6195fd96c37649ad45891e927eeb550698d0aa1cd59958109bfbf29d6fb26dca

General

Target

670772656ba6f0599f8b55ab6906465a_JaffaCakes118
Size

15.1MB
Sample

240522-m3szbacd82
MD5

670772656ba6f0599f8b55ab6906465a
SHA1

fa1ddc4f94895fef328266ce428e9e7227fcc1ee
SHA256

6195fd96c37649ad45891e927eeb550698d0aa1cd59958109bfbf29d6fb26dca
SHA512

b96d27bd2f38f714811436df1a97b4a0ce3eb57aa20806507aebf8e3a6d559bad98b8df383359f1a70d4b5fa2576b786471ea8472d41d2f96f76d9fcb7d98a5c
SSDEEP

393216:3nJiN6wG3PYRIywrElnKbshM6KXZTrcmlUkR/64CaasJwImES0:XJigrQKywwln6sy6KxrL1QajwzES0

Score

8^/10

Malware Config

Targets

- Target
  
  670772656ba6f0599f8b55ab6906465a_JaffaCakes118
- Size
  
  15.1MB
- MD5
  
  670772656ba6f0599f8b55ab6906465a
- SHA1
  
  fa1ddc4f94895fef328266ce428e9e7227fcc1ee
- SHA256
  
  6195fd96c37649ad45891e927eeb550698d0aa1cd59958109bfbf29d6fb26dca
- SHA512
  
  b96d27bd2f38f714811436df1a97b4a0ce3eb57aa20806507aebf8e3a6d559bad98b8df383359f1a70d4b5fa2576b786471ea8472d41d2f96f76d9fcb7d98a5c
- SSDEEP
  
  393216:3nJiN6wG3PYRIywrElnKbshM6KXZTrcmlUkR/64CaasJwImES0:XJigrQKywwln6sy6KxrL1QajwzES0
Score

8^/10

collection discovery evasion execution impact persistence
- Checks if the Android device is rooted.
  evasion
- Requests cell location
  Uses Android APIs to to get current cell location.
  collection discovery evasion
- Checks CPU information
  Checks CPU information which indicate if the system is an emulator.
  evasion discovery
- Checks known Qemu files.
  Checks for known Qemu files that exist on Android virtual device images.
  evasion
- Checks known Qemu pipes.
  Checks for known pipes used by the Android emulator to communicate with the host.
  evasion
- Checks memory information
  Checks memory information which indicate if the system is an emulator.
  evasion discovery
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Queries information about running processes on the device
  Application may abuse the framework's APIs to collect information about running processes on the device.
  discovery
- Queries information about the current Wi-Fi connection
  Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
  discovery
- Queries information about the current nearby Wi-Fi networks
  Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
  discovery
- Registers a broadcast receiver at runtime (usually for listening for system events)
  persistence
- Checks if the internet connection is available
  discovery
- Queries the unique device ID (IMEI, MEID, IMSI)
  discovery
- Reads information about phone network operator.
  discovery
- Schedules tasks to execute at a specified time
  Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
  execution persistence
- Listens for changes in the sensor environment (might be used to detect emulation)
  evasion
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Targets

Checks if the Android device is rooted.

Requests cell location

Checks CPU information

Checks known Qemu files.

Checks known Qemu pipes.

Checks memory information

Loads dropped Dex/Jar

Queries information about running processes on the device

Queries information about the current Wi-Fi connection

Queries information about the current nearby Wi-Fi networks

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks if the internet connection is available

Queries the unique device ID (IMEI, MEID, IMSI)

Reads information about phone network operator.

Schedules tasks to execute at a specified time

Listens for changes in the sensor environment (might be used to detect emulation)

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2