25b5c2b5082c457b24bf0f5d864c1bfe66288b13bcf80f1a83a7120d4925d6ac | Triage

Submit
Reports

Overview

overview

8

Static

static

6

6a53afad9b...18.apk

android-9-x86

8

6a53afad9b...18.apk

android-10-x64

8

6a53afad9b...18.apk

android-11-x64

8

Sharing

General

Target

6a53afad9b130b9e638b87cb73511eff_JaffaCakes118
Size

1.1MB
Sample

240523-j9mt4aaf62
MD5

6a53afad9b130b9e638b87cb73511eff
SHA1

d28372524527075c2a7d164070a0667c81d674cc
SHA256

25b5c2b5082c457b24bf0f5d864c1bfe66288b13bcf80f1a83a7120d4925d6ac
SHA512

89777f853938e60147faa6a3681a936dd5a728bdb6899e29ffe8cba77586f19c5cd1fc8ad3286e55e8d076a2c0ddcb4fc5313b03a4c873e333823f13c3604792
SSDEEP

24576:nvhPfuRAYqtQqXHi87RQrm9WAqav2zVxrLpCGEBH9Blrhvp+eVRtvqa:nFuRAYqtQqXz7uaU8KxHp9EBH5rhvkeL

Score

8^/10

android collection credential_access discovery evasion persistence stealth trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

6a53afad9b130b9e638b87cb73511eff_JaffaCakes118.apk

Resource

android-x86-arm-20240514-en

collection credential_access discovery evasion persistence stealth trojan

android-9-x86

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

6a53afad9b130b9e638b87cb73511eff_JaffaCakes118.apk

Resource

android-x64-20240514-en

collection credential_access discovery evasion persistence stealth trojan

android-10-x64

8 signatures

150 seconds

Behavioral task

behavioral3

Sample

6a53afad9b130b9e638b87cb73511eff_JaffaCakes118.apk

Resource

android-x64-arm64-20240514-en

collection credential_access discovery evasion stealth trojan

android-11-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  6a53afad9b130b9e638b87cb73511eff_JaffaCakes118
- Size
  
  1.1MB
- MD5
  
  6a53afad9b130b9e638b87cb73511eff
- SHA1
  
  d28372524527075c2a7d164070a0667c81d674cc
- SHA256
  
  25b5c2b5082c457b24bf0f5d864c1bfe66288b13bcf80f1a83a7120d4925d6ac
- SHA512
  
  89777f853938e60147faa6a3681a936dd5a728bdb6899e29ffe8cba77586f19c5cd1fc8ad3286e55e8d076a2c0ddcb4fc5313b03a4c873e333823f13c3604792
- SSDEEP
  
  24576:nvhPfuRAYqtQqXHi87RQrm9WAqav2zVxrLpCGEBH9Blrhvp+eVRtvqa:nFuRAYqtQqXz7uaU8KxHp9EBH5rhvkeL
Score

8^/10

collection credential_access discovery evasion persistence stealth trojan
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion credential_access
- Removes its main activity from the application launcher
  stealth trojan evasion
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Queries the mobile country code (MCC)
  discovery
- Registers a broadcast receiver at runtime (usually for listening for system events)
  persistence
- Requests enabling of the accessibility settings.
- Checks if the internet connection is available
  discovery
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Reads information about phone network operator.
  discovery
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

collectioncredential_accessdiscoveryevasionpersistencestealthtrojan

behavioral2

collectioncredential_accessdiscoveryevasionpersistencestealthtrojan

behavioral3

collectioncredential_accessdiscoveryevasionstealthtrojan

© 2018-2024

Terms | Privacy