0fdfd21b3274747a73983daa96e96996e8f7bf2bd8a205b80e441bccfecdfd62

Sharing

Copy URL

Twitter E-mail

General

Target

6927ace6eefa97350f7ad3077822f2b9_JaffaCakes118
Size

5.7MB
Sample

240523-av4dvseh2y
MD5

6927ace6eefa97350f7ad3077822f2b9
SHA1

89ee54a4901e16e447d7525bf1cf6116b762dd7a
SHA256

0fdfd21b3274747a73983daa96e96996e8f7bf2bd8a205b80e441bccfecdfd62
SHA512

f579c83d910a4083fd796645ee6e272278b2c5c44107896c1f427f01cfe99ee7759fd63c3d1d195b510b5a17a59c43d9401ceb17f022a88f124bc5281f8bbaa7
SSDEEP

98304:yoHElAYE8N06nD7QzEl+El3eDi3+W8VmM3/rvkev8uhSbmLqTFSi:yoHEM6nDDwbiOW80MzOuhSbm4ki

Score

8^/10

Malware Config

Targets

- Target
  
  6927ace6eefa97350f7ad3077822f2b9_JaffaCakes118
- Size
  
  5.7MB
- MD5
  
  6927ace6eefa97350f7ad3077822f2b9
- SHA1
  
  89ee54a4901e16e447d7525bf1cf6116b762dd7a
- SHA256
  
  0fdfd21b3274747a73983daa96e96996e8f7bf2bd8a205b80e441bccfecdfd62
- SHA512
  
  f579c83d910a4083fd796645ee6e272278b2c5c44107896c1f427f01cfe99ee7759fd63c3d1d195b510b5a17a59c43d9401ceb17f022a88f124bc5281f8bbaa7
- SSDEEP
  
  98304:yoHElAYE8N06nD7QzEl+El3eDi3+W8VmM3/rvkev8uhSbmLqTFSi:yoHEM6nDDwbiOW80MzOuhSbm4ki
Score

8^/10

banker collection discovery evasion persistence
- Checks if the Android device is rooted.
  evasion
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Requests cell location
  Uses Android APIs to to get current cell location.
  collection discovery evasion
- Checks CPU information
  Checks CPU information which indicate if the system is an emulator.
  evasion discovery
- Checks memory information
  Checks memory information which indicate if the system is an emulator.
  evasion discovery
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Queries information about the current Wi-Fi connection
  Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
  discovery
- Registers a broadcast receiver at runtime (usually for listening for system events)
  persistence
- Checks if the internet connection is available
  discovery
- Reads information about phone network operator.
  discovery
behavioral1
- Target
  
  WXPPlugin.data
- Size
  
  278KB
- MD5
  
  d3d25e01f45cfd8136d1b59127006cd4
- SHA1
  
  7f742a068495d549415e2f9a2c0a58bc9b2d557b
- SHA256
  
  76dd9b46d5b5381591d207f0f9ed3d60f35f360ff5843f3b47026b0473c4a85f
- SHA512
  
  0499d3ce4e50ac7242b3ffbff77ba3f02dbd6b494685bb6d64bc6f7b6b2305d91f5e4a90854b34a6ebc78009bee42587edd1332dda5536961fdecfd85eea113b
- SSDEEP
  
  6144:zygvxl4yhexCpTttMgE5Qj+C3GVNKZBi1+nYg0MgRfNp:u2lw6htME+eB9181p
Score

8^/10

discovery evasion persistence collection credential_access impact
- Checks if the Android device is rooted.
  evasion
- Checks Android system properties for emulator presence.
  evasion
- Checks CPU information
  Checks CPU information which indicate if the system is an emulator.
  evasion discovery
- Checks memory information
  Checks memory information which indicate if the system is an emulator.
  evasion discovery
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Obtains sensitive information copied to the device clipboard
  Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
  collection credential_access impact
- Queries information about running processes on the device
  Application may abuse the framework's APIs to collect information about running processes on the device.
  discovery
- Queries information about the current Wi-Fi connection
  Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
  discovery
- Queries the mobile country code (MCC)
  discovery
- Registers a broadcast receiver at runtime (usually for listening for system events)
  persistence
- Checks if the internet connection is available
  discovery
- Queries the unique device ID (IMEI, MEID, IMSI)
  discovery
behavioral2 behavioral3 behavioral4
- Target
  
  res.bin
- Size
  
  158KB
- MD5
  
  544b4b6cfde7c5a9f28b765d2bb245ec
- SHA1
  
  7e12d510d4601833ce1fa979ce99325804a8dc09
- SHA256
  
  f72e9cc8e96b617b7792f1cef27d078a2f1d72b52ebf92774a50a349dc15a21e
- SHA512
  
  89c3222a6aaf284dcc00ae38177668bbc772e0a694f6dd32420726a30736d80ffbaac72661ee98c60ae3a2bbcdba96a3ecf0e5371bf3414d1453014ebb4c045e
- SSDEEP
  
  3072:FoKJ2Ggvx7cmteyh+9ZHSsTGdyCB2C1g8BAct1TMgjo3pxuj+Cy6GIX:+ygvxl4yhexCpTttMgE5Qj+C3Gi
Score

1^/10
behavioral5 behavioral6 behavioral7
- Target
  
  epay.jar
- Size
  
  113KB
- MD5
  
  5db6f994c114c0648711b45d8b75d197
- SHA1
  
  f6d1acf365589b00e3fe3b6f1609e106232e640d
- SHA256
  
  56691c8351392b69f8858b11b884d77e17b8011b1aed4d80df416ec72409d03d
- SHA512
  
  51d6635df551e8c760d9dd952c7df9586c16f6c8dcf6ebc92e204a788c482b3bc6fb089d1e2fd17df1e715125b75dbaefb6372aa9d6bcb9952a3416b1ba76af3
- SSDEEP
  
  3072:3HnD3aM7AdWl5k1vI+NrolsvG33467CK+h:XDaAOvprLaI6Xi
Score

1^/10
behavioral10 behavioral8 behavioral9
- Target
  
  res.bin
- Size
  
  158KB
- MD5
  
  544b4b6cfde7c5a9f28b765d2bb245ec
- SHA1
  
  7e12d510d4601833ce1fa979ce99325804a8dc09
- SHA256
  
  f72e9cc8e96b617b7792f1cef27d078a2f1d72b52ebf92774a50a349dc15a21e
- SHA512
  
  89c3222a6aaf284dcc00ae38177668bbc772e0a694f6dd32420726a30736d80ffbaac72661ee98c60ae3a2bbcdba96a3ecf0e5371bf3414d1453014ebb4c045e
- SSDEEP
  
  3072:FoKJ2Ggvx7cmteyh+9ZHSsTGdyCB2C1g8BAct1TMgjo3pxuj+Cy6GIX:+ygvxl4yhexCpTttMgE5Qj+C3Gi
Score

1^/10
behavioral11 behavioral12 behavioral13