22819bef14ff445f8d63f10d163c6c8ffdd8a439be6f5c40a5229f90a5619f69 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5f4de5cc0fa3e250a830289d8d4984d7_JaffaCakes118
Size

15.9MB
Sample

240520-qnh3cacb24
MD5

5f4de5cc0fa3e250a830289d8d4984d7
SHA1

c12e7a420fe06b9150fdaff5f0c8518188f142d4
SHA256

22819bef14ff445f8d63f10d163c6c8ffdd8a439be6f5c40a5229f90a5619f69
SHA512

0a0326ed5959b19b867a35307e116600a0ed9796409cf5e9bb1aa9be79141b6ef94b88b4cdebd7ee10ece2f6c927d700605d11dbfd95da6ce4463a2601132f04
SSDEEP

393216:ehr3cuI1V89GMrXglFci1WcvVXkSvkDBUdH:szZcMrQzciY47h

Score

8^/10

android banker discovery evasion impact persistence

Malware Config

Targets

- Target
  
  5f4de5cc0fa3e250a830289d8d4984d7_JaffaCakes118
- Size
  
  15.9MB
- MD5
  
  5f4de5cc0fa3e250a830289d8d4984d7
- SHA1
  
  c12e7a420fe06b9150fdaff5f0c8518188f142d4
- SHA256
  
  22819bef14ff445f8d63f10d163c6c8ffdd8a439be6f5c40a5229f90a5619f69
- SHA512
  
  0a0326ed5959b19b867a35307e116600a0ed9796409cf5e9bb1aa9be79141b6ef94b88b4cdebd7ee10ece2f6c927d700605d11dbfd95da6ce4463a2601132f04
- SSDEEP
  
  393216:ehr3cuI1V89GMrXglFci1WcvVXkSvkDBUdH:szZcMrQzciY47h
Score

8^/10

banker discovery evasion impact persistence
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Checks CPU information
  Checks CPU information which indicate if the system is an emulator.
  evasion discovery
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Queries information about running processes on the device
  Application may abuse the framework's APIs to collect information about running processes on the device.
  discovery
- Queries the phone number (MSISDN for GSM devices)
  discovery
- Registers a broadcast receiver at runtime (usually for listening for system events)
  persistence
- Checks if the internet connection is available
  discovery
- Queries the unique device ID (IMEI, MEID, IMSI)
  discovery
- Reads information about phone network operator.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Privilege Escalation

Defense Evasion

Download New Code at Runtime

Virtualization/Sandbox Evasion

System Checks

Credential Access

Discovery

Process Discovery

Software Discovery

Security Software Discovery

System Information Discovery

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

Tasks

static1

behavioral1

bankerdiscoveryevasionimpactpersistence

behavioral2

discoveryevasionimpactpersistence