Overview

overview

8

Static

static

6

6df3810ea9...18.apk

android-9-x86

8

dynamic1111.apk

android-9-x86

dynamic1111.apk

android-10-x64

dynamic1111.apk

android-11-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6df3810ea9deffad9a44bd182b10aa3d_JaffaCakes118

  • Size

    25.6MB

  • Sample

    240524-ktfxaabg7s

  • MD5

    6df3810ea9deffad9a44bd182b10aa3d

  • SHA1

    d3fffcf9f67832337ed45f5995063d3e7554803b

  • SHA256

    7d50ec7aa69d2e85ac7c963c14adeca97fb8be548788f9f8ddd6a0175780f5bc

  • SHA512

    100fb05851fd903f108384965a92b41bb848c66e3962e1ecd41b563478ab2d3a687e9d72edcea8d07b037ee8b5e0149138637a63ccb0bae1963c211f6b3f4b38

  • SSDEEP

    393216:ZXeo4CYT7IwG81UpSimXEVD/yWKJypOd5Jk4SCFX/KwkMROxYyOkvpjCX+FVAENg:ZXzo7pGT/mUVFaPWMPKxMI3A62EN4x

Score
8/10
androidbankercollectiondiscoveryevasionimpactpersistence

Malware Config

Targets

    • Target

      6df3810ea9deffad9a44bd182b10aa3d_JaffaCakes118

    • Size

      25.6MB

    • MD5

      6df3810ea9deffad9a44bd182b10aa3d

    • SHA1

      d3fffcf9f67832337ed45f5995063d3e7554803b

    • SHA256

      7d50ec7aa69d2e85ac7c963c14adeca97fb8be548788f9f8ddd6a0175780f5bc

    • SHA512

      100fb05851fd903f108384965a92b41bb848c66e3962e1ecd41b563478ab2d3a687e9d72edcea8d07b037ee8b5e0149138637a63ccb0bae1963c211f6b3f4b38

    • SSDEEP

      393216:ZXeo4CYT7IwG81UpSimXEVD/yWKJypOd5Jk4SCFX/KwkMROxYyOkvpjCX+FVAENg:ZXzo7pGT/mUVFaPWMPKxMI3A62EN4x

    Score
    8/10
    bankercollectiondiscoveryevasionimpactpersistence

    • Checks if the Android device is rooted.

      evasion

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Requests cell location

      Uses Android APIs to to get current cell location.

      collectiondiscoveryevasion

    • Checks Android system properties for emulator presence.

      evasion

    • Checks CPU information

      Checks CPU information which indicate if the system is an emulator.

      evasiondiscovery

    • Checks memory information

      Checks memory information which indicate if the system is an emulator.

      evasiondiscovery

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

      discovery

    • Queries information about the current nearby Wi-Fi networks

      Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

      discovery

    • Queries the mobile country code (MCC)

      discovery

    • Registers a broadcast receiver at runtime (usually for listening for system events)

      persistence

    • Acquires the wake lock

    • Checks if the internet connection is available

      discovery

    • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

    • Reads information about phone network operator.

      discovery
    behavioral1

    • Target

      dynamic1111.jar

    • Size

      107KB

    • MD5

      35c4cfbc0a433d640181796a6f99400f

    • SHA1

      d6094ee48191f6ebd0c41b9c8bb6f73a5bb9b3d6

    • SHA256

      7306f7c9bfb0b152a4b4cf53a23f69558724cf237e477d0a302f5ce12af20104

    • SHA512

      c4da54f8408d84db0f9b78b4d7431ef7273c266980c9ecad0afc25b593d2b2701f087a9dfe9dbc62e3ce4dc3ec127167bbea59b27ecbe40d08258f20f960dbb3

    • SSDEEP

      3072:526YUeTinBtiDpVeqbZaug/eBXmdPMIpEBGngwOBpUhiAce:DsTin+1VeqbZauHXMgXDUOe

    Score
    1/10
    behavioral2behavioral3behavioral4

MITRE ATT&CK Mobile v15

Tasks