96722dd7dbaa0712be4833540f78c4e42c1f4e55547a3ba81c43be3e0852a8a5

General

Target

6abe0004ee53e69951296aa2f20ab0ab_JaffaCakes118
Size

1.3MB
Sample

240523-m86glaea59
MD5

6abe0004ee53e69951296aa2f20ab0ab
SHA1

5a713725e7ae253265b9da89dc6086d605b25d55
SHA256

96722dd7dbaa0712be4833540f78c4e42c1f4e55547a3ba81c43be3e0852a8a5
SHA512

ffd83adcbee317d68764a170d5dd4ba54bb8be886856872331bc2ad50702122c1003067c8d371d22d7bed9cbc95e90f2aeb1d5de2301374e17b1e63836a0f9e5
SSDEEP

24576:C3ToL0otaYtXMheh8X3lUKfcfIkuovSp0Bjbo+kwjYrwq/13tdHbZKm51Ob83z:KMQ7YtQX1wvTvSpGj35jYrwq/1XHNKmr

Score

8^/10

Malware Config

Targets

- Target
  
  6abe0004ee53e69951296aa2f20ab0ab_JaffaCakes118
- Size
  
  1.3MB
- MD5
  
  6abe0004ee53e69951296aa2f20ab0ab
- SHA1
  
  5a713725e7ae253265b9da89dc6086d605b25d55
- SHA256
  
  96722dd7dbaa0712be4833540f78c4e42c1f4e55547a3ba81c43be3e0852a8a5
- SHA512
  
  ffd83adcbee317d68764a170d5dd4ba54bb8be886856872331bc2ad50702122c1003067c8d371d22d7bed9cbc95e90f2aeb1d5de2301374e17b1e63836a0f9e5
- SSDEEP
  
  24576:C3ToL0otaYtXMheh8X3lUKfcfIkuovSp0Bjbo+kwjYrwq/13tdHbZKm51Ob83z:KMQ7YtQX1wvTvSpGj35jYrwq/1XHNKmr
Score

8^/10

banker collection discovery evasion persistence stealth trojan
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Removes its main activity from the application launcher
  stealth trojan evasion
- Checks CPU information
  Checks CPU information which indicate if the system is an emulator.
  evasion discovery
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Queries account information for other applications stored on the device
  Application may abuse the framework's APIs to collect account information stored on the device.
  collection
- Queries information about running processes on the device
  Application may abuse the framework's APIs to collect information about running processes on the device.
  discovery
- Queries information about the current Wi-Fi connection
  Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
  discovery
- Registers a broadcast receiver at runtime (usually for listening for system events)
  persistence
- Checks if the internet connection is available
  discovery
- Queries the unique device ID (IMEI, MEID, IMSI)
  discovery
- Reads information about phone network operator.
  discovery
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Targets

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Removes its main activity from the application launcher

Checks CPU information

Loads dropped Dex/Jar

Queries account information for other applications stored on the device

Queries information about running processes on the device

Queries information about the current Wi-Fi connection

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks if the internet connection is available

Queries the unique device ID (IMEI, MEID, IMSI)

Reads information about phone network operator.

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

behavioral3