Overview

overview

8

Static

static

6

65a4bf6db9...18.apk

android-9-x86

8

gdtadv2.apk

android-9-x86

Sharing

Copy URL
Twitter E-mail

General

  • Target

    65a4bf6db943995bacd8558a8594eadb_JaffaCakes118

  • Size

    18.1MB

  • Sample

    240522-clg6daha29

  • MD5

    65a4bf6db943995bacd8558a8594eadb

  • SHA1

    c1eac4a77daf31bb2316243c9a7e6603c90faab6

  • SHA256

    a6f377008152ef02360f15fc0f3c1099d4947bfb0f19d6ba0c900258bdc43789

  • SHA512

    ce7725b197809dcee61e88fe82ed7435f1e2e5c6bcf03e7b9300b04f61bc13bf474ea439f7fe99130d8974ef69cdba55666460344d686235ea026da43af29960

  • SSDEEP

    393216:fGVbZF3phBgnZYtyPi2txqz86f9S9Y9K81Akig1FqSnkBC:eVH3phBGZYXsdQg9Y0811isqSkE

Score
8/10
androidbankerdiscoveryevasionimpactpersistence

Malware Config

Targets

    • Target

      65a4bf6db943995bacd8558a8594eadb_JaffaCakes118

    • Size

      18.1MB

    • MD5

      65a4bf6db943995bacd8558a8594eadb

    • SHA1

      c1eac4a77daf31bb2316243c9a7e6603c90faab6

    • SHA256

      a6f377008152ef02360f15fc0f3c1099d4947bfb0f19d6ba0c900258bdc43789

    • SHA512

      ce7725b197809dcee61e88fe82ed7435f1e2e5c6bcf03e7b9300b04f61bc13bf474ea439f7fe99130d8974ef69cdba55666460344d686235ea026da43af29960

    • SSDEEP

      393216:fGVbZF3phBgnZYtyPi2txqz86f9S9Y9K81Akig1FqSnkBC:eVH3phBGZYXsdQg9Y0811isqSkE

    Score
    8/10
    bankerdiscoveryevasionimpactpersistence

    • Checks if the Android device is rooted.

      evasion

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Checks Android system properties for emulator presence.

      evasion

    • Checks CPU information

      Checks CPU information which indicate if the system is an emulator.

      evasiondiscovery

    • Checks Qemu related system properties.

      Checks for Android system properties related to Qemu for Emulator detection.

      evasion

    • Checks known Qemu files.

      Checks for known Qemu files that exist on Android virtual device images.

      evasion

    • Checks known Qemu pipes.

      Checks for known pipes used by the Android emulator to communicate with the host.

      evasion

    • Checks memory information

      Checks memory information which indicate if the system is an emulator.

      evasiondiscovery

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

      discovery

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

      discovery

    • Registers a broadcast receiver at runtime (usually for listening for system events)

      persistence

    • Checks if the internet connection is available

      discovery

    • Listens for changes in the sensor environment (might be used to detect emulation)

      evasion
    behavioral1

    • Target

      gdtadv2.jar

    • Size

      1.1MB

    • MD5

      62d3210f0381703b79c016a5a475c650

    • SHA1

      d57e3810e0490f3c46c7cef1430047e640e1170f

    • SHA256

      b24e08fff96ed736f5f5751f2b5f7e5751118616f0e9557974748c8674e2d197

    • SHA512

      153dc4cee44b62ebefa59e260ddfb8c197188c17dfb8d384fb588a881b321e841b245b5e2fbb4d44ba6ca597e1a5e73b36441c6bb800fbf5a01f33d91fd98c14

    • SSDEEP

      24576:/ZrPZ3ONad/a9n3cOWPjywoGpe6LrA1kZb5wCWv1SC5+6Cmmtx/Q+b/:BrB3OcdS9n3cXywoRRqmCOSCk6At/j

    Score
    1/10
    behavioral2

MITRE ATT&CK Mobile v15

Tasks