20b72af93d1d5212072daf7cbcb2c40426de4f91206a2a828713dcaf2ca37bdd

General

Target

659f8f7a0498c09013193487234f46c5_JaffaCakes118
Size

23.4MB
Sample

240522-cgakqsha4x
MD5

659f8f7a0498c09013193487234f46c5
SHA1

4afaf516950db402926edd25e67a8036ab93b5e7
SHA256

20b72af93d1d5212072daf7cbcb2c40426de4f91206a2a828713dcaf2ca37bdd
SHA512

11a14d942d3a7ce3a78d50efa207255e7bde50f7713ee4eebf27b2e80f6be80f33ae5f520b84fb0ae206a72f38bac0abcec8f22de7be4674bc4143d631bcaa3b
SSDEEP

393216:vitdOIqNXNYfKqxQYFysQRrOjXqGD+eaSizw90VV/krGFKYfi4i8BQPSQUF9wCY:UXjL/IRiaGD6VzwmV5yGFKYK4ipkZY

Score

8^/10

Malware Config

Targets

- Target
  
  659f8f7a0498c09013193487234f46c5_JaffaCakes118
- Size
  
  23.4MB
- MD5
  
  659f8f7a0498c09013193487234f46c5
- SHA1
  
  4afaf516950db402926edd25e67a8036ab93b5e7
- SHA256
  
  20b72af93d1d5212072daf7cbcb2c40426de4f91206a2a828713dcaf2ca37bdd
- SHA512
  
  11a14d942d3a7ce3a78d50efa207255e7bde50f7713ee4eebf27b2e80f6be80f33ae5f520b84fb0ae206a72f38bac0abcec8f22de7be4674bc4143d631bcaa3b
- SSDEEP
  
  393216:vitdOIqNXNYfKqxQYFysQRrOjXqGD+eaSizw90VV/krGFKYfi4i8BQPSQUF9wCY:UXjL/IRiaGD6VzwmV5yGFKYK4ipkZY
Score

8^/10

banker collection discovery evasion impact persistence
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Requests cell location
  Uses Android APIs to to get current cell location.
  collection discovery evasion
- Checks CPU information
  Checks CPU information which indicate if the system is an emulator.
  evasion discovery
- Checks memory information
  Checks memory information which indicate if the system is an emulator.
  evasion discovery
- Queries information about running processes on the device
  Application may abuse the framework's APIs to collect information about running processes on the device.
  discovery
- Queries information about the current Wi-Fi connection
  Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
  discovery
- Queries information about the current nearby Wi-Fi networks
  Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
  discovery
- Queries the mobile country code (MCC)
  discovery
- Registers a broadcast receiver at runtime (usually for listening for system events)
  persistence
- Checks if the internet connection is available
  discovery
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1
- Target
  
  __pasys_remote_banner.jar
- Size
  
  114KB
- MD5
  
  2ad9fb4b2d9b333883b7e38f61c2fd2f
- SHA1
  
  5b85041452d173ed0d81d25b9ca78608a998e328
- SHA256
  
  b9310a99f1b60959f6b725eea74623dc491adec55da740c17e8c7e02f35818f5
- SHA512
  
  6fc04e1e22ebf8920b4928a8086cf3e0814d155f79f80d71622916f6a0911262382710e5ee2acea653db4b387730e201134592cb9992b14f3aef8b09d83bda90
- SSDEEP
  
  3072:9cU7bD2h2Z5ecVpoj8eVJBl52Dx9yW0jv2gspIn:m8n28Z5eAs8S73InyWmug9
Score

1^/10
behavioral2 behavioral3 behavioral4

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Targets

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Requests cell location

Checks CPU information

Checks memory information

Queries information about running processes on the device

Queries information about the current Wi-Fi connection

Queries information about the current nearby Wi-Fi networks

Queries the mobile country code (MCC)

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks if the internet connection is available

Looks up external IP address via web service

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4