Overview

overview

8

Static

static

6

659f8f7a04...18.apk

android-9-x86

8

__pasys_re...er.apk

android-9-x86

__pasys_re...er.apk

android-10-x64

__pasys_re...er.apk

android-11-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    659f8f7a0498c09013193487234f46c5_JaffaCakes118

  • Size

    23.4MB

  • Sample

    240522-cgakqsha4x

  • MD5

    659f8f7a0498c09013193487234f46c5

  • SHA1

    4afaf516950db402926edd25e67a8036ab93b5e7

  • SHA256

    20b72af93d1d5212072daf7cbcb2c40426de4f91206a2a828713dcaf2ca37bdd

  • SHA512

    11a14d942d3a7ce3a78d50efa207255e7bde50f7713ee4eebf27b2e80f6be80f33ae5f520b84fb0ae206a72f38bac0abcec8f22de7be4674bc4143d631bcaa3b

  • SSDEEP

    393216:vitdOIqNXNYfKqxQYFysQRrOjXqGD+eaSizw90VV/krGFKYfi4i8BQPSQUF9wCY:UXjL/IRiaGD6VzwmV5yGFKYK4ipkZY

Score
8/10
androidbankercollectiondiscoveryevasionimpactpersistence

Malware Config

Targets

    • Target

      659f8f7a0498c09013193487234f46c5_JaffaCakes118

    • Size

      23.4MB

    • MD5

      659f8f7a0498c09013193487234f46c5

    • SHA1

      4afaf516950db402926edd25e67a8036ab93b5e7

    • SHA256

      20b72af93d1d5212072daf7cbcb2c40426de4f91206a2a828713dcaf2ca37bdd

    • SHA512

      11a14d942d3a7ce3a78d50efa207255e7bde50f7713ee4eebf27b2e80f6be80f33ae5f520b84fb0ae206a72f38bac0abcec8f22de7be4674bc4143d631bcaa3b

    • SSDEEP

      393216:vitdOIqNXNYfKqxQYFysQRrOjXqGD+eaSizw90VV/krGFKYfi4i8BQPSQUF9wCY:UXjL/IRiaGD6VzwmV5yGFKYK4ipkZY

    Score
    8/10
    bankercollectiondiscoveryevasionimpactpersistence

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Requests cell location

      Uses Android APIs to to get current cell location.

      collectiondiscoveryevasion

    • Checks CPU information

      Checks CPU information which indicate if the system is an emulator.

      evasiondiscovery

    • Checks memory information

      Checks memory information which indicate if the system is an emulator.

      evasiondiscovery

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

      discovery

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

      discovery

    • Queries information about the current nearby Wi-Fi networks

      Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

      discovery

    • Queries the mobile country code (MCC)

      discovery

    • Registers a broadcast receiver at runtime (usually for listening for system events)

      persistence

    • Checks if the internet connection is available

      discovery

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1

    • Target

      __pasys_remote_banner.jar

    • Size

      114KB

    • MD5

      2ad9fb4b2d9b333883b7e38f61c2fd2f

    • SHA1

      5b85041452d173ed0d81d25b9ca78608a998e328

    • SHA256

      b9310a99f1b60959f6b725eea74623dc491adec55da740c17e8c7e02f35818f5

    • SHA512

      6fc04e1e22ebf8920b4928a8086cf3e0814d155f79f80d71622916f6a0911262382710e5ee2acea653db4b387730e201134592cb9992b14f3aef8b09d83bda90

    • SSDEEP

      3072:9cU7bD2h2Z5ecVpoj8eVJBl52Dx9yW0jv2gspIn:m8n28Z5eAs8S73InyWmug9

    Score
    1/10
    behavioral2behavioral3behavioral4

MITRE ATT&CK Mobile v15

Tasks