dbecc501197d46abee8f6180587ba3b6be30842eafd53a5b51418c173caae835

Sharing

Copy URL

Twitter E-mail

General

Target

66179fc1558839280d19eeaa6c876dd3_JaffaCakes118
Size

11.8MB
Sample

240522-fqahwach6z
MD5

66179fc1558839280d19eeaa6c876dd3
SHA1

0a01568c78b9862a6ab0ed3078fce82481201e62
SHA256

dbecc501197d46abee8f6180587ba3b6be30842eafd53a5b51418c173caae835
SHA512

51b54d088510667c9a051a754bc5255df5ad8ac02d24cc16d302b36156dcc3e3e2edcc0236c5ed4799e23aad0ee7b8f04dec6a06b8e528bebc2f6f513e30af2b
SSDEEP

196608:wbajmlPB7GYs3l/HA9ZVZ+9uQIDEhcBYUsF3hUnKiDo7yfMve8ImuTnyEVKM:Y7lPZGYsVIZwu1DrBNWgo7NWXmuWEVKM

Score

8^/10

Malware Config

Targets

- Target
  
  66179fc1558839280d19eeaa6c876dd3_JaffaCakes118
- Size
  
  11.8MB
- MD5
  
  66179fc1558839280d19eeaa6c876dd3
- SHA1
  
  0a01568c78b9862a6ab0ed3078fce82481201e62
- SHA256
  
  dbecc501197d46abee8f6180587ba3b6be30842eafd53a5b51418c173caae835
- SHA512
  
  51b54d088510667c9a051a754bc5255df5ad8ac02d24cc16d302b36156dcc3e3e2edcc0236c5ed4799e23aad0ee7b8f04dec6a06b8e528bebc2f6f513e30af2b
- SSDEEP
  
  196608:wbajmlPB7GYs3l/HA9ZVZ+9uQIDEhcBYUsF3hUnKiDo7yfMve8ImuTnyEVKM:Y7lPZGYsVIZwu1DrBNWgo7NWXmuWEVKM
Score

8^/10

banker collection discovery evasion impact persistence
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Requests cell location
  Uses Android APIs to to get current cell information.
  collection discovery
- Checks Android system properties for emulator presence.
  evasion
- Checks CPU information
  Checks CPU information which indicate if the system is an emulator.
  evasion discovery
- Checks known Qemu pipes.
  Checks for known pipes used by the Android emulator to communicate with the host.
  evasion
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Queries information about running processes on the device
  Application may abuse the framework's APIs to collect information about running processes on the device.
  discovery
- Queries information about the current Wi-Fi connection
  Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
  discovery
- Queries information about the current nearby Wi-Fi networks
  Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
  discovery
- Queries the phone number (MSISDN for GSM devices)
  discovery
- Registers a broadcast receiver at runtime (usually for listening for system events)
  persistence
- Checks if the internet connection is available
  discovery
- Reads information about phone network operator.
  discovery
- Listens for changes in the sensor environment (might be used to detect emulation)
  evasion
behavioral1 behavioral2
- Target
  
  __xadsdk__remote__final__.jar
- Size
  
  82KB
- MD5
  
  7ad1e33b5a94fa35a39149771cf90b65
- SHA1
  
  cf288468dc44f03408272268d1e1c280f5459933
- SHA256
  
  23c6443642886f70dcfcde79063e03be250846b813dbb5501754c816e0cd4c13
- SHA512
  
  578a7c062109fa31545641067afd0f34ca0012388954545f90927bfdde2701620c73b22173ee9fe84ca996d5ffb3473cc01895578fa0e8fb5df6fe6edd1556f6
- SSDEEP
  
  1536:9rDTyVezwLr3qTocRD26jtBuWVVwWh8Kle6qbfIKxBVqZBiRqJmPWyGw9:RDuF3qH4wtBuWVVwghKnGihPlb9
Score

1^/10
behavioral3 behavioral4 behavioral5
- Target
  
  gdtadv2.jar
- Size
  
  94KB
- MD5
  
  89e4f38e6b9d5ec232393182419bf9be
- SHA1
  
  ce5a5004c5425654a952edd0960576917b6d856e
- SHA256
  
  8d8a5a37b5cafa9fbcdbc8ea4809c6587de082b22af34b28fa7875dc557a0921
- SHA512
  
  15d2f743a5be853007e26d4f145cfca411c01a5d275a07eaeb177b15c2207c31814539d8a7a5610e8e52fbf344ee7d08d62102e29ef98d62e9796ff98fa69662
- SSDEEP
  
  1536:An0duV/pT8w7Rvhh7x32lRCG5VuR/Zq/ue+YSi3aF8ZJemLvQGHD6z:M0Af8wNvhHmlzgNwwL8ZRLRy
Score

1^/10
behavioral6 behavioral7 behavioral8