Overview

overview

8

Static

static

6

6ae13257be...18.apk

android-9-x86

8

6ae13257be...18.apk

android-10-x64

8

6ae13257be...18.apk

android-11-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6ae13257be7b6861d68943eb2a95eace_JaffaCakes118

  • Size

    649KB

  • Sample

    240523-n8v7asgb57

  • MD5

    6ae13257be7b6861d68943eb2a95eace

  • SHA1

    f76ed6e06e16307a3db88bc7aa05644b3927d787

  • SHA256

    0fc6d8af79195e401d8bf92352a96df8455390cd8572ab057bd8f5c030a6c052

  • SHA512

    f9ab18f133bbdd4702b2d723f4da517a93a511e858cea77bb777f2e6624986c792a344204d9b21f58da882a4f009545da13d98d610363f04aa1907f5c6608de8

  • SSDEEP

    12288:xw6TfQpveQAQmQVAu0rA+gXP9NrhT5v2/26UBt4s:IRR/VMrA7rrhTx2+7tz

Score
8/10
androidbankerdiscoveryevasionpersistence

Malware Config

Targets

    • Target

      6ae13257be7b6861d68943eb2a95eace_JaffaCakes118

    • Size

      649KB

    • MD5

      6ae13257be7b6861d68943eb2a95eace

    • SHA1

      f76ed6e06e16307a3db88bc7aa05644b3927d787

    • SHA256

      0fc6d8af79195e401d8bf92352a96df8455390cd8572ab057bd8f5c030a6c052

    • SHA512

      f9ab18f133bbdd4702b2d723f4da517a93a511e858cea77bb777f2e6624986c792a344204d9b21f58da882a4f009545da13d98d610363f04aa1907f5c6608de8

    • SSDEEP

      12288:xw6TfQpveQAQmQVAu0rA+gXP9NrhT5v2/26UBt4s:IRR/VMrA7rrhTx2+7tz

    Score
    8/10
    bankerdiscoveryevasionpersistence

    • Checks if the Android device is rooted.

      evasion

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Checks CPU information

      Checks CPU information which indicate if the system is an emulator.

      evasiondiscovery

    • Checks memory information

      Checks memory information which indicate if the system is an emulator.

      evasiondiscovery

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

      discovery

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

      discovery

    • Queries information about the current nearby Wi-Fi networks

      Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

      discovery

    • Registers a broadcast receiver at runtime (usually for listening for system events)

      persistence

    • Checks if the internet connection is available

      discovery

    • Queries the unique device ID (IMEI, MEID, IMSI)

      discovery

    • Reads information about phone network operator.

      discovery

    • Listens for changes in the sensor environment (might be used to detect emulation)

      evasion
    behavioral1behavioral2behavioral3

MITRE ATT&CK Mobile v15

Tasks