517f40c8b272a3f90a6a692dd35d8d541492579d5a3bf0300e0d73b12b3100f9

General

Target

6f3e20b3fd75c752c9a872481203bf4a_JaffaCakes118
Size

23.0MB
Sample

240524-vryz7ada5y
MD5

6f3e20b3fd75c752c9a872481203bf4a
SHA1

427820d1e3af3bbfe00e538eadfb17aa9adc2c8a
SHA256

517f40c8b272a3f90a6a692dd35d8d541492579d5a3bf0300e0d73b12b3100f9
SHA512

ae04896711a5ce56c1717152e27e21fdb3c1c9cb2e8d04e39e1f0035227e016c6ccd41bdc8679384b5e2a0c8c3a2ffdc32acfceec8b47cc30bdcbec6cbffd19c
SSDEEP

393216:z4W34qmm67G8/ui88dUqytF+Ffh4H+8RXX3W8w9w9Peh+K3W8w9w9PDLoYRsezWS:N/m/7GSdUxtF+FfK19XGxw9mh+KGxw9b

Score

8^/10

Malware Config

Targets

- Target
  
  6f3e20b3fd75c752c9a872481203bf4a_JaffaCakes118
- Size
  
  23.0MB
- MD5
  
  6f3e20b3fd75c752c9a872481203bf4a
- SHA1
  
  427820d1e3af3bbfe00e538eadfb17aa9adc2c8a
- SHA256
  
  517f40c8b272a3f90a6a692dd35d8d541492579d5a3bf0300e0d73b12b3100f9
- SHA512
  
  ae04896711a5ce56c1717152e27e21fdb3c1c9cb2e8d04e39e1f0035227e016c6ccd41bdc8679384b5e2a0c8c3a2ffdc32acfceec8b47cc30bdcbec6cbffd19c
- SSDEEP
  
  393216:z4W34qmm67G8/ui88dUqytF+Ffh4H+8RXX3W8w9w9Peh+K3W8w9w9PDLoYRsezWS:N/m/7GSdUxtF+FfK19XGxw9mh+KGxw9b
Score

8^/10

collection discovery evasion impact persistence
- Checks if the Android device is rooted.
  evasion
- Requests cell location
  Uses Android APIs to to get current cell location.
  collection discovery evasion
- Checks CPU information
  Checks CPU information which indicate if the system is an emulator.
  evasion discovery
- Checks known Qemu files.
  Checks for known Qemu files that exist on Android virtual device images.
  evasion
- Checks known Qemu pipes.
  Checks for known pipes used by the Android emulator to communicate with the host.
  evasion
- Checks memory information
  Checks memory information which indicate if the system is an emulator.
  evasion discovery
- Queries information about running processes on the device
  Application may abuse the framework's APIs to collect information about running processes on the device.
  discovery
- Queries information about the current Wi-Fi connection
  Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
  discovery
- Queries the mobile country code (MCC)
  discovery
- Registers a broadcast receiver at runtime (usually for listening for system events)
  persistence
- Checks if the internet connection is available
  discovery
- Domain associated with commercial stalkerware software, includes indicators from echap.eu.org
- Listens for changes in the sensor environment (might be used to detect emulation)
  evasion
behavioral1
- Target
  
  app-debug.apk
- Size
  
  1.1MB
- MD5
  
  5b7faf6a8748eed5323c979ebead1021
- SHA1
  
  584727ffce6cbf8c09fdbf51cc150bdd74809c0b
- SHA256
  
  0a78d86cd88361b666c49f00f67d3e60fde03dae7c239b153f7cb500818b956f
- SHA512
  
  05ad368807b8a12a64765e4d696e16e6cbad63eef03a08e98a45af986d023c4d9e818060103cc0194a8c73dc17058e647fc58422d7f4d7110c549699395b09b4
- SSDEEP
  
  24576:boV2AxoTMEQYb16BkM24L+2AG5E8JZIHQanKU7gice7J:boV2gqMEQE6BkM24S2j5E8AHLgicm
Score

7^/10

discovery evasion persistence
- Checks memory information
  Checks memory information which indicate if the system is an emulator.
  evasion discovery
- Queries the mobile country code (MCC)
  discovery
- Registers a broadcast receiver at runtime (usually for listening for system events)
  persistence
behavioral2 behavioral3
- Target
  
  gdtadv2.jar
- Size
  
  246KB
- MD5
  
  ef88132318d986627c2dd75e366149aa
- SHA1
  
  f9e5886571c1f7d2c70d11bf98a172b08576892b
- SHA256
  
  00e3b2f68c0e0928ebad2654bf68d594bb013a386336af5dcc52618d6f23c34a
- SHA512
  
  b7951258ce49ef7800621a8e3fe8e377c85e1f3c69b4de38ad297945e4da150074325e9e0d3988841afa12831bc5856612e42de24e77df5145cb4e75996d3d98
- SSDEEP
  
  3072:RcAgpT2vQCCJ7AS/ZSEPclIxwAGTIspsWVvXSEFxtAk3x1KNDQOBz9uCgp2PNp+N:RUCcJBhSEPcawG0JXHxtd1KduCjP6FH
Score

1^/10
behavioral4 behavioral5 behavioral6