9fb9892ce36cdb74bacbed245a29771e3195894e37672f21176435ca001e4e97

General

Target

611cce73a21b3ef5079548fc40be1179_JaffaCakes118
Size

1.3MB
Sample

240520-2bls9ahf54
MD5

611cce73a21b3ef5079548fc40be1179
SHA1

c5d97482ae73f4154309760b7a0eb8966823ee72
SHA256

9fb9892ce36cdb74bacbed245a29771e3195894e37672f21176435ca001e4e97
SHA512

9ae08fcf8ce396f4137c261462477b33b29dee0d14d95ea7d7f97b6e1c7d6da7fbe0901212e6326b541dad59803f6e4902eadcc98edf2f34c5687812a64d9e7a
SSDEEP

24576:CQXoL0otaYtXMwCnEOn8wB7PvQ6jDo+5kjx43q/13tdHbZKm51Ob83K:eQ7YtfCnEQfB7PvQ6jP2jx43q/1XHNKR

Score

8^/10

Malware Config

Targets

- Target
  
  611cce73a21b3ef5079548fc40be1179_JaffaCakes118
- Size
  
  1.3MB
- MD5
  
  611cce73a21b3ef5079548fc40be1179
- SHA1
  
  c5d97482ae73f4154309760b7a0eb8966823ee72
- SHA256
  
  9fb9892ce36cdb74bacbed245a29771e3195894e37672f21176435ca001e4e97
- SHA512
  
  9ae08fcf8ce396f4137c261462477b33b29dee0d14d95ea7d7f97b6e1c7d6da7fbe0901212e6326b541dad59803f6e4902eadcc98edf2f34c5687812a64d9e7a
- SSDEEP
  
  24576:CQXoL0otaYtXMwCnEOn8wB7PvQ6jDo+5kjx43q/13tdHbZKm51Ob83K:eQ7YtfCnEQfB7PvQ6jP2jx43q/1XHNKR
Score

8^/10

banker collection discovery evasion persistence stealth trojan
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Removes its main activity from the application launcher
  stealth trojan evasion
- Checks CPU information
  Checks CPU information which indicate if the system is an emulator.
  evasion discovery
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Queries account information for other applications stored on the device
  Application may abuse the framework's APIs to collect account information stored on the device.
  collection
- Queries information about running processes on the device
  Application may abuse the framework's APIs to collect information about running processes on the device.
  discovery
- Queries information about the current Wi-Fi connection
  Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
  discovery
- Registers a broadcast receiver at runtime (usually for listening for system events)
  persistence
- Checks if the internet connection is available
  discovery
- Queries the unique device ID (IMEI, MEID, IMSI)
  discovery
- Reads information about phone network operator.
  discovery
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Targets

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Removes its main activity from the application launcher

Checks CPU information

Loads dropped Dex/Jar

Queries account information for other applications stored on the device

Queries information about running processes on the device

Queries information about the current Wi-Fi connection

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks if the internet connection is available

Queries the unique device ID (IMEI, MEID, IMSI)

Reads information about phone network operator.

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

behavioral3