29b08f7fd96ec8266fc57d3e1cf7d4411b1cf955ba392576b309ecbe05c8a6d3

General

Target

63ea4febc6ae87e38ba5de3454e787ed_JaffaCakes118
Size

4.6MB
Sample

240521-tnmmbabd55
MD5

63ea4febc6ae87e38ba5de3454e787ed
SHA1

4dc54e4e7883cf7f5b8da800dd1ea3d1f987cb22
SHA256

29b08f7fd96ec8266fc57d3e1cf7d4411b1cf955ba392576b309ecbe05c8a6d3
SHA512

56a5ea81454f8d94dd553400d6a8ac584016ba9fc4ba35bf385983754a01537e92d0e0d26bd2fdec0b6ad724324bce493e19f128d71204b75ce1f6588367de20
SSDEEP

98304:XhNBJ2VKz34Ge9jQCNj9x4oeDwtJeFkU1Uvgu0X9X:RNHQ0IvJ1ONkUOWX9X

Score

8^/10

Malware Config

Targets

- Target
  
  63ea4febc6ae87e38ba5de3454e787ed_JaffaCakes118
- Size
  
  4.6MB
- MD5
  
  63ea4febc6ae87e38ba5de3454e787ed
- SHA1
  
  4dc54e4e7883cf7f5b8da800dd1ea3d1f987cb22
- SHA256
  
  29b08f7fd96ec8266fc57d3e1cf7d4411b1cf955ba392576b309ecbe05c8a6d3
- SHA512
  
  56a5ea81454f8d94dd553400d6a8ac584016ba9fc4ba35bf385983754a01537e92d0e0d26bd2fdec0b6ad724324bce493e19f128d71204b75ce1f6588367de20
- SSDEEP
  
  98304:XhNBJ2VKz34Ge9jQCNj9x4oeDwtJeFkU1Uvgu0X9X:RNHQ0IvJ1ONkUOWX9X
Score

8^/10

banker discovery evasion impact persistence
- Checks if the Android device is rooted.
  evasion
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Checks CPU information
  Checks CPU information which indicate if the system is an emulator.
  evasion discovery
- Checks known Qemu files.
  Checks for known Qemu files that exist on Android virtual device images.
  evasion
- Checks known Qemu pipes.
  Checks for known pipes used by the Android emulator to communicate with the host.
  evasion
- Checks memory information
  Checks memory information which indicate if the system is an emulator.
  evasion discovery
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Queries information about running processes on the device
  Application may abuse the framework's APIs to collect information about running processes on the device.
  discovery
- Queries information about the current Wi-Fi connection
  Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
  discovery
- Queries the mobile country code (MCC)
  discovery
- Registers a broadcast receiver at runtime (usually for listening for system events)
  persistence
- Acquires the wake lock
- Checks if the internet connection is available
  discovery
behavioral1
- Target
  
  sdk.jar
- Size
  
  158KB
- MD5
  
  d440d29973a4652bd33f145221ad6aec
- SHA1
  
  a6883bfa17a19d266b67de42c243de503d5be2f5
- SHA256
  
  61a9767c427e8b2eea2421ee1f3541aa6735302d549b2eda02ab718994f70bcb
- SHA512
  
  9fbfbbadc9ab71c38d001a1c3db081a7f3d2568d650409c9daa8f626ea45a66f1d02fe0f52e8edcf430a79ba4e49f3102d91c6dfbbf599449edc958734325645
- SSDEEP
  
  3072:wgbYL1U5ewMbpPsPVcocB4Q1XLKbPgv1x8cLrBKtzdefKLk0AJ1:wg8LCeDbpPstcocSNPWxrQje0k1
Score

1^/10
behavioral2 behavioral3 behavioral4

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Targets

Checks if the Android device is rooted.

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Checks CPU information

Checks known Qemu files.

Checks known Qemu pipes.

Checks memory information

Loads dropped Dex/Jar

Queries information about running processes on the device

Queries information about the current Wi-Fi connection

Queries the mobile country code (MCC)

Registers a broadcast receiver at runtime (usually for listening for system events)

Acquires the wake lock

Checks if the internet connection is available

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4