6f38da6bb5b0a7b0ef8996aa69f865dd49b7fc21d9e6f9b3c229ad088765fd1a

General

Target

65788ec9c2255139f7b64d9e8630b6c8_JaffaCakes118
Size

12.8MB
Sample

240522-bjkm2sfe88
MD5

65788ec9c2255139f7b64d9e8630b6c8
SHA1

d98b00cc1c9723b625fa76ef67ef65aa41bc1027
SHA256

6f38da6bb5b0a7b0ef8996aa69f865dd49b7fc21d9e6f9b3c229ad088765fd1a
SHA512

2f2eea8ff1dbe7cb178e5ba6716808ae16fa7444faf276f3c0484027864b11609b739d7897ab7791712896bda52dbaf7ac17b1499b13f21f2e2bfda54c21d864
SSDEEP

196608:PDobuDTeop/7k0T5YfCUXmTajZ/a5tesngSR+AnEAPFx9BAQ8MbJOSKdoYRE8Rt:PDYuDT5p/w0T5Yxjcv9QUEuPZdK95Rt

Score

8^/10

Malware Config

Targets

- Target
  
  65788ec9c2255139f7b64d9e8630b6c8_JaffaCakes118
- Size
  
  12.8MB
- MD5
  
  65788ec9c2255139f7b64d9e8630b6c8
- SHA1
  
  d98b00cc1c9723b625fa76ef67ef65aa41bc1027
- SHA256
  
  6f38da6bb5b0a7b0ef8996aa69f865dd49b7fc21d9e6f9b3c229ad088765fd1a
- SHA512
  
  2f2eea8ff1dbe7cb178e5ba6716808ae16fa7444faf276f3c0484027864b11609b739d7897ab7791712896bda52dbaf7ac17b1499b13f21f2e2bfda54c21d864
- SSDEEP
  
  196608:PDobuDTeop/7k0T5YfCUXmTajZ/a5tesngSR+AnEAPFx9BAQ8MbJOSKdoYRE8Rt:PDYuDT5p/w0T5Yxjcv9QUEuPZdK95Rt
Score

8^/10

banker collection discovery evasion impact persistence credential_access
- Checks if the Android device is rooted.
  evasion
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Checks CPU information
  Checks CPU information which indicate if the system is an emulator.
  evasion discovery
- Checks memory information
  Checks memory information which indicate if the system is an emulator.
  evasion discovery
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Obtains sensitive information copied to the device clipboard
  Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
  collection credential_access impact
- Queries account information for other applications stored on the device
  Application may abuse the framework's APIs to collect account information stored on the device.
  collection
- Queries information about running processes on the device
  Application may abuse the framework's APIs to collect information about running processes on the device.
  discovery
- Queries the mobile country code (MCC)
  discovery
- Registers a broadcast receiver at runtime (usually for listening for system events)
  persistence
- Acquires the wake lock
- Checks if the internet connection is available
  discovery
- Queries the unique device ID (IMEI, MEID, IMSI)
  discovery
- Reads information about phone network operator.
  discovery
- Listens for changes in the sensor environment (might be used to detect emulation)
  evasion
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Targets

Checks if the Android device is rooted.

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Checks CPU information

Checks memory information

Loads dropped Dex/Jar

Obtains sensitive information copied to the device clipboard

Queries account information for other applications stored on the device

Queries information about running processes on the device

Queries the mobile country code (MCC)

Registers a broadcast receiver at runtime (usually for listening for system events)

Acquires the wake lock

Checks if the internet connection is available

Queries the unique device ID (IMEI, MEID, IMSI)

Reads information about phone network operator.

Listens for changes in the sensor environment (might be used to detect emulation)

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2