Overview

overview

8

Static

static

6

6daa0413c7...18.apk

android-9-x86

8

6daa0413c7...18.apk

android-11-x64

8

gdtadv2.apk

android-9-x86

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6daa0413c7a2e52b0f656e4cd24a3efb_JaffaCakes118

  • Size

    16.5MB

  • Sample

    240524-hpy6ysha9t

  • MD5

    6daa0413c7a2e52b0f656e4cd24a3efb

  • SHA1

    1b44472d5ee9a323100a588a9f13379f75dfe76d

  • SHA256

    a634d2116bcde15cc876358ac4aa856b378928c69007c29afbe4308c5360f995

  • SHA512

    ef3adc56521b2ce638f96e4b0d3893b6b42521f1edcfbb1c9c72080e04ee53ed73a53c3acfcac7073e2f8f4527c2bb61df4746381863a9eeb6505288954c7ca9

  • SSDEEP

    393216:KaDFLTiwMojs5T7ftOEgyXrVaAiGGuj6t5PR1nf7IX0:KaDtTc6s5T7ftOEgyAAi0U5PTf7D

Score
8/10
androidbankercollectiondiscoveryevasionimpactpersistence

Malware Config

Targets

    • Target

      6daa0413c7a2e52b0f656e4cd24a3efb_JaffaCakes118

    • Size

      16.5MB

    • MD5

      6daa0413c7a2e52b0f656e4cd24a3efb

    • SHA1

      1b44472d5ee9a323100a588a9f13379f75dfe76d

    • SHA256

      a634d2116bcde15cc876358ac4aa856b378928c69007c29afbe4308c5360f995

    • SHA512

      ef3adc56521b2ce638f96e4b0d3893b6b42521f1edcfbb1c9c72080e04ee53ed73a53c3acfcac7073e2f8f4527c2bb61df4746381863a9eeb6505288954c7ca9

    • SSDEEP

      393216:KaDFLTiwMojs5T7ftOEgyXrVaAiGGuj6t5PR1nf7IX0:KaDtTc6s5T7ftOEgyAAi0U5PTf7D

    Score
    8/10
    bankercollectiondiscoveryevasionimpactpersistence

    • Checks if the Android device is rooted.

      evasion

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Requests cell location

      Uses Android APIs to to get current cell location.

      collectiondiscoveryevasion

    • Checks CPU information

      Checks CPU information which indicate if the system is an emulator.

      evasiondiscovery

    • Checks memory information

      Checks memory information which indicate if the system is an emulator.

      evasiondiscovery

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

      discovery

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

      discovery

    • Reads the content of the browser bookmarks.

      collection

    • Registers a broadcast receiver at runtime (usually for listening for system events)

      persistence

    • Checks if the internet connection is available

      discovery

    • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

    • Reads information about phone network operator.

      discovery

    • Checks the presence of a debugger

      evasion
    behavioral1behavioral2

    • Target

      gdtadv2.jar

    • Size

      468KB

    • MD5

      6bfe094580c89ba696ef8772de47a552

    • SHA1

      210bc4afce84b6e6bb36f97f68f9d3d9d3432643

    • SHA256

      a884e386bf4ec066c9a82518c354be513182add87107552b1f4cf33dc80bddd4

    • SHA512

      7ae8c9210957f06eb177fa0472ac1fcf80f0e6b1f308ec1906fe059c38623e404b37c34d9e8702cab66efc7ebfdc5400f1506db89b75a5fd1dd915ec2c2086a5

    • SSDEEP

      6144:Nz015KiQP/B4tKQ3OTNgdJHqn+9ZMsH5EK9JKp0KMNd4IoCJlv0gxWky9+T2k57:N/Z/B/NgdliEZMs9JhZ4kykTlJ

    Score
    1/10
    behavioral3

MITRE ATT&CK Mobile v15

Tasks