Overview

overview

8

Static

static

6

6c70dc97b8...18.apk

android-9-x86

8

6c70dc97b8...18.apk

android-11-x64

8

360sdk_1_2148.apk

android-9-x86

7

360sdk_3_1000.apk

android-9-x86

7

360sdk_3_1000.apk

android-10-x64

7

360sdk_3_1000.apk

android-11-x64

6

res.apk

android-9-x86

1

res.apk

android-10-x64

1

res.apk

android-11-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6c70dc97b82f920e61d554b95ce43143_JaffaCakes118

  • Size

    13.0MB

  • Sample

    240523-18vlzsba9v

  • MD5

    6c70dc97b82f920e61d554b95ce43143

  • SHA1

    c6de124b628d663565ea6523e24f65a46dc17c71

  • SHA256

    493440904df0809a87cb64465706f1c129c28941cd2fa6e5edbb0da86f62dd62

  • SHA512

    06db9e3f4bee090db21e15b60af1ec4a18dba83116622691a45cf7c11aad67922e7ee6122645445acb9519060eee7aa240d34e31a44a70f28382cf1d6ccd698d

  • SSDEEP

    393216:f/1WdMwkQxh4sISXsTpY/4TF/gUEnwV2Bf8tc608Xbbc:RsIS8TpY/4TKUEno+oG

Score
8/10
androidbankercollectioncredential_accessdiscoveryevasionexecutionimpactpersistence

Malware Config

Targets

    • Target

      6c70dc97b82f920e61d554b95ce43143_JaffaCakes118

    • Size

      13.0MB

    • MD5

      6c70dc97b82f920e61d554b95ce43143

    • SHA1

      c6de124b628d663565ea6523e24f65a46dc17c71

    • SHA256

      493440904df0809a87cb64465706f1c129c28941cd2fa6e5edbb0da86f62dd62

    • SHA512

      06db9e3f4bee090db21e15b60af1ec4a18dba83116622691a45cf7c11aad67922e7ee6122645445acb9519060eee7aa240d34e31a44a70f28382cf1d6ccd698d

    • SSDEEP

      393216:f/1WdMwkQxh4sISXsTpY/4TF/gUEnwV2Bf8tc608Xbbc:RsIS8TpY/4TKUEno+oG

    Score
    8/10
    bankercollectiondiscoveryevasionexecutionimpactpersistencecredential_access

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Checks Android system properties for emulator presence.

      evasion

    • Checks CPU information

      Checks CPU information which indicate if the system is an emulator.

      evasiondiscovery

    • Checks memory information

      Checks memory information which indicate if the system is an emulator.

      evasiondiscovery

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Obtains sensitive information copied to the device clipboard

      Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

      collectioncredential_accessimpact

    • Queries account information for other applications stored on the device

      Application may abuse the framework's APIs to collect account information stored on the device.

      collection

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

      discovery

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

      discovery

    • Queries the mobile country code (MCC)

      discovery

    • Registers a broadcast receiver at runtime (usually for listening for system events)

      persistence

    • Checks if the internet connection is available

      discovery

    • Reads information about phone network operator.

      discovery

    • Schedules tasks to execute at a specified time

      Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

      executionpersistence
    behavioral1behavioral2

    • Target

      360sdk_1_2148.zip

    • Size

      5.6MB

    • MD5

      64745c8c063484f37729a866207da1bb

    • SHA1

      ffd49b640d8203f483772b75b8aa9ea373f70c9f

    • SHA256

      180df0a2b5628dff39227ea51ecb8e322373fb00619bead734411d51390619ff

    • SHA512

      fd752dd36feafc2470d3b6d7ec9a146d8eb2ce2ef482261e94b071d74c3e12437eb070333d58368a318c7e57ff9831b674f7ea8e81b067699936945515a7dfe9

    • SSDEEP

      98304:d9/Da+HVvvnq2Xp2fB90uFzB9yf1xQvkiC43hgzseJPeBlx+Ix4wT61tmTbjZ71N:r/m+HVvvnl2fFp2wkggzPerx3x4sJMhw

    Score
    7/10
    discoverypersistence

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

      discovery

    • Registers a broadcast receiver at runtime (usually for listening for system events)

      persistence

    • Checks if the internet connection is available

      discovery
    behavioral3

    • Target

      360sdk_3_1000.zip

    • Size

      1.7MB

    • MD5

      1e9aa09b41624c4ab3dfa530fd1078e9

    • SHA1

      32896aa59fd6f1509f4f46ec4eebb496658f91aa

    • SHA256

      fdd2ac00ca6342d0ad1a684ab5ff6e683b2b56891ae08e6a16578892977e50b7

    • SHA512

      9ec9ffacd3db5ab686eed1f68ea8f466030301cebb510ec3a9f3ffb6dc94277d4afba85a92bf7c3679c3fd6ecedad486fdc07adb152a77ec4ddce9dd943d40f5

    • SSDEEP

      49152:ktqW6lW3LwyQmpkUTtjB0osrxHwD7lKHN:6qW6CLwQp/TT8rx6KHN

    Score
    7/10
    discoveryimpactpersistence

    • Registers a broadcast receiver at runtime (usually for listening for system events)

      persistence

    • Checks if the internet connection is available

      discovery

    • Queries the unique device ID (IMEI, MEID, IMSI)

      discovery
    behavioral4behavioral5behavioral6

    • Target

      res.bin

    • Size

      621KB

    • MD5

      061d5a03b5b879ba33de4bb8406fa235

    • SHA1

      1ac54849ecb7d07d6f7289f5eec30d5db957fd94

    • SHA256

      5983a7085f7265b840253ee454e29cbcb4c1957834c98294da600f784c8753a8

    • SHA512

      4837d0b2e5aa018d2618f4e5baedb0627e52d439ce478c2785c050e383417d517c2a4da48ded4065924bfc8e799d2297d8bbf5aef23f285444547020d381a3d7

    • SSDEEP

      12288:SJTl7GH3E47x4GnMv7UZN/EYdUqjhQrO3ao5zvoxVgYkgc/gXCVUP/EN:SxN+U0x4GY7Uf/ZUqjhQrONFvoxuYjin

    Score
    1/10
    behavioral7behavioral8behavioral9

MITRE ATT&CK Matrix

Tasks