Overview

overview

10

Static

static

10

eccc556f91...a0.apk

android-9-x86

8

gdtadv2.apk

android-9-x86

Sharing

Copy URL
Twitter E-mail

General

  • Target

    eccc556f9112b4862fd656e51db1fc5e22692a4bad7444b7c078cf0e4d8da2a0

  • Size

    17.9MB

  • Sample

    240522-bmv8ysff89

  • MD5

    6578a366c4cfb1d2e9c49da95aebbe31

  • SHA1

    8eb6aae6a336c1aec4ae8e60739648884ec3a571

  • SHA256

    eccc556f9112b4862fd656e51db1fc5e22692a4bad7444b7c078cf0e4d8da2a0

  • SHA512

    b4379cdc33ecf7c508c551cc96ed7b8bea53db4874e2a5d2066f1f4ec044bc1a84536f7ac35283dd591553967a14dbb10e17297a48e05c6dce9ee029d8b2a7d6

  • SSDEEP

    393216:eu+tb9cgCkq05dzfxJVcetvhjh7rgnpVC4TZls+FJ+FQ:n+tb9cDC5dzfRhvhVUDRZl5B

Score
10/10
jokerandroidbankerdiscoveryevasionimpactpersistence

Malware Config

Targets

    • Target

      eccc556f9112b4862fd656e51db1fc5e22692a4bad7444b7c078cf0e4d8da2a0

    • Size

      17.9MB

    • MD5

      6578a366c4cfb1d2e9c49da95aebbe31

    • SHA1

      8eb6aae6a336c1aec4ae8e60739648884ec3a571

    • SHA256

      eccc556f9112b4862fd656e51db1fc5e22692a4bad7444b7c078cf0e4d8da2a0

    • SHA512

      b4379cdc33ecf7c508c551cc96ed7b8bea53db4874e2a5d2066f1f4ec044bc1a84536f7ac35283dd591553967a14dbb10e17297a48e05c6dce9ee029d8b2a7d6

    • SSDEEP

      393216:eu+tb9cgCkq05dzfxJVcetvhjh7rgnpVC4TZls+FJ+FQ:n+tb9cDC5dzfRhvhVUDRZl5B

    Score
    8/10
    bankerdiscoveryevasionimpactpersistence

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Checks CPU information

      Checks CPU information which indicate if the system is an emulator.

      evasiondiscovery

    • Checks memory information

      Checks memory information which indicate if the system is an emulator.

      evasiondiscovery

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

      discovery

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

      discovery

    • Queries information about the current nearby Wi-Fi networks

      Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

      discovery

    • Queries the mobile country code (MCC)

      discovery

    • Queries the phone number (MSISDN for GSM devices)

      discovery

    • Registers a broadcast receiver at runtime (usually for listening for system events)

      persistence

    • Checks if the internet connection is available

      discovery

    • Queries the unique device ID (IMEI, MEID, IMSI)

      discovery

    • Reads information about phone network operator.

      discovery
    behavioral1

    • Target

      gdtadv2.jar

    • Size

      1.1MB

    • MD5

      62d3210f0381703b79c016a5a475c650

    • SHA1

      d57e3810e0490f3c46c7cef1430047e640e1170f

    • SHA256

      b24e08fff96ed736f5f5751f2b5f7e5751118616f0e9557974748c8674e2d197

    • SHA512

      153dc4cee44b62ebefa59e260ddfb8c197188c17dfb8d384fb588a881b321e841b245b5e2fbb4d44ba6ca597e1a5e73b36441c6bb800fbf5a01f33d91fd98c14

    • SSDEEP

      24576:/ZrPZ3ONad/a9n3cOWPjywoGpe6LrA1kZb5wCWv1SC5+6Cmmtx/Q+b/:BrB3OcdS9n3cXywoRRqmCOSCk6At/j

    Score
    1/10
    behavioral2

MITRE ATT&CK Matrix

Tasks