331328c804ed688a302f6ad4872652a227b6d5a7b1d633f0af598f8b0aa95000

General

Target

67b3da4333c15d86a96f4b096e71e8c8_JaffaCakes118
Size

19.5MB
Sample

240522-sp4rjsff4v
MD5

67b3da4333c15d86a96f4b096e71e8c8
SHA1

fc42cd155be570fd5de12f3acfd52f39a24ac237
SHA256

331328c804ed688a302f6ad4872652a227b6d5a7b1d633f0af598f8b0aa95000
SHA512

0c7e57f6cc5d8339bcf2d79a9cd433e7407e552be9e3db5127955d80513987970da274928a7bfec5c40ce07e2cb40af04ab9c528a7eefe5cac2ef20814d72dff
SSDEEP

393216:rRjNOEKVx6ENtAZoaZXPqw0ipeII4ZvZHPWf5igLvbAkazPg7:V5OHuSw0eeII49pWf57LvbAbg7

Score

8^/10

Malware Config

Targets

- Target
  
  67b3da4333c15d86a96f4b096e71e8c8_JaffaCakes118
- Size
  
  19.5MB
- MD5
  
  67b3da4333c15d86a96f4b096e71e8c8
- SHA1
  
  fc42cd155be570fd5de12f3acfd52f39a24ac237
- SHA256
  
  331328c804ed688a302f6ad4872652a227b6d5a7b1d633f0af598f8b0aa95000
- SHA512
  
  0c7e57f6cc5d8339bcf2d79a9cd433e7407e552be9e3db5127955d80513987970da274928a7bfec5c40ce07e2cb40af04ab9c528a7eefe5cac2ef20814d72dff
- SSDEEP
  
  393216:rRjNOEKVx6ENtAZoaZXPqw0ipeII4ZvZHPWf5igLvbAkazPg7:V5OHuSw0eeII49pWf57LvbAbg7
Score

8^/10

banker collection discovery evasion impact persistence
- Checks if the Android device is rooted.
  evasion
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Requests cell location
  Uses Android APIs to to get current cell information.
  collection discovery
- Checks Android system properties for emulator presence.
  evasion
- Checks CPU information
  Checks CPU information which indicate if the system is an emulator.
  evasion discovery
- Checks Qemu related system properties.
  Checks for Android system properties related to Qemu for Emulator detection.
  evasion
- Checks memory information
  Checks memory information which indicate if the system is an emulator.
  evasion discovery
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Queries information about running processes on the device
  Application may abuse the framework's APIs to collect information about running processes on the device.
  discovery
- Queries information about the current Wi-Fi connection
  Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
  discovery
- Queries the mobile country code (MCC)
  discovery
- Registers a broadcast receiver at runtime (usually for listening for system events)
  persistence
- Checks if the internet connection is available
  discovery
- Reads information about phone network operator.
  discovery
- Listens for changes in the sensor environment (might be used to detect emulation)
  evasion
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Targets

Checks if the Android device is rooted.

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Requests cell location

Checks Android system properties for emulator presence.

Checks CPU information

Checks Qemu related system properties.

Checks memory information

Loads dropped Dex/Jar

Queries information about running processes on the device

Queries information about the current Wi-Fi connection

Queries the mobile country code (MCC)

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks if the internet connection is available

Reads information about phone network operator.

Listens for changes in the sensor environment (might be used to detect emulation)

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2