Overview

overview

8

Static

static

6

6c8c5ee755...18.apk

android-9-x86

8

monkey.apk

android-9-x86

8

monkey.apk

android-10-x64

8

monkey.apk

android-11-x64

8

gdtad.apk

android-9-x86

gdtad.apk

android-10-x64

gdtad.apk

android-11-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6c8c5ee755b8c13adde612c32c5483fd_JaffaCakes118

  • Size

    1.8MB

  • Sample

    240523-2y484scf2s

  • MD5

    6c8c5ee755b8c13adde612c32c5483fd

  • SHA1

    da914950b7882c9b0503d75eec3e8fee807d7a86

  • SHA256

    ccc1f3b420bf31873185ae52a0404e8b8c0416fcf170a0bbe7531f77e8a637c0

  • SHA512

    a632eb3385f031b5b2f90aa6514d3729d5e28bd92c0aff14d7f7ee88db1a77b3fc7bb2bba1778e8e318996e879617a192e656a0e5c0d81747011403ab234f97f

  • SSDEEP

    49152:9u0Gtim4MuvOtBhrBSk+sLB0GtX0rmdgOavqGm1Q31B:90imFuvYBb+sL5krq/7E1B

Score
8/10
androidcollectioncredential_accessdiscoveryevasionimpactpersistencestealthtrojan

Malware Config

Targets

    • Target

      6c8c5ee755b8c13adde612c32c5483fd_JaffaCakes118

    • Size

      1.8MB

    • MD5

      6c8c5ee755b8c13adde612c32c5483fd

    • SHA1

      da914950b7882c9b0503d75eec3e8fee807d7a86

    • SHA256

      ccc1f3b420bf31873185ae52a0404e8b8c0416fcf170a0bbe7531f77e8a637c0

    • SHA512

      a632eb3385f031b5b2f90aa6514d3729d5e28bd92c0aff14d7f7ee88db1a77b3fc7bb2bba1778e8e318996e879617a192e656a0e5c0d81747011403ab234f97f

    • SSDEEP

      49152:9u0Gtim4MuvOtBhrBSk+sLB0GtX0rmdgOavqGm1Q31B:90imFuvYBb+sL5krq/7E1B

    Score
    8/10
    collectioncredential_accessdiscoveryevasionimpactpersistence

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

      collectionevasioncredential_access

    • Checks CPU information

      Checks CPU information which indicate if the system is an emulator.

      evasiondiscovery

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

      evasionpersistence

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

      discovery

    • Registers a broadcast receiver at runtime (usually for listening for system events)

      persistence

    • Checks if the internet connection is available

      discovery

    • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

    • Reads information about phone network operator.

      discovery

    • Requests dangerous framework permissions

    behavioral1

    • Target

      monkey

    • Size

      139KB

    • MD5

      5f0944504b514eefc15612d33d6aef01

    • SHA1

      13d3dfd0b368c7b7bdac29b30131a2ca74f1736a

    • SHA256

      b5c5b1351a962a2e001ea75516734d1ed4c3a8c9c39dc8c498d4b68c9ceb55c2

    • SHA512

      06b28c505bff8b431faaa411b15028e9d33e2be806e20e62071fbf78257f2a358e3010347d71a3a4a53d30d99986604f54884941bb6b3975fe57dbb763db35af

    • SSDEEP

      3072:Wtfem2RTEDPv3wahHCK5fjts5pt0pTrNkLxn36FVf0wbY3znl08:JzRTQPPwahHlfRs5p+du36Rbslv

    Score
    8/10
    evasionstealthtrojan
    behavioral2behavioral3behavioral4

    • Target

      gdtad.jar

    • Size

      75KB

    • MD5

      7068fc92af9e6dc686de8924e174180b

    • SHA1

      e8c47cb6f40b058b96bc5ab1bbff6a0a1a2adf2b

    • SHA256

      8b759e7358f706522f51d8774d38f264e13bd62dd49b1825b0ca7dfcc0c9e299

    • SHA512

      05ab5cfb9df4cca02c43bbc81a8e8b10469dd27604d487591fe15d3620d8623bb19d30af9607430e0a73fd04df02ffbf551f5c1e58af24293f681c928395aaa0

    • SSDEEP

      1536:P3AK+z0NSabIMKCxTEGDpCrLHgOnAOxyZV9r4L8fHROwbY3zZJYgwxx+p9/3:P3AKZNSafTrNkLxn36VVfYwbY3zZJY9W

    Score
    1/10
    behavioral5behavioral6behavioral7

MITRE ATT&CK Matrix

Tasks