Overview

overview

8

Static

static

6

5e7fc713ef...18.apk

android-9-x86

8

plugin-deploy.apk

android-9-x86

plugin-deploy.apk

android-10-x64

plugin-deploy.apk

android-11-x64

res.apk

android-9-x86

1

res.apk

android-10-x64

1

res.apk

android-11-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5e7fc713ef3a69c747ee1f0c99db3a57_JaffaCakes118

  • Size

    3.8MB

  • Sample

    240520-l4t3bsfc9t

  • MD5

    5e7fc713ef3a69c747ee1f0c99db3a57

  • SHA1

    705f96a26ba8b656392a9c16636afec14803e3ba

  • SHA256

    72a5caf3ca20e7396890f54c7c83a4496249f94dc9bce489a362bfa8eaf17b6f

  • SHA512

    f8f55ddec00d2b96b38afaf00e4892f12689e1c285546265ff924bd0b68ee23262bc83b8cae75a35c87ce030c8be0bb81929a972b27134491179ea24d83710e9

  • SSDEEP

    98304:RFl/aNXz4IMq+efEzKsJKSVPnpo2Zd51D4Zlf/ZM:RFl/ADYwCKsJKSVfpoy6ZlfRM

Score
8/10
androidbankerdiscoveryevasionimpactpersistence

Malware Config

Targets

    • Target

      5e7fc713ef3a69c747ee1f0c99db3a57_JaffaCakes118

    • Size

      3.8MB

    • MD5

      5e7fc713ef3a69c747ee1f0c99db3a57

    • SHA1

      705f96a26ba8b656392a9c16636afec14803e3ba

    • SHA256

      72a5caf3ca20e7396890f54c7c83a4496249f94dc9bce489a362bfa8eaf17b6f

    • SHA512

      f8f55ddec00d2b96b38afaf00e4892f12689e1c285546265ff924bd0b68ee23262bc83b8cae75a35c87ce030c8be0bb81929a972b27134491179ea24d83710e9

    • SSDEEP

      98304:RFl/aNXz4IMq+efEzKsJKSVPnpo2Zd51D4Zlf/ZM:RFl/ADYwCKsJKSVfpoy6ZlfRM

    Score
    8/10
    bankerdiscoveryevasionimpactpersistence

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

      discovery

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

      discovery

    • Queries information about the current nearby Wi-Fi networks

      Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

      discovery

    • Registers a broadcast receiver at runtime (usually for listening for system events)

      persistence

    • Checks if the internet connection is available

      discovery

    • Reads information about phone network operator.

      discovery
    behavioral1

    • Target

      plugin-deploy.jar

    • Size

      143KB

    • MD5

      0e12eec56b1ae504500aa70c143a72c6

    • SHA1

      0fb3f0ef5209f018069f1920411b46a1cd8d4571

    • SHA256

      c99e9d1cad96f445667d40b3b93fad9f84ef86ca803ef97b246bd2c90814673c

    • SHA512

      7ebbd2c580ddbc49847fbb3b4d0e1b20bc617e64220a32c25639b955e885c7bd3256b96bf37ad2dfbbaa7e820cfba2828cfefcf53ab16fbd9e601959e37e5e74

    • SSDEEP

      3072:Lxv20oKpUzPqL0YUEMthurumQrcyyIFq1zb2ASh5kdBgFfv+kGodL3VxdYVVCc:LmKpQPqL0Ybah7FSbJtd7OL3ha

    Score
    1/10
    behavioral2behavioral3behavioral4

    • Target

      res.apk

    • Size

      259KB

    • MD5

      0813101760ee00e898e6fc8a46c37c00

    • SHA1

      285d4943ffe4523c5faa0145ea37955dd0a9a089

    • SHA256

      d7788315dbafb43f7a5b3d0224e83a0c93950b83d9a1fa762a775e6804359742

    • SHA512

      c6d0df5297a7f338a5cafe95810fb7ded8cf68e9085a055d661a03337f9c923264cd960c07492e5b0bac4104569cad8355bf28f5b77551fa937dffba25672c41

    • SSDEEP

      6144:jW86Mo0uinvHef0twReJMT8H5+gQxED96P:qdMBuHeJJfQxY96P

    Score
    1/10
    behavioral5behavioral6behavioral7

MITRE ATT&CK Mobile v15

Tasks