0c278aaf3bd91d69f4db29757a5766a6f712e920cb1769f89ebe47d521c18357

General

Target

6681e57f5436ef60d17d9b354dfb16a0_JaffaCakes118
Size

10.9MB
Sample

240522-jg7nssge44
MD5

6681e57f5436ef60d17d9b354dfb16a0
SHA1

f13c1840c82a19248e2c8c29644a1e95dc80e6f7
SHA256

0c278aaf3bd91d69f4db29757a5766a6f712e920cb1769f89ebe47d521c18357
SHA512

5e6e34d905d9e1424a9768f875da95becbc1eebfc84474582df3fdd81e58725e6ca0e366bc7cb7d647338a564ac0e183099dd8f02649decee117f5a42413d9b9
SSDEEP

196608:enilNfysKvvC68Y1NOENyEYd4MdFFRQZ4cHT5Un/nKFtUbXwBk0PRN3ftBWPiNeE:bwXXRFmdgFUCtO6RN3/WPeeQmP/k

Score

8^/10

Malware Config

Targets

- Target
  
  6681e57f5436ef60d17d9b354dfb16a0_JaffaCakes118
- Size
  
  10.9MB
- MD5
  
  6681e57f5436ef60d17d9b354dfb16a0
- SHA1
  
  f13c1840c82a19248e2c8c29644a1e95dc80e6f7
- SHA256
  
  0c278aaf3bd91d69f4db29757a5766a6f712e920cb1769f89ebe47d521c18357
- SHA512
  
  5e6e34d905d9e1424a9768f875da95becbc1eebfc84474582df3fdd81e58725e6ca0e366bc7cb7d647338a564ac0e183099dd8f02649decee117f5a42413d9b9
- SSDEEP
  
  196608:enilNfysKvvC68Y1NOENyEYd4MdFFRQZ4cHT5Un/nKFtUbXwBk0PRN3ftBWPiNeE:bwXXRFmdgFUCtO6RN3/WPeeQmP/k
Score

8^/10

banker discovery evasion impact persistence collection credential_access
- Checks if the Android device is rooted.
  evasion
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Checks CPU information
  Checks CPU information which indicate if the system is an emulator.
  evasion discovery
- Checks memory information
  Checks memory information which indicate if the system is an emulator.
  evasion discovery
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Obtains sensitive information copied to the device clipboard
  Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
  collection credential_access impact
- Queries information about running processes on the device
  Application may abuse the framework's APIs to collect information about running processes on the device.
  discovery
- Queries the mobile country code (MCC)
  discovery
- Registers a broadcast receiver at runtime (usually for listening for system events)
  persistence
- Acquires the wake lock
- Checks if the internet connection is available
  discovery
- Queries the unique device ID (IMEI, MEID, IMSI)
  discovery
- Reads information about phone network operator.
  discovery
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Targets

Checks if the Android device is rooted.

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Checks CPU information

Checks memory information

Loads dropped Dex/Jar

Makes use of the framework's foreground persistence service

Obtains sensitive information copied to the device clipboard

Queries information about running processes on the device

Queries the mobile country code (MCC)

Registers a broadcast receiver at runtime (usually for listening for system events)

Acquires the wake lock

Checks if the internet connection is available

Queries the unique device ID (IMEI, MEID, IMSI)

Reads information about phone network operator.

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

behavioral3