Overview

overview

8

Static

static

6

6fd28f610a...18.apk

android-9-x86

8

com.skymob...05.apk

android-9-x86

1

com.skymob...05.apk

android-10-x64

1

com.skymob...05.apk

android-11-x64

1

com.skymob...05.apk

android-9-x86

1

com.skymob...05.apk

android-10-x64

1

com.skymob...05.apk

android-11-x64

1

com.skymob...05.apk

android-9-x86

com.skymob...05.apk

android-10-x64

com.skymob...05.apk

android-11-x64

unicom_resource.apk

android-9-x86

1

unicom_resource.apk

android-10-x64

1

unicom_resource.apk

android-11-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6fd28f610a0b49c2aa8b2052df467d4c_JaffaCakes118

  • Size

    13.8MB

  • Sample

    240524-zqnv2sag6y

  • MD5

    6fd28f610a0b49c2aa8b2052df467d4c

  • SHA1

    a4bd913939b450dbaaf676bbbeee75cdfcb76b2a

  • SHA256

    a647462ae8597926e4e012c05c34e57cf098955aa7e0977c7dd329a22d2bcbd9

  • SHA512

    bb287255fe6e9fd3ecd3a41aaf2f1232d72ab0118230f9ee253a8d8891dd75af7b880186f268ea7864b040c9151d5a28b544be62d0f639a333180bc1a1161894

  • SSDEEP

    393216:mXd6nf7tvbPwGKiT1oY7/Ddme3Ctlkcn3Z3YPxrFQ9:mt6jtvbP9KiT1oY7rqZIPxc

Score
8/10
androidbankercollectiondiscoveryevasionpersistence

Malware Config

Targets

    • Target

      6fd28f610a0b49c2aa8b2052df467d4c_JaffaCakes118

    • Size

      13.8MB

    • MD5

      6fd28f610a0b49c2aa8b2052df467d4c

    • SHA1

      a4bd913939b450dbaaf676bbbeee75cdfcb76b2a

    • SHA256

      a647462ae8597926e4e012c05c34e57cf098955aa7e0977c7dd329a22d2bcbd9

    • SHA512

      bb287255fe6e9fd3ecd3a41aaf2f1232d72ab0118230f9ee253a8d8891dd75af7b880186f268ea7864b040c9151d5a28b544be62d0f639a333180bc1a1161894

    • SSDEEP

      393216:mXd6nf7tvbPwGKiT1oY7/Ddme3Ctlkcn3Z3YPxrFQ9:mt6jtvbP9KiT1oY7rqZIPxc

    Score
    8/10
    bankercollectiondiscoveryevasionpersistence

    • Checks if the Android device is rooted.

      evasion

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Requests cell location

      Uses Android APIs to to get current cell location.

      collectiondiscoveryevasion

    • Checks CPU information

      Checks CPU information which indicate if the system is an emulator.

      evasiondiscovery

    • Checks memory information

      Checks memory information which indicate if the system is an emulator.

      evasiondiscovery

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

      discovery

    • Queries the phone number (MSISDN for GSM devices)

      discovery

    • Reads the content of SMS inbox messages.

      collection

    • Registers a broadcast receiver at runtime (usually for listening for system events)

      persistence

    • Checks if the internet connection is available

      discovery

    • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

    • Reads information about phone network operator.

      discovery
    behavioral1

    • Target

      com.skymobi.pay.plugin.main_v1005.pl

    • Size

      50KB

    • MD5

      6a2f8961c75ff474d6e62f87d2ae700e

    • SHA1

      6322a924e3e533a5fd556cec52c2e4f4c0580464

    • SHA256

      83d06c3c2c9e52b7703409b33900e86f6954e4946dc475ce7538a86b76f94c9f

    • SHA512

      6aa3badee9e9d2637eed62c4c582c630cd0bb5b9b622f025b10f7435fd10d7934857f2470e70de80e3c20e1d04681d48d82041ce324febe1ba258677b2b195c1

    • SSDEEP

      768:WzcBtm6dJ+Sjg00NLj7UPDaUJlEqItB1uvxbn+ufYzxV0NewmHJit8moez+d+:W01dJrgH7uzu1uBnNfU0estoezG+

    Score
    1/10
    behavioral2behavioral3behavioral4

    • Target

      com.skymobi.pay.plugin.recordupload_v1005.pl

    • Size

      40KB

    • MD5

      2149a6f83bd5ada02f9c4e66e1f16378

    • SHA1

      7ed873b29c8088a704ec57c59a5e5847051e9a9b

    • SHA256

      5b861e755afb702beaf86d00148acd272bef338e5f6bfd23d4e95ace55f6f6b5

    • SHA512

      18782ffbfe29159d509258db437029381cf2a483bd677ac7a71c1d27462a76f9aa754f45606e292fdd48d401c18954a3532066c4e0c8600e03bf538b5987d920

    • SSDEEP

      768:lWkC2BYtQRjlDiMfr/p8a2uBiOkN2sgxtqh+fBQcfwDkMoI:lWkC2StQtfr12uBiOkCxccfBQsTzI

    Score
    1/10
    behavioral5behavioral6behavioral7

    • Target

      com.skymobi.pay.plugin.smspay_v1005.pl

    • Size

      184KB

    • MD5

      1a4244d8d15916c458745b86d5d93aa6

    • SHA1

      83bdfea695fecbe66b4936f0a28173810bf7a584

    • SHA256

      18960f77dac0fb8902306863b55bf8e7f98842217b7b70e1bb7a93a644551149

    • SHA512

      2a6b579bc74d3d7767f934664a6622d7d54cdd0b00a701ddfa055b3c87216998c6c321860d3b01501b272ae736b550e10c665dbab052aa7ca2c1a1726930b00e

    • SSDEEP

      3072:KO8zxxS4MAVSOOzdLtAAv/HOIpnO4J/4LKyBMT+GYfqFA5I0BGmgWbCiw5/YZ3z5:KOkXpMAV3OzxtAA3BdO4JOo+GGvtGubh

    Score
    1/10
    behavioral10behavioral8behavioral9

    • Target

      unicom_resource.dat

    • Size

      139KB

    • MD5

      6088cd3228debc405bf311bb303cdbbb

    • SHA1

      33b28585187d90e5b22b732fc97309bae7141408

    • SHA256

      0e83be96976f936927c16e709622396d814df47fe634f430b4b556e0a9c8b1e5

    • SHA512

      bba92ecd4be50306db8fc220cd97a8bf3023f268450fe5e58edd24f61f3dd224c6f4fe5614d3395b8ee456cf25b72f46881889ec193aa04b07bc6778eafc8280

    • SSDEEP

      3072:Z5IP4TzmQPGCrBN5cMcI5go0FhsRuFjuttuppt0:Z5yXaGCrBLVfgxFhGuauK

    Score
    1/10
    behavioral11behavioral12behavioral13

MITRE ATT&CK Mobile v15

Tasks