e7ff1300451a2fa0bd106fcfe48cc69c63f9a0fa95dff61639f4fffeab1efa7a

General

Target

6a9b32447b74abb2b5eb1a1683d82ac0_JaffaCakes118
Size

21.0MB
Sample

240523-l8w3gscg93
MD5

6a9b32447b74abb2b5eb1a1683d82ac0
SHA1

104bc31d86c62bd26078b862091c43e63c6f8c93
SHA256

e7ff1300451a2fa0bd106fcfe48cc69c63f9a0fa95dff61639f4fffeab1efa7a
SHA512

46e07f889bf4bc3ac6b502558af1920dbcf62656af899d69c64d9f00686e27497659662a75daa3204fb984af846274b3bfa13da25808d229143c241a311e0d08
SSDEEP

393216:qPzs/o+KtxrgnppC4TZlctu+oqNhZFy9irf0qsdXxF61:qPEqUPRZlctu+oyFbrf0PdXxW

Score

8^/10

Malware Config

Targets

- Target
  
  6a9b32447b74abb2b5eb1a1683d82ac0_JaffaCakes118
- Size
  
  21.0MB
- MD5
  
  6a9b32447b74abb2b5eb1a1683d82ac0
- SHA1
  
  104bc31d86c62bd26078b862091c43e63c6f8c93
- SHA256
  
  e7ff1300451a2fa0bd106fcfe48cc69c63f9a0fa95dff61639f4fffeab1efa7a
- SHA512
  
  46e07f889bf4bc3ac6b502558af1920dbcf62656af899d69c64d9f00686e27497659662a75daa3204fb984af846274b3bfa13da25808d229143c241a311e0d08
- SSDEEP
  
  393216:qPzs/o+KtxrgnppC4TZlctu+oqNhZFy9irf0qsdXxF61:qPEqUPRZlctu+oyFbrf0PdXxW
Score

8^/10

banker discovery evasion impact persistence collection credential_access
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Checks CPU information
  Checks CPU information which indicate if the system is an emulator.
  evasion discovery
- Checks memory information
  Checks memory information which indicate if the system is an emulator.
  evasion discovery
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Obtains sensitive information copied to the device clipboard
  Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
  collection credential_access impact
- Queries information about running processes on the device
  Application may abuse the framework's APIs to collect information about running processes on the device.
  discovery
- Queries information about the current Wi-Fi connection
  Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
  discovery
- Queries the mobile country code (MCC)
  discovery
- Registers a broadcast receiver at runtime (usually for listening for system events)
  persistence
- Checks if the internet connection is available
  discovery
- Queries the unique device ID (IMEI, MEID, IMSI)
  discovery
- Reads information about phone network operator.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Targets

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Checks CPU information

Checks memory information

Loads dropped Dex/Jar

Obtains sensitive information copied to the device clipboard

Queries information about running processes on the device

Queries information about the current Wi-Fi connection

Queries the mobile country code (MCC)

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks if the internet connection is available

Queries the unique device ID (IMEI, MEID, IMSI)

Reads information about phone network operator.

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2