16364a06833298982c144cb8a54e6ef80f040c80f39291de3db91e1a529a5008

General

Target

6d27839a77864dd07d1b37f58d4d11a1_JaffaCakes118
Size

4.6MB
Sample

240524-drrgnsbb86
MD5

6d27839a77864dd07d1b37f58d4d11a1
SHA1

c89e567e48b28cdad9b77d877590a0390987e495
SHA256

16364a06833298982c144cb8a54e6ef80f040c80f39291de3db91e1a529a5008
SHA512

f264dc267f74d22b52d1586c20668552818ac0d259db2a6ee87d362c978b6337f93174f72c60b2e1880e231d28c73da8079dfd78fbe266dad1e9178d4dc4ca8a
SSDEEP

98304:/CHyv70Fk/wpzMMA1AJTmF/MhC3BM6UirQ25fmEY3:gk/wpzW1s/C3BCirQ25fxg

Score

8^/10

Malware Config

Targets

- Target
  
  6d27839a77864dd07d1b37f58d4d11a1_JaffaCakes118
- Size
  
  4.6MB
- MD5
  
  6d27839a77864dd07d1b37f58d4d11a1
- SHA1
  
  c89e567e48b28cdad9b77d877590a0390987e495
- SHA256
  
  16364a06833298982c144cb8a54e6ef80f040c80f39291de3db91e1a529a5008
- SHA512
  
  f264dc267f74d22b52d1586c20668552818ac0d259db2a6ee87d362c978b6337f93174f72c60b2e1880e231d28c73da8079dfd78fbe266dad1e9178d4dc4ca8a
- SSDEEP
  
  98304:/CHyv70Fk/wpzMMA1AJTmF/MhC3BM6UirQ25fmEY3:gk/wpzW1s/C3BCirQ25fxg
Score

8^/10

banker collection discovery evasion impact persistence
- Checks if the Android device is rooted.
  evasion
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Requests cell location
  Uses Android APIs to to get current cell location.
  collection discovery evasion
- Checks CPU information
  Checks CPU information which indicate if the system is an emulator.
  evasion discovery
- Checks memory information
  Checks memory information which indicate if the system is an emulator.
  evasion discovery
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Queries information about running processes on the device
  Application may abuse the framework's APIs to collect information about running processes on the device.
  discovery
- Queries information about the current Wi-Fi connection
  Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
  discovery
- Reads the content of the SMS messages.
  collection
- Registers a broadcast receiver at runtime (usually for listening for system events)
  persistence
- Checks if the internet connection is available
  discovery
- Domain associated with commercial stalkerware software, includes indicators from echap.eu.org
- Queries the unique device ID (IMEI, MEID, IMSI)
  discovery
- Requests dangerous framework permissions
behavioral1 behavioral2
- Target
  
  BDTX140
- Size
  
  96KB
- MD5
  
  cecd3872a89699f8a52c04b36770ac28
- SHA1
  
  0825677ccb088f8eb59390d3d5c54d29b00a5fbb
- SHA256
  
  61b4ea846f922634ddfbbd46369b23b8560780fae62db1b0ae90aceb4a976831
- SHA512
  
  7be6809effa982bbab73df9f2ead279821ac7b2f52e52f5272fdd9fcafdc592ab76251e782cd964974a67f54fef6ca6bba191f2af10c811223650d710cd4c95c
- SSDEEP
  
  3072:kfrMW3vCNUnvF303nHKypYotCX7LmF4iaE:kj93vhvu3HTTaE
Score

1^/10
behavioral3 behavioral4 behavioral5

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Targets

Checks if the Android device is rooted.

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Requests cell location

Checks CPU information

Checks memory information

Loads dropped Dex/Jar

Queries information about running processes on the device

Queries information about the current Wi-Fi connection

Reads the content of the SMS messages.

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks if the internet connection is available

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Queries the unique device ID (IMEI, MEID, IMSI)

Requests dangerous framework permissions

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5