Extracted

• • Target

    5699a1612da7b997fbb2f1de1192c608_JaffaCakes118

  • Size

    21.1MB

  • MD5

    5699a1612da7b997fbb2f1de1192c608

  • SHA1

    19057f47227a62b9eedc61a6ccc0499f7146df70

  • SHA256

    2449332754330bbf3efde6130313d58bfea56ce778f98bab88abc5c309694ab3

  • SHA512

    42bfd388e094b3058aba87c3868aa671b0ebb01abaa72f1dd85c088868b312bdc72b6f357b994a20cecff18f31659e33c6f93e19ef9f9ed52407162f80563e87

  • SSDEEP

    393216:SD3bW8NXUN8umwG0blyUfZ++QwjH+pW7E6r62qzAUnCGcStboIA6:SDvNXUN8DwGOko+wSpW7EOsXeSxoIX

  Score

  8^/10

  bankercollectiondiscoveryevasionimpactpersistence

  • Checks if the Android device is rooted.

    evasion

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    bankerdiscovery

  • Requests cell location

    Uses Android APIs to to get current cell location.

    collectiondiscoveryevasion

  • Checks CPU information

    Checks CPU information which indicate if the system is an emulator.

    evasiondiscovery

  • Checks known Qemu files.

    Checks for known Qemu files that exist on Android virtual device images.

    evasion

  • Queries information about running processes on the device

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery

  • Queries the phone number (MSISDN for GSM devices)

    discovery

  • Registers a broadcast receiver at runtime (usually for listening for system events)

    persistence

  • Checks if the internet connection is available

    discovery

  • Queries the unique device ID (IMEI, MEID, IMSI)

    discovery

  • Reads information about phone network operator.

    discovery

  • Listens for changes in the sensor environment (might be used to detect emulation)

    evasion
  behavioral1behavioral2