0fdfd21b3274747a73983daa96e96996e8f7bf2bd8a205b80e441bccfecdfd62

Sharing

Copy URL

Twitter E-mail

General

Target

6927ace6eefa97350f7ad3077822f2b9_JaffaCakes118
Size

5.7MB
Sample

240523-av4dvseh2y
MD5

6927ace6eefa97350f7ad3077822f2b9
SHA1

89ee54a4901e16e447d7525bf1cf6116b762dd7a
SHA256

0fdfd21b3274747a73983daa96e96996e8f7bf2bd8a205b80e441bccfecdfd62
SHA512

f579c83d910a4083fd796645ee6e272278b2c5c44107896c1f427f01cfe99ee7759fd63c3d1d195b510b5a17a59c43d9401ceb17f022a88f124bc5281f8bbaa7
SSDEEP

98304:yoHElAYE8N06nD7QzEl+El3eDi3+W8VmM3/rvkev8uhSbmLqTFSi:yoHEM6nDDwbiOW80MzOuhSbm4ki

Score

8^/10

Malware Config

Targets

- Target
  
  6927ace6eefa97350f7ad3077822f2b9_JaffaCakes118
- Size
  
  5.7MB
- MD5
  
  6927ace6eefa97350f7ad3077822f2b9
- SHA1
  
  89ee54a4901e16e447d7525bf1cf6116b762dd7a
- SHA256
  
  0fdfd21b3274747a73983daa96e96996e8f7bf2bd8a205b80e441bccfecdfd62
- SHA512
  
  f579c83d910a4083fd796645ee6e272278b2c5c44107896c1f427f01cfe99ee7759fd63c3d1d195b510b5a17a59c43d9401ceb17f022a88f124bc5281f8bbaa7
- SSDEEP
  
  98304:yoHElAYE8N06nD7QzEl+El3eDi3+W8VmM3/rvkev8uhSbmLqTFSi:yoHEM6nDDwbiOW80MzOuhSbm4ki
Score

8^/10

banker collection discovery evasion persistence
- Checks if the Android device is rooted.
  evasion
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Requests cell location
  Uses Android APIs to to get current cell location.
  collection discovery evasion
- Checks CPU information
  Checks CPU information which indicate if the system is an emulator.
  evasion discovery
- Checks memory information
  Checks memory information which indicate if the system is an emulator.
  evasion discovery
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Queries information about the current Wi-Fi connection
  Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
  discovery
- Registers a broadcast receiver at runtime (usually for listening for system events)
  persistence
- Checks if the internet connection is available
  discovery
- Reads information about phone network operator.
  discovery
behavioral1
- Target
  
  WXPPlugin.data
- Size
  
  278KB
- MD5
  
  d3d25e01f45cfd8136d1b59127006cd4
- SHA1
  
  7f742a068495d549415e2f9a2c0a58bc9b2d557b
- SHA256
  
  76dd9b46d5b5381591d207f0f9ed3d60f35f360ff5843f3b47026b0473c4a85f
- SHA512
  
  0499d3ce4e50ac7242b3ffbff77ba3f02dbd6b494685bb6d64bc6f7b6b2305d91f5e4a90854b34a6ebc78009bee42587edd1332dda5536961fdecfd85eea113b
- SSDEEP
  
  6144:zygvxl4yhexCpTttMgE5Qj+C3GVNKZBi1+nYg0MgRfNp:u2lw6htME+eB9181p
Score

8^/10

discovery evasion persistence collection credential_access impact
- Checks if the Android device is rooted.
  evasion
- Checks Android system properties for emulator presence.
  evasion
- Checks CPU information
  Checks CPU information which indicate if the system is an emulator.
  evasion discovery
- Checks memory information
  Checks memory information which indicate if the system is an emulator.
  evasion discovery
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Obtains sensitive information copied to the device clipboard
  Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
  collection credential_access impact
- Queries information about running processes on the device
  Application may abuse the framework's APIs to collect information about running processes on the device.
  discovery
- Queries information about the current Wi-Fi connection
  Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
  discovery
- Queries the mobile country code (MCC)
  discovery
- Registers a broadcast receiver at runtime (usually for listening for system events)
  persistence
- Checks if the internet connection is available
  discovery
- Queries the unique device ID (IMEI, MEID, IMSI)
  discovery
behavioral2 behavioral3 behavioral4
- Target
  
  res.bin
- Size
  
  158KB
- MD5
  
  544b4b6cfde7c5a9f28b765d2bb245ec
- SHA1
  
  7e12d510d4601833ce1fa979ce99325804a8dc09
- SHA256
  
  f72e9cc8e96b617b7792f1cef27d078a2f1d72b52ebf92774a50a349dc15a21e
- SHA512
  
  89c3222a6aaf284dcc00ae38177668bbc772e0a694f6dd32420726a30736d80ffbaac72661ee98c60ae3a2bbcdba96a3ecf0e5371bf3414d1453014ebb4c045e
- SSDEEP
  
  3072:FoKJ2Ggvx7cmteyh+9ZHSsTGdyCB2C1g8BAct1TMgjo3pxuj+Cy6GIX:+ygvxl4yhexCpTttMgE5Qj+C3Gi
Score

1^/10
behavioral5 behavioral6 behavioral7
- Target
  
  epay.jar
- Size
  
  113KB
- MD5
  
  5db6f994c114c0648711b45d8b75d197
- SHA1
  
  f6d1acf365589b00e3fe3b6f1609e106232e640d
- SHA256
  
  56691c8351392b69f8858b11b884d77e17b8011b1aed4d80df416ec72409d03d
- SHA512
  
  51d6635df551e8c760d9dd952c7df9586c16f6c8dcf6ebc92e204a788c482b3bc6fb089d1e2fd17df1e715125b75dbaefb6372aa9d6bcb9952a3416b1ba76af3
- SSDEEP
  
  3072:3HnD3aM7AdWl5k1vI+NrolsvG33467CK+h:XDaAOvprLaI6Xi
Score

1^/10
behavioral10 behavioral8 behavioral9
- Target
  
  res.bin
- Size
  
  158KB
- MD5
  
  544b4b6cfde7c5a9f28b765d2bb245ec
- SHA1
  
  7e12d510d4601833ce1fa979ce99325804a8dc09
- SHA256
  
  f72e9cc8e96b617b7792f1cef27d078a2f1d72b52ebf92774a50a349dc15a21e
- SHA512
  
  89c3222a6aaf284dcc00ae38177668bbc772e0a694f6dd32420726a30736d80ffbaac72661ee98c60ae3a2bbcdba96a3ecf0e5371bf3414d1453014ebb4c045e
- SSDEEP
  
  3072:FoKJ2Ggvx7cmteyh+9ZHSsTGdyCB2C1g8BAct1TMgjo3pxuj+Cy6GIX:+ygvxl4yhexCpTttMgE5Qj+C3Gi
Score

1^/10
behavioral11 behavioral12 behavioral13

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Targets

Checks if the Android device is rooted.

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Requests cell location

Checks CPU information

Checks memory information

Loads dropped Dex/Jar

Queries information about the current Wi-Fi connection

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks if the internet connection is available

Reads information about phone network operator.

Checks if the Android device is rooted.

Checks Android system properties for emulator presence.

Checks CPU information

Checks memory information

Loads dropped Dex/Jar

Obtains sensitive information copied to the device clipboard

Queries information about running processes on the device

Queries information about the current Wi-Fi connection

Queries the mobile country code (MCC)

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks if the internet connection is available

Queries the unique device ID (IMEI, MEID, IMSI)

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13