Overview

overview

8

Static

static

6

64b63e1600...18.apk

android-9-x86

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    64b63e1600de82a38db0270b1abb87ca_JaffaCakes118

  • Size

    8.7MB

  • Sample

    240521-zkrpraaa51

  • MD5

    64b63e1600de82a38db0270b1abb87ca

  • SHA1

    82bfc7b92348962803d3ed69319cb411d5a3eef5

  • SHA256

    17674b722054eb997ccb589e900d107a582c58afda6590388338524c789b0c4e

  • SHA512

    ab9aff074f326de273e3414cba2d7d1d1244811c3d88ce526dd166660cdc5ebcd3af0e8949aa81cb0f6e6da720a89cbcc314d32fc3c1049bfe9e72a12b558577

  • SSDEEP

    196608:Yy9Xru+DJHsTeoGnEqT4xgR9tSCwj+JqRO4Mj1S2agu57XF9F:Yy97MTeoQRT4xGQCvqg9j5Lu5Zv

Score
8/10
androidbankercollectiondiscoveryevasionexecutionimpactpersistence

Malware Config

Targets

    • Target

      64b63e1600de82a38db0270b1abb87ca_JaffaCakes118

    • Size

      8.7MB

    • MD5

      64b63e1600de82a38db0270b1abb87ca

    • SHA1

      82bfc7b92348962803d3ed69319cb411d5a3eef5

    • SHA256

      17674b722054eb997ccb589e900d107a582c58afda6590388338524c789b0c4e

    • SHA512

      ab9aff074f326de273e3414cba2d7d1d1244811c3d88ce526dd166660cdc5ebcd3af0e8949aa81cb0f6e6da720a89cbcc314d32fc3c1049bfe9e72a12b558577

    • SSDEEP

      196608:Yy9Xru+DJHsTeoGnEqT4xgR9tSCwj+JqRO4Mj1S2agu57XF9F:Yy97MTeoQRT4xGQCvqg9j5Lu5Zv

    Score
    8/10
    bankercollectiondiscoveryevasionexecutionimpactpersistence

    • Checks if the Android device is rooted.

      evasion

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Requests cell location

      Uses Android APIs to to get current cell location.

      collectiondiscoveryevasion

    • Checks CPU information

      Checks CPU information which indicate if the system is an emulator.

      evasiondiscovery

    • Queries account information for other applications stored on the device

      Application may abuse the framework's APIs to collect account information stored on the device.

      collection

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

      discovery

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

      discovery

    • Queries information about the current nearby Wi-Fi networks

      Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

      discovery

    • Registers a broadcast receiver at runtime (usually for listening for system events)

      persistence

    • Acquires the wake lock

    • Checks if the internet connection is available

      discovery

    • Reads information about phone network operator.

      discovery

    • Schedules tasks to execute at a specified time

      Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

      executionpersistence

    • Listens for changes in the sensor environment (might be used to detect emulation)

      evasion
    behavioral1

MITRE ATT&CK Mobile v15

Tasks