Overview

overview

8

Static

static

6

5558c57557...18.apk

android-9-x86

8

5558c57557...18.apk

android-10-x64

8

5558c57557...18.apk

android-11-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5558c575579ece0a7fecade06f5cb605_JaffaCakes118

  • Size

    1.3MB

  • Sample

    240518-sg2bfshb9x

  • MD5

    5558c575579ece0a7fecade06f5cb605

  • SHA1

    37a1de7994d3e0ae35c85ef816bb43fd07792e8b

  • SHA256

    3d189831636e1bdff7520690dff14a1c3548939e79ba82ef8f2584ce47326d95

  • SHA512

    fc7433e0fdda380f0bba760c70a3b60b28739fe87272736f1f1911690656df0666e1c277f2009a050731ca44748d787ecda4ee228d0bcfc0c9deba48ea0e7df5

  • SSDEEP

    24576:m8oL0otaYtXMjGYdJZXs+bS8oaPnDAUCxFMQjDo+xUjpwvq/13tdHbZKm51Ob83l:4Q7YtAdJZJboaPDAUcFzjP+jpwvq/1XB

Score
8/10
androidbankercollectiondiscoveryevasionpersistencestealthtrojan

Malware Config

Targets

    • Target

      5558c575579ece0a7fecade06f5cb605_JaffaCakes118

    • Size

      1.3MB

    • MD5

      5558c575579ece0a7fecade06f5cb605

    • SHA1

      37a1de7994d3e0ae35c85ef816bb43fd07792e8b

    • SHA256

      3d189831636e1bdff7520690dff14a1c3548939e79ba82ef8f2584ce47326d95

    • SHA512

      fc7433e0fdda380f0bba760c70a3b60b28739fe87272736f1f1911690656df0666e1c277f2009a050731ca44748d787ecda4ee228d0bcfc0c9deba48ea0e7df5

    • SSDEEP

      24576:m8oL0otaYtXMjGYdJZXs+bS8oaPnDAUCxFMQjDo+xUjpwvq/13tdHbZKm51Ob83l:4Q7YtAdJZJboaPDAUcFzjP+jpwvq/1XB

    Score
    8/10
    bankercollectiondiscoveryevasionpersistencestealthtrojan

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Removes its main activity from the application launcher

      stealthtrojanevasion

    • Checks CPU information

      Checks CPU information which indicate if the system is an emulator.

      evasiondiscovery

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Queries account information for other applications stored on the device

      Application may abuse the framework's APIs to collect account information stored on the device.

      collection

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

      discovery

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

      discovery

    • Registers a broadcast receiver at runtime (usually for listening for system events)

      persistence

    • Checks if the internet connection is available

      discovery

    • Queries the unique device ID (IMEI, MEID, IMSI)

      discovery

    • Reads information about phone network operator.

      discovery
    behavioral1behavioral2behavioral3

MITRE ATT&CK Mobile v15

Tasks