Overview

overview

8

Static

static

6

6cdcf39fbb...18.apk

android-9-x86

8

autonavi_R..._0.apk

android-9-x86

autonavi_R..._0.apk

android-10-x64

autonavi_R..._0.apk

android-11-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6cdcf39fbbbf988a848e725b5186223a_JaffaCakes118

  • Size

    10.7MB

  • Sample

    240524-bejvysfe6t

  • MD5

    6cdcf39fbbbf988a848e725b5186223a

  • SHA1

    d0f13f2b444dd9c7f8c2fb41d506e8d17fe94ccf

  • SHA256

    af82f5e051e2b62b80630ff87fe3e5743d19926031b53165baf2dd8de0687471

  • SHA512

    8d7b804651e78a1889c233fe63eca8f9a1942e1d2ea778bc4d947affea1a4521e0e1e5c924bb92656f292a9b18803b6fd5f46b7d64bf1bc42c8b1283e3b109f5

  • SSDEEP

    196608:8P4hqfJHA37R5rE+1SeoQnnNoIC3zcaiQq2LmfJo5Lzi09:kfJgrb/SeoQn+IP2L6uJzi09

Score
8/10
androidbankercollectiondiscoveryevasionimpactpersistence

Malware Config

Targets

    • Target

      6cdcf39fbbbf988a848e725b5186223a_JaffaCakes118

    • Size

      10.7MB

    • MD5

      6cdcf39fbbbf988a848e725b5186223a

    • SHA1

      d0f13f2b444dd9c7f8c2fb41d506e8d17fe94ccf

    • SHA256

      af82f5e051e2b62b80630ff87fe3e5743d19926031b53165baf2dd8de0687471

    • SHA512

      8d7b804651e78a1889c233fe63eca8f9a1942e1d2ea778bc4d947affea1a4521e0e1e5c924bb92656f292a9b18803b6fd5f46b7d64bf1bc42c8b1283e3b109f5

    • SSDEEP

      196608:8P4hqfJHA37R5rE+1SeoQnnNoIC3zcaiQq2LmfJo5Lzi09:kfJgrb/SeoQn+IP2L6uJzi09

    Score
    8/10
    bankercollectiondiscoveryevasionimpactpersistence

    • Checks if the Android device is rooted.

      evasion

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Requests cell location

      Uses Android APIs to to get current cell location.

      collectiondiscoveryevasion

    • Checks CPU information

      Checks CPU information which indicate if the system is an emulator.

      evasiondiscovery

    • Checks memory information

      Checks memory information which indicate if the system is an emulator.

      evasiondiscovery

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

      evasionpersistence

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

      discovery

    • Queries information about the current nearby Wi-Fi networks

      Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

      discovery

    • Registers a broadcast receiver at runtime (usually for listening for system events)

      persistence

    • Acquires the wake lock

    • Checks if the internet connection is available

      discovery

    • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

    • Reads information about phone network operator.

      discovery

    • Checks the presence of a debugger

      evasion
    behavioral1

    • Target

      autonavi_Resource1_1_0.png

    • Size

      318KB

    • MD5

      ba63c2effb3dc142c4741a94b11a0b8e

    • SHA1

      836c9a2ea7113003fd4bcc9af3bfb1f77b36a568

    • SHA256

      1ddc70654b3299ccd2d59a7b9d0b687eb59d3c3db524a4b7ba5f7e572ef56377

    • SHA512

      c633c9e0fcad129ba2aa5279e4cff96a6520f51b6f5240ab6a06f9b8ef85541746cabce4836ed57cfa43b1d0412b6d099fa9a75904157de4225bed7f661ec5c0

    • SSDEEP

      6144:RpoNJGrdQSHWEGSLHBRzu6qCpLWb0P2tC78/DYDGyXGMlXY4Q6w0:RpoNJGhvhlzu6qIP2tyzGyXGMlo4Q6w0

    Score
    1/10
    behavioral2behavioral3behavioral4

MITRE ATT&CK Mobile v15

Tasks