477d5262ee3a49ffcb3585602d188f7069f66dd8cf4a06e89e36c96482a53f33

General

Target

612bbfbfe1acc6b3a4c94bd322929c09_JaffaCakes118
Size

1.3MB
Sample

240520-2mlydsaa75
MD5

612bbfbfe1acc6b3a4c94bd322929c09
SHA1

74d21ddc51cb37346f67009ec9f95c3cb7b5d380
SHA256

477d5262ee3a49ffcb3585602d188f7069f66dd8cf4a06e89e36c96482a53f33
SHA512

bcf57c0f213755780ffb6c20d69c30088f7eb538a87aa91764096fde74fdde4ffc43e880e89a036eee2c5b9726b0ee318ae854261dc586f7d40ca0e32af18282
SSDEEP

24576:ssQXoL0otaYtXMKCnEOn8wB7PvQGjXo+Fgjh8bq/13tdHbZKm51Ob83k:soQ7YtBCnEQfB7PvQGjrGjh8bq/1XHNS

Score

8^/10

Malware Config

Targets

- Target
  
  612bbfbfe1acc6b3a4c94bd322929c09_JaffaCakes118
- Size
  
  1.3MB
- MD5
  
  612bbfbfe1acc6b3a4c94bd322929c09
- SHA1
  
  74d21ddc51cb37346f67009ec9f95c3cb7b5d380
- SHA256
  
  477d5262ee3a49ffcb3585602d188f7069f66dd8cf4a06e89e36c96482a53f33
- SHA512
  
  bcf57c0f213755780ffb6c20d69c30088f7eb538a87aa91764096fde74fdde4ffc43e880e89a036eee2c5b9726b0ee318ae854261dc586f7d40ca0e32af18282
- SSDEEP
  
  24576:ssQXoL0otaYtXMKCnEOn8wB7PvQGjXo+Fgjh8bq/13tdHbZKm51Ob83k:soQ7YtBCnEQfB7PvQGjrGjh8bq/1XHNS
Score

8^/10

banker collection discovery evasion persistence stealth trojan
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Removes its main activity from the application launcher
  stealth trojan evasion
- Checks CPU information
  Checks CPU information which indicate if the system is an emulator.
  evasion discovery
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Queries account information for other applications stored on the device
  Application may abuse the framework's APIs to collect account information stored on the device.
  collection
- Queries information about running processes on the device
  Application may abuse the framework's APIs to collect information about running processes on the device.
  discovery
- Queries information about the current Wi-Fi connection
  Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
  discovery
- Registers a broadcast receiver at runtime (usually for listening for system events)
  persistence
- Checks if the internet connection is available
  discovery
- Queries the unique device ID (IMEI, MEID, IMSI)
  discovery
- Reads information about phone network operator.
  discovery
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Targets

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Removes its main activity from the application launcher

Checks CPU information

Loads dropped Dex/Jar

Queries account information for other applications stored on the device

Queries information about running processes on the device

Queries information about the current Wi-Fi connection

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks if the internet connection is available

Queries the unique device ID (IMEI, MEID, IMSI)

Reads information about phone network operator.

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

behavioral3