Overview

overview

8

Static

static

6

6e1cc2cb21...18.apk

android-9-x86

7

6e1cc2cb21...18.apk

android-11-x64

8

gdtadv2.apk

android-9-x86

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6e1cc2cb214d8548a5f545d36ad336f2_JaffaCakes118

  • Size

    30.4MB

  • Sample

    240524-lx173ada8w

  • MD5

    6e1cc2cb214d8548a5f545d36ad336f2

  • SHA1

    3d53cb927de9dc067c0e98b1ed0746d9aa8a0842

  • SHA256

    0e779b2aff1137aa69764ddbe256fc55d49fa780e44c5aeafb48447ee58c83f7

  • SHA512

    5afde4f0e9de90eb4f60600ef532442e1d80bbb07a3139aaec583c678064b477450eb107a659e592ec72c533bfa2f064d574c0fa3c2ed176382f40e514b2e343

  • SSDEEP

    786432:RWuHTm7X4Tk7XUQJq7xfKy2jOkLGbN6Q7NiDxB:RWcTmDAk7EfKj6RNH7NiH

Score
8/10
androidcollectiondiscoveryevasionpersistence

Malware Config

Targets

    • Target

      6e1cc2cb214d8548a5f545d36ad336f2_JaffaCakes118

    • Size

      30.4MB

    • MD5

      6e1cc2cb214d8548a5f545d36ad336f2

    • SHA1

      3d53cb927de9dc067c0e98b1ed0746d9aa8a0842

    • SHA256

      0e779b2aff1137aa69764ddbe256fc55d49fa780e44c5aeafb48447ee58c83f7

    • SHA512

      5afde4f0e9de90eb4f60600ef532442e1d80bbb07a3139aaec583c678064b477450eb107a659e592ec72c533bfa2f064d574c0fa3c2ed176382f40e514b2e343

    • SSDEEP

      786432:RWuHTm7X4Tk7XUQJq7xfKy2jOkLGbN6Q7NiDxB:RWcTmDAk7EfKj6RNH7NiH

    Score
    8/10
    discoveryevasionpersistencecollection

    • Checks if the Android device is rooted.

      evasion

    • Requests cell location

      Uses Android APIs to to get current cell location.

      collectiondiscoveryevasion

    • Checks CPU information

      Checks CPU information which indicate if the system is an emulator.

      evasiondiscovery

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

      discovery

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

      discovery

    • Queries the phone number (MSISDN for GSM devices)

      discovery

    • Registers a broadcast receiver at runtime (usually for listening for system events)

      persistence

    • Checks if the internet connection is available

      discovery

    • Listens for changes in the sensor environment (might be used to detect emulation)

      evasion
    behavioral1behavioral2

    • Target

      gdtadv2.jar

    • Size

      401KB

    • MD5

      31aee39aa595216667e149f1a151a2ab

    • SHA1

      701b4a1f11ed6eb42751250e86206ca8765d5410

    • SHA256

      36bc2a92f09ab333699a22a44182b1eeb7caab4f20f90b7eb1d239d82854f0fd

    • SHA512

      f020e1d4f2b741f057f43158d6c31d8f140642885cae82c9c70ddb47a7c50fdf419129e60ea0151b87a93739dcb6a967c1f3abdbe39d0b68483bb150ea29916e

    • SSDEEP

      12288:PEL4FK3na8JwMzTTbG2BDMnMlr0yvAcbPQxyuS:MLt62qnkrxfuG

    Score
    1/10
    behavioral3

MITRE ATT&CK Mobile v15

Tasks