Overview

overview

8

Static

static

6

67266ef3de...18.apk

android-9-x86

8

67266ef3de...18.apk

android-10-x64

8

gdtad.apk

android-9-x86

gdtad.apk

android-10-x64

gdtad.apk

android-11-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    67266ef3de727f1e8c072b81259042ac_JaffaCakes118

  • Size

    32.0MB

  • Sample

    240522-nxdswaea87

  • MD5

    67266ef3de727f1e8c072b81259042ac

  • SHA1

    07517cca9fdfde92e65be1b723ddd58cd95eb858

  • SHA256

    69e92fb43036e3bf93f8f8755630bc4582be3d29653b7dd8a0efd417f647ec2c

  • SHA512

    4d068d1974f1db7659784721a3493dc8664142c2d2c7cc77752e3f97be77cd0023bef7b833db256a8c2a4b6861eaa11f5d235678e2fbf7179428386b99941aeb

  • SSDEEP

    786432:/dRk8eMFKyxjiNebkjMmxVfCkUubCkIBJPqpcaCNUc15NJVk3YkyJBBIOwGwte:/M8eMMyNiemMkVJUgJyypcaSzNjhkymo

Score
8/10
androiddiscoveryevasionimpactpersistence

Malware Config

Targets

    • Target

      67266ef3de727f1e8c072b81259042ac_JaffaCakes118

    • Size

      32.0MB

    • MD5

      67266ef3de727f1e8c072b81259042ac

    • SHA1

      07517cca9fdfde92e65be1b723ddd58cd95eb858

    • SHA256

      69e92fb43036e3bf93f8f8755630bc4582be3d29653b7dd8a0efd417f647ec2c

    • SHA512

      4d068d1974f1db7659784721a3493dc8664142c2d2c7cc77752e3f97be77cd0023bef7b833db256a8c2a4b6861eaa11f5d235678e2fbf7179428386b99941aeb

    • SSDEEP

      786432:/dRk8eMFKyxjiNebkjMmxVfCkUubCkIBJPqpcaCNUc15NJVk3YkyJBBIOwGwte:/M8eMMyNiemMkVJUgJyypcaSzNjhkymo

    Score
    8/10
    discoveryevasionimpactpersistence

    • Checks if the Android device is rooted.

      evasion

    • Checks CPU information

      Checks CPU information which indicate if the system is an emulator.

      evasiondiscovery

    • Checks memory information

      Checks memory information which indicate if the system is an emulator.

      evasiondiscovery

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

      discovery

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

      discovery

    • Registers a broadcast receiver at runtime (usually for listening for system events)

      persistence

    • Acquires the wake lock

    • Checks if the internet connection is available

      discovery

    • Queries the unique device ID (IMEI, MEID, IMSI)

      discovery

    • Reads information about phone network operator.

      discovery
    behavioral1behavioral2

    • Target

      gdtad.jar

    • Size

      75KB

    • MD5

      7068fc92af9e6dc686de8924e174180b

    • SHA1

      e8c47cb6f40b058b96bc5ab1bbff6a0a1a2adf2b

    • SHA256

      8b759e7358f706522f51d8774d38f264e13bd62dd49b1825b0ca7dfcc0c9e299

    • SHA512

      05ab5cfb9df4cca02c43bbc81a8e8b10469dd27604d487591fe15d3620d8623bb19d30af9607430e0a73fd04df02ffbf551f5c1e58af24293f681c928395aaa0

    • SSDEEP

      1536:P3AK+z0NSabIMKCxTEGDpCrLHgOnAOxyZV9r4L8fHROwbY3zZJYgwxx+p9/3:P3AKZNSafTrNkLxn36VVfYwbY3zZJY9W

    Score
    1/10
    behavioral3behavioral4behavioral5

MITRE ATT&CK Mobile v15

Tasks