Overview

overview

8

Static

static

6

6853ecf679...18.apk

android-9-x86

8

6853ecf679...18.apk

android-13-x64

light.apk

android-9-x86

1

light.apk

android-10-x64

1

light.apk

android-11-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6853ecf679c2c3a10cc5de02ef21fcaa_JaffaCakes118

  • Size

    17.4MB

  • Sample

    240522-xy6pqadd62

  • MD5

    6853ecf679c2c3a10cc5de02ef21fcaa

  • SHA1

    72de55509cdb21b9e6c05101b0ebea321e9769c6

  • SHA256

    621fe98abc072719bdc24adb676bd03655da8488a54e1fc1ec36934a73f4a20d

  • SHA512

    42b6c7c516089797744def35d3260437c4d55b2dd66a8da74aee3189883a64ed35ed8aebe8999b46509268cc2d55b271404166fbcade3cc67493cf45f696c39a

  • SSDEEP

    393216:y0wQ6ThrVKR4/imPbT+vZ+XtxxcB9sxwn2sU8o+Wm/dgivNRuWR:EQ6Tm46MqAX9cB9USlovGN7

Score
8/10
androidcollectiondiscoveryevasionexecutionimpactpersistence

Malware Config

Targets

    • Target

      6853ecf679c2c3a10cc5de02ef21fcaa_JaffaCakes118

    • Size

      17.4MB

    • MD5

      6853ecf679c2c3a10cc5de02ef21fcaa

    • SHA1

      72de55509cdb21b9e6c05101b0ebea321e9769c6

    • SHA256

      621fe98abc072719bdc24adb676bd03655da8488a54e1fc1ec36934a73f4a20d

    • SHA512

      42b6c7c516089797744def35d3260437c4d55b2dd66a8da74aee3189883a64ed35ed8aebe8999b46509268cc2d55b271404166fbcade3cc67493cf45f696c39a

    • SSDEEP

      393216:y0wQ6ThrVKR4/imPbT+vZ+XtxxcB9sxwn2sU8o+Wm/dgivNRuWR:EQ6Tm46MqAX9cB9USlovGN7

    Score
    8/10
    collectiondiscoveryevasionexecutionimpactpersistence

    • Checks if the Android device is rooted.

      evasion

    • Requests cell location

      Uses Android APIs to to get current cell location.

      collectiondiscoveryevasion

    • Checks CPU information

      Checks CPU information which indicate if the system is an emulator.

      evasiondiscovery

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

      discovery

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

      discovery

    • Queries information about the current nearby Wi-Fi networks

      Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

      discovery

    • Registers a broadcast receiver at runtime (usually for listening for system events)

      persistence

    • Checks if the internet connection is available

      discovery

    • Queries the unique device ID (IMEI, MEID, IMSI)

      discovery

    • Reads information about phone network operator.

      discovery

    • Schedules tasks to execute at a specified time

      Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

      executionpersistence

    • Listens for changes in the sensor environment (might be used to detect emulation)

      evasion
    behavioral1behavioral2

    • Target

      light.skin

    • Size

      1.3MB

    • MD5

      2d291ba179b438f4187d947362737fc8

    • SHA1

      36c5cdb74d7642d676405152b353906df53a41a4

    • SHA256

      b600b16c219b2c71b9faa4e0cc5c17e2c91cb212650ae92fdb5b372d6b8f6e97

    • SHA512

      bd8d7ac1feab51cf76d01443b38fc8aea22c5afe441db2a6ed0a64f6ead0cb1eedda16bf54599f995e77dfdcbea69e0579b5d3fbedf7dd642be2a7dff2c2bbb2

    • SSDEEP

      24576:aVak0nf4iXnTUSMb8TbD+3Jwv6OmcvFu/gPMckdBCgvFf:aVR0wi3hMRwv6avFu/goLCGf

    Score
    1/10
    behavioral3behavioral4behavioral5

MITRE ATT&CK Matrix

Tasks