Overview

overview

8

Static

static

6

63b63b0a49...18.apk

android-9-x86

7

63b63b0a49...18.apk

android-10-x64

8

gdtadv2.apk

android-9-x86

Sharing

Copy URL
Twitter E-mail

General

  • Target

    63b63b0a4925218017c64ca2a7e0eaf6_JaffaCakes118

  • Size

    15.0MB

  • Sample

    240521-sdtgfahh23

  • MD5

    63b63b0a4925218017c64ca2a7e0eaf6

  • SHA1

    e0f262719e135b9c2a433004d425d0bda46a02db

  • SHA256

    f68b9adbc8d1cecd1810124e1689eb902f7b59047625bf4651f2b2986e202975

  • SHA512

    69b0be5c0945106e664621bfbc65dc086c55656ef7fe33b5992466efd50bb80793999cb84ebbeb52808a6a23dca86693471399e3adc9e937748bc254a3bf192a

  • SSDEEP

    393216:aAfy91klBS0oH1qrLxBDU8jWz7++fhNPW:/+kBSL6LxS8jWe+fhNPW

Score
8/10
androidbankercollectiondiscoveryevasionimpactpersistence

Malware Config

Targets

    • Target

      63b63b0a4925218017c64ca2a7e0eaf6_JaffaCakes118

    • Size

      15.0MB

    • MD5

      63b63b0a4925218017c64ca2a7e0eaf6

    • SHA1

      e0f262719e135b9c2a433004d425d0bda46a02db

    • SHA256

      f68b9adbc8d1cecd1810124e1689eb902f7b59047625bf4651f2b2986e202975

    • SHA512

      69b0be5c0945106e664621bfbc65dc086c55656ef7fe33b5992466efd50bb80793999cb84ebbeb52808a6a23dca86693471399e3adc9e937748bc254a3bf192a

    • SSDEEP

      393216:aAfy91klBS0oH1qrLxBDU8jWz7++fhNPW:/+kBSL6LxS8jWe+fhNPW

    Score
    8/10
    discoveryevasionpersistencebankercollectionimpact

    • Checks if the Android device is rooted.

      evasion

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Requests cell location

      Uses Android APIs to to get current cell location.

      collectiondiscoveryevasion

    • Checks CPU information

      Checks CPU information which indicate if the system is an emulator.

      evasiondiscovery

    • Checks memory information

      Checks memory information which indicate if the system is an emulator.

      evasiondiscovery

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

      discovery

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

      discovery

    • Queries information about the current nearby Wi-Fi networks

      Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

      discovery

    • Queries the phone number (MSISDN for GSM devices)

      discovery

    • Reads the content of SMS inbox messages.

      collection

    • Registers a broadcast receiver at runtime (usually for listening for system events)

      persistence

    • Checks if the internet connection is available

      discovery

    • Queries the unique device ID (IMEI, MEID, IMSI)

      discovery

    • Reads information about phone network operator.

      discovery

    • Listens for changes in the sensor environment (might be used to detect emulation)

      evasion
    behavioral1behavioral2

    • Target

      gdtadv2.jar

    • Size

      650KB

    • MD5

      5eaa0ab055f88d1710a1c680cced039d

    • SHA1

      3cd78c640c175d8f41c981dec45da2e0671659fa

    • SHA256

      629ce3d46af2e307c50aa0a8b6a4649c07f15c9bb0ab074dc9e3c42d452223c5

    • SHA512

      fa0e514c183962c89a2f27d680768542628a031312300de7d1574490920057975f227fe9e95e2a1c3cef399f755686b40ca926a4db6e582f7c5a07277f072c13

    • SSDEEP

      12288:2o/eAqlTYNTbHulJeTcMZH2rNp8OwazS5skPAZl9xHlUaE3OdKFwEUSsielxE:2o/ea32e4MZH2rNpHwsbkPApp1qwNSsw

    Score
    1/10
    behavioral3

MITRE ATT&CK Mobile v15

Tasks