Overview

overview

8

Static

static

6

65c930760f...18.apk

android-9-x86

8

gdtadv2.apk

android-9-x86

Sharing

Copy URL
Twitter E-mail

General

  • Target

    65c930760ff1725296a5540b876f2d4e_JaffaCakes118

  • Size

    8.6MB

  • Sample

    240522-dh81csad31

  • MD5

    65c930760ff1725296a5540b876f2d4e

  • SHA1

    59fbd48e1e544236867fe0e56dc252d01c52a54a

  • SHA256

    7d3c97afbac25ca5e481e4b910f9692761386b988215a2a62cda5f405703eacd

  • SHA512

    ffd7a169258f78a6890b4398a88a6419d7d10fea3a862d82fd4ddc7cf94f00608550bea611e11b476f117081ab95a8a0d30a04444b8e790c25b3d302fe86e977

  • SSDEEP

    196608:xpB+OgJ1xn0QGy81oUrs5ngaZkswwSj+QPw2+:F+RHn0XVoUA5HZwVj+QPw2+

Score
8/10
androidbankercollectiondiscoveryevasionimpactpersistence

Malware Config

Targets

    • Target

      65c930760ff1725296a5540b876f2d4e_JaffaCakes118

    • Size

      8.6MB

    • MD5

      65c930760ff1725296a5540b876f2d4e

    • SHA1

      59fbd48e1e544236867fe0e56dc252d01c52a54a

    • SHA256

      7d3c97afbac25ca5e481e4b910f9692761386b988215a2a62cda5f405703eacd

    • SHA512

      ffd7a169258f78a6890b4398a88a6419d7d10fea3a862d82fd4ddc7cf94f00608550bea611e11b476f117081ab95a8a0d30a04444b8e790c25b3d302fe86e977

    • SSDEEP

      196608:xpB+OgJ1xn0QGy81oUrs5ngaZkswwSj+QPw2+:F+RHn0XVoUA5HZwVj+QPw2+

    Score
    8/10
    bankercollectiondiscoveryevasionimpactpersistence

    • Checks if the Android device is rooted.

      evasion

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Requests cell location

      Uses Android APIs to to get current cell location.

      collectiondiscoveryevasion

    • Checks CPU information

      Checks CPU information which indicate if the system is an emulator.

      evasiondiscovery

    • Checks memory information

      Checks memory information which indicate if the system is an emulator.

      evasiondiscovery

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

      evasionpersistence

    • Queries account information for other applications stored on the device

      Application may abuse the framework's APIs to collect account information stored on the device.

      collection

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

      discovery

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

      discovery

    • Queries information about the current nearby Wi-Fi networks

      Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

      discovery

    • Queries the mobile country code (MCC)

      discovery

    • Registers a broadcast receiver at runtime (usually for listening for system events)

      persistence

    • Checks if the internet connection is available

      discovery

    • Reads information about phone network operator.

      discovery

    • Listens for changes in the sensor environment (might be used to detect emulation)

      evasion
    behavioral1

    • Target

      gdtadv2.jar

    • Size

      420KB

    • MD5

      f0ee7f7dd1ef4e5cd436ed6e1c609e5a

    • SHA1

      7d112abb7896294b075721b0200f0812ed65a418

    • SHA256

      0906bca7332f10d1bdc98b04eb5ad9de2af5da0590b5615aa5f66852b78d9369

    • SHA512

      5912538f74fcbe24bba5e3eef2804fd160ccd002bf144e30dd910c9d52d6a3e2dc172a3baa1f6d64ed93346a9b1d4760ae17ec6d1c7c8a4de8cb9264b82bf2be

    • SSDEEP

      6144:mQCx8Rp2KiQB/B4Qfdw3Vr/+rwWTLAUq3PwB32k59CruFIBSSAOC8hkIwx:ok/z/BJfdUW8W8ho4k59tSaOCckIS

    Score
    1/10
    behavioral2

MITRE ATT&CK Mobile v15

Tasks