Overview

overview

8

Static

static

6

657e3f1ad8...18.apk

android-9-x86

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    657e3f1ad833f5210a700163ce905094_JaffaCakes118

  • Size

    15.1MB

  • Sample

    240522-bpad9sfg53

  • MD5

    657e3f1ad833f5210a700163ce905094

  • SHA1

    b649beede477813598c3be50c6640ca4adab7fd9

  • SHA256

    88d81aa2ba62672aa63bc141e8d81a32c2d76b851b103e1d8695266c5b75891e

  • SHA512

    db64c407396d18f2bfaabfd2d80654ca2c1adc77ce7cb9703d942b413b56960924ced82dd3a51c98e5f00560044eb90ac312d81a8a374566bb1de948a01a0614

  • SSDEEP

    393216:qwisZezFJ6G7rUpsNO+NmRKVOXAjSG8VmUl3X2JGf3jszAPbTXv:3ZePTHvaEVOQjSGG3Xwm3QzATTXv

Score
8/10
androidbankercollectiondiscoveryevasionimpactpersistence

Malware Config

Targets

    • Target

      657e3f1ad833f5210a700163ce905094_JaffaCakes118

    • Size

      15.1MB

    • MD5

      657e3f1ad833f5210a700163ce905094

    • SHA1

      b649beede477813598c3be50c6640ca4adab7fd9

    • SHA256

      88d81aa2ba62672aa63bc141e8d81a32c2d76b851b103e1d8695266c5b75891e

    • SHA512

      db64c407396d18f2bfaabfd2d80654ca2c1adc77ce7cb9703d942b413b56960924ced82dd3a51c98e5f00560044eb90ac312d81a8a374566bb1de948a01a0614

    • SSDEEP

      393216:qwisZezFJ6G7rUpsNO+NmRKVOXAjSG8VmUl3X2JGf3jszAPbTXv:3ZePTHvaEVOQjSGG3Xwm3QzATTXv

    Score
    8/10
    bankercollectiondiscoveryevasionimpactpersistence

    • Checks if the Android device is rooted.

      evasion

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Requests cell location

      Uses Android APIs to to get current cell location.

      collectiondiscoveryevasion

    • Checks CPU information

      Checks CPU information which indicate if the system is an emulator.

      evasiondiscovery

    • Checks memory information

      Checks memory information which indicate if the system is an emulator.

      evasiondiscovery

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

      discovery

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

      discovery

    • Queries information about the current nearby Wi-Fi networks

      Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

      discovery

    • Reads the content of the calendar entry data.

      collection

    • Registers a broadcast receiver at runtime (usually for listening for system events)

      persistence

    • Acquires the wake lock

    • Checks if the internet connection is available

      discovery

    • Reads information about phone network operator.

      discovery

    • Checks the presence of a debugger

      evasion
    behavioral1

MITRE ATT&CK Mobile v15

Tasks