SHA1

      8375d81eba6debe77b246ba58895b074f4df6c56

    • SHA256

      54fe360e25ba2e6254a8e421b8be3d2e9126442fc3407a93f74a27d8bf994bfa

    • SHA512

      1b083f5c7dd055da36552bc2e8955d5bedde63f84f80a2f0e692332a61fd0c8cdba774c48bd1c074eda7f274d3b3c81bd785bf9aa0e51a79d246c844713bddde

    • SSDEEP

      1536:AwtlUJd9rjqtTY5m8P/BbmLAjO9muI0VrqOD5bRoeWWxT7:L7UX9rjqtTYVnBbmcj8mwLoeW2T7

    Score
    1/10
    behavioral2behavioral3behavioral4

    • Target

      UnionPayPlugin.apk

    • Size

      423KB

    • MD5

      f97ff4e9b76c2e5016a4382eba271f0e

    • SHA1

      5fdf8471392bd8477e8b4cc82c7195c809934c07

    • SHA256

      f497b969a517e4a247002c6b6a4ec0ff5156e8efd7cc4eb374f0c698e5f6a553

    • SHA512

      e8975a922d134248c2fd1cca6ba0f1210ab175bfaa89fe2f8f3664c2624b0ea8c921d2b198e9361aff1ab2101c8c5fe0394cb23501e2c60f55c60a18ef12f420

    • SSDEEP

      12288:aAixKX8k0FCQK+4LYW3733KoocNhH3YrpMATGXLO2OhEDN8:aAi8X30FCl+q37icvH3wuAF2O+Z8

    Score
    1/10
    behavioral5behavioral6behavioral7

    • Target

      alipay_msp_3.5.4_pro_1.apk

    • Size

      353KB

    • MD5

      4d8c1c40475a91b04cd97d6dee1dadb0

    • SHA1

      2c9bd64e889a62d9fc7500e0fccadd2189f27288

    • SHA256

      7950404b6976f44329d1cb021b73b182e2e9e84e2f90e86e54dabe3902784239

    • SHA512

      025c43eb79c5138cc4c44c67328fdc98c51163c97511a9b421580c54d023b1c05c3588a8ea0d6c220f40d9f7d69e86240c8abf6d3fccfcd5782087252a0b14c9

    • SSDEEP

      6144:OIhfOSywkDqx9kvdacnCVRJqPq3JurJ2f3Rp5tPVKt9m8rpvCpCBJpN:OIpywkex9kla7VvLQQhtduNrpvCAvv

    Score
    8/10
    collectiondiscoveryevasion

    • Requests cell location

      Uses Android APIs to to get current cell location.

      collectiondiscoveryevasion

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

      discovery

    • Checks if the internet connection is available

      discovery
    behavioral8

    • Target

      com.skymobi.pay.iplugin_V4003.apk

    • Size

      215KB

    • MD5

      6904630c1fc901a4ff0496b86492f056

    • SHA1

      6569be10c9535885f8d1ac61e3bb2e911bab2433

    • SHA256

      7cc6f7d7fd32009ebafba8d8ac9678f699e721ba28d23b58691c705436a715a8

    • SHA512

      17de8c9716d0557969cbe4014ff8cebeb3f8db258c34f332ee57bd8b09a6ada4d47aeeaac0c46a4af6429057a78176e478a04cbf3df0d9ec8a97a7755a3d65c7

    • SSDEEP

      6144:G+Gdc2eXlNxObSjqeNsDqCXuxIh2bz0twc3G:VGuXlAS+eNrSDi0j3G

    Score
    1/10
    behavioral10behavioral11behavioral9

MITRE ATT&CK Mobile v15

Tasks