e4db9da1ce50018da322df7ed6b2bba251f45ef8e7faa9f96280e7cf1f4bfd8a | Triage

Sharing

General

Target

66271a818c9d645a3325ff740bb68649_JaffaCakes118
Size

27.3MB
Sample

240522-f5fy7sdc92
MD5

66271a818c9d645a3325ff740bb68649
SHA1

b59497038983e83b7b391c36f175567a36902a11
SHA256

e4db9da1ce50018da322df7ed6b2bba251f45ef8e7faa9f96280e7cf1f4bfd8a
SHA512

7422e9f1e6befd7c76ad3bd977df33c885be2b64987c19b97a07ff4eb1a191804c6464d32d73a7a2f6dddc586d8cea92163c9645d2086966c1bf8357174e52b1
SSDEEP

786432:3pDUoVtIVlb19DQLqDgyQWcTom9C/ipn6DMjOFYWYP:5rSLfOem8/KJjZZP

Score

7^/10

android discovery evasion impact persistence

Malware Config

Targets

- Target
  
  66271a818c9d645a3325ff740bb68649_JaffaCakes118
- Size
  
  27.3MB
- MD5
  
  66271a818c9d645a3325ff740bb68649
- SHA1
  
  b59497038983e83b7b391c36f175567a36902a11
- SHA256
  
  e4db9da1ce50018da322df7ed6b2bba251f45ef8e7faa9f96280e7cf1f4bfd8a
- SHA512
  
  7422e9f1e6befd7c76ad3bd977df33c885be2b64987c19b97a07ff4eb1a191804c6464d32d73a7a2f6dddc586d8cea92163c9645d2086966c1bf8357174e52b1
- SSDEEP
  
  786432:3pDUoVtIVlb19DQLqDgyQWcTom9C/ipn6DMjOFYWYP:5rSLfOem8/KJjZZP
Score

7^/10

discovery evasion
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Queries information about the current Wi-Fi connection
  Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
  discovery
- Queries the phone number (MSISDN for GSM devices)
  discovery
- Queries the unique device ID (IMEI, MEID, IMSI)
  discovery
behavioral1 behavioral2
- Target
  
  stasdk_core
- Size
  
  1.0MB
- MD5
  
  b1a590ed02c586df1e69c62749410853
- SHA1
  
  82528aeb58a3fd4fb242b3c4a9af855f42525e4f
- SHA256
  
  a174df995ead589eeb861d2396cc6ffa53c72ce66cc195beb28a5c9c13386591
- SHA512
  
  d4b11468f523b9cc688714ddb1be84a06e955b39cc0c3ff3071b8ed98428b6f0ddf909c1ea4bbf15015e6f06086d67b8a9be6dd68f4fe0b11c56c4f5a66f4532
- SSDEEP
  
  24576:VzNdQk4lV207V3DiIEJ5gA136syCblVuxMffl9U:ZjVGM07JDxEJ5v1qsyCbUUli
Score

7^/10

discovery evasion impact persistence
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Queries information about running processes on the device
  Application may abuse the framework's APIs to collect information about running processes on the device.
  discovery
- Queries information about the current Wi-Fi connection
  Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
  discovery
- Queries information about the current nearby Wi-Fi networks
  Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
  discovery
- Registers a broadcast receiver at runtime (usually for listening for system events)
  persistence
- Checks if the internet connection is available
  discovery
- Reads information about phone network operator.
  discovery
behavioral3 behavioral4 behavioral5
- Target
  
  bdxadsdk.jar
- Size
  
  85KB
- MD5
  
  3c850ffec5bdd850f123077ca210a411
- SHA1
  
  1c1ae4678b8a3b65640f047cb1bd72bc70d66f97
- SHA256
  
  516023ce55fff40074d3c3d9016c023b1fc7dfba2b59c172f89141f1484d418e
- SHA512
  
  aa3611687b6140ee9214392a84bc1ef55a6425a84a4e413dfcb2e936a931b9015e1e4ec53ad73539d26622427f9e6da0eae5c58ffc18285de42fc15639d786dd
- SSDEEP
  
  1536:E4A1vm52J1h/mgxeek9/Ckkf1THL8BNbM/DXO8Q/3yJ463v6hHA0UGcVrSj:e9mkJ1tmg/I/tkdP8sa80O42uXcVrE
Score

1^/10
behavioral6 behavioral7 behavioral8
- Target
  
  gdtadv2.jar
- Size
  
  142KB
- MD5
  
  f0b930680aa93a62bb77d1916e64a3d7
- SHA1
  
  fc30b5641b8d32e4efeaf409d07a4d520a95a6da
- SHA256
  
  8f109682334d43d811c7d56620c5eb30c9bc1a89f3f36b91232aeb142a6f6ba7
- SHA512
  
  2a503f3aefd5ed8634dbc85cd952d10625e4bc18badc0661c7cfcc3345cfb43ba1e153d9fb264703e4cf0d6c40ac601942e841b9537125072f884c283adb5b99
- SSDEEP
  
  3072:mZmii8gAi97ZHbwRILfiNJkAzzBdtCQnm:m8B99TZA/3m
Score

1^/10
behavioral10 behavioral11 behavioral9

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Privilege Escalation

Defense Evasion

Download New Code at Runtime

Credential Access

Discovery

Process Discovery

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

Tasks

static1

behavioral1

discoveryevasion

behavioral2

discoveryevasion

behavioral3

discoveryevasionimpactpersistence

behavioral4

behavioral5

discoveryevasionimpact

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11