ccca155f268940b306dc2b89bf6fb75eba3e7a5cfd763ba13a242074a6ab0575

Sharing

Copy URL

Twitter E-mail

General

Target

73a80648ef06e789f0a48d9b2dfc8c0b_JaffaCakes118
Size

6.6MB
Sample

240525-3sgfjaff42
MD5

73a80648ef06e789f0a48d9b2dfc8c0b
SHA1

1c67dd335b6992b4f16608a348cab6472e9d51a0
SHA256

ccca155f268940b306dc2b89bf6fb75eba3e7a5cfd763ba13a242074a6ab0575
SHA512

df6614054b8e7393d231d7429336e163a8ad4259900515524a3f80729690aa1fe64bc5cbd4b872ed85615a78fad0385f31d3cf0910999b8f0da1a6929a564001
SSDEEP

196608:JxDWlffILY+Kpvp1Cp/LNQE6KEmRTvfW2dTf2sUA:TOg6JpY/pr6KBTWG2FA

Score

8^/10

Malware Config

Targets

- Target
  
  73a80648ef06e789f0a48d9b2dfc8c0b_JaffaCakes118
- Size
  
  6.6MB
- MD5
  
  73a80648ef06e789f0a48d9b2dfc8c0b
- SHA1
  
  1c67dd335b6992b4f16608a348cab6472e9d51a0
- SHA256
  
  ccca155f268940b306dc2b89bf6fb75eba3e7a5cfd763ba13a242074a6ab0575
- SHA512
  
  df6614054b8e7393d231d7429336e163a8ad4259900515524a3f80729690aa1fe64bc5cbd4b872ed85615a78fad0385f31d3cf0910999b8f0da1a6929a564001
- SSDEEP
  
  196608:JxDWlffILY+Kpvp1Cp/LNQE6KEmRTvfW2dTf2sUA:TOg6JpY/pr6KBTWG2FA
Score

8^/10

banker discovery evasion persistence
- Checks if the Android device is rooted.
  evasion
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Checks CPU information
  Checks CPU information which indicate if the system is an emulator.
  evasion discovery
- Checks known Qemu files.
  Checks for known Qemu files that exist on Android virtual device images.
  evasion
- Checks known Qemu pipes.
  Checks for known pipes used by the Android emulator to communicate with the host.
  evasion
- Checks memory information
  Checks memory information which indicate if the system is an emulator.
  evasion discovery
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Queries information about the current Wi-Fi connection
  Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
  discovery
- Queries the mobile country code (MCC)
  discovery
- Queries the phone number (MSISDN for GSM devices)
  discovery
- Registers a broadcast receiver at runtime (usually for listening for system events)
  persistence
- Checks if the internet connection is available
  discovery
- Reads information about phone network operator.
  discovery
- Listens for changes in the sensor environment (might be used to detect emulation)
  evasion
behavioral1 behavioral2
- Target
  
  res.bin
- Size
  
  205KB
- MD5
  
  dafb7d4b90ea8d376128c625183dd9ad
- SHA1
  
  883c9b0586e740e9fb976d27a437e84fc26e92fd
- SHA256
  
  07be7e035e50b372d700b7cc148515a26b0775b2b485e50895988753fe24b12b
- SHA512
  
  56deefb30f358f2d404c93725f331374f0878b8121d95412ab1b1299364b2eea2b7fe179e21bbe96f4076300556a09f55825118ff67b401504c2f3b82af6b13b
- SSDEEP
  
  3072:jFsFh83XDWxVFkPRLccq5sOwglfnhdQkWVsXQp6D9PhTbnEaxEiQWu6vSP:jFrzWlkKcqiglfnrXDRFnEaxxaP
Score

1^/10
behavioral3 behavioral4 behavioral5
- Target
  
  v0.1.11_egret-dex.jar
- Size
  
  203KB
- MD5
  
  365b90afd2686b80daf08e94808f6845
- SHA1
  
  958c6694eb73d01dafc15ca5ebbd0d77b1b9d236
- SHA256
  
  5fca62753c0c14331a138acaca2dc20d83fe1b5fff615467e5979527f188b78e
- SHA512
  
  dec050f2720354b0498e8a5d361cfbaf4db7c986c0f12bd0d234ab8fd87a011fac53eca0056474d814791530dee719de0f02640258f95dfd5ecd968120aa918c
- SSDEEP
  
  3072:xbD/q0Q5tpsuR6Rc0isIsO+DHpq+mbUehJ4MkU8wBwmffr7Ob47MTGp8496Ewhhi:JD/qdOOsIop9YhOMZ3aHTGGu59XYQ
Score

1^/10
behavioral6 behavioral7 behavioral8