Overview

overview

8

Static

static

6

71de92616d...18.apk

android-9-x86

8

71de92616d...18.apk

android-13-x64

8

gdtadv2.apk

android-9-x86

gdtadv2.apk

android-10-x64

gdtadv2.apk

android-11-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    71de92616ddc25b0ebc6fe6014772f00_JaffaCakes118

  • Size

    13.3MB

  • Sample

    240525-n4lr3agd8x

  • MD5

    71de92616ddc25b0ebc6fe6014772f00

  • SHA1

    8c214b25926ef75eee27dc56de6f7db71f67e683

  • SHA256

    a49d230f33ea40dc7a2525b8bf6b59185e7062a5a014d23b1ee08286f1221c63

  • SHA512

    a226e7c7974b56a8c61a17f935fb84a856c86ee40f06c439666d6125f661877004a3bd01de33ab5c8f3a85d505ffc878a53e2b2d2aa55a0bf87fba0ae060a2d4

  • SSDEEP

    393216:meRXi1y7zrU4IOrHYNrkxmW8okJtG/vMx:mp1WzrUJOxMTIvg

Score
8/10
androidcollectiondiscoveryevasionimpactpersistence

Malware Config

Targets

    • Target

      71de92616ddc25b0ebc6fe6014772f00_JaffaCakes118

    • Size

      13.3MB

    • MD5

      71de92616ddc25b0ebc6fe6014772f00

    • SHA1

      8c214b25926ef75eee27dc56de6f7db71f67e683

    • SHA256

      a49d230f33ea40dc7a2525b8bf6b59185e7062a5a014d23b1ee08286f1221c63

    • SHA512

      a226e7c7974b56a8c61a17f935fb84a856c86ee40f06c439666d6125f661877004a3bd01de33ab5c8f3a85d505ffc878a53e2b2d2aa55a0bf87fba0ae060a2d4

    • SSDEEP

      393216:meRXi1y7zrU4IOrHYNrkxmW8okJtG/vMx:mp1WzrUJOxMTIvg

    Score
    8/10
    collectiondiscoveryevasionimpactpersistence

    • Checks if the Android device is rooted.

      evasion

    • Requests cell location

      Uses Android APIs to to get current cell location.

      collectiondiscoveryevasion

    • Checks CPU information

      Checks CPU information which indicate if the system is an emulator.

      evasiondiscovery

    • Checks memory information

      Checks memory information which indicate if the system is an emulator.

      evasiondiscovery

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

      discovery

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

      discovery

    • Queries information about the current nearby Wi-Fi networks

      Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

      discovery

    • Registers a broadcast receiver at runtime (usually for listening for system events)

      persistence

    • Checks if the internet connection is available

      discovery

    • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

    • Reads information about phone network operator.

      discovery

    • Listens for changes in the sensor environment (might be used to detect emulation)

      evasion
    behavioral1behavioral2

    • Target

      gdtadv2.jar

    • Size

      184KB

    • MD5

      027ece4a90aac4d84812efa9b20b2af7

    • SHA1

      564ec02d38ad8419fb3a96bed470c7a2632d3c35

    • SHA256

      ce6f738fc3df590a63cf02cae624cae1384a3198b24b9e11d26d1818c45ab98d

    • SHA512

      fbbdec0c28dc0c32d398f1e28cbf5a76a496bf8f6613a90aeda99ef62ff042eb58cd7cf747b1b03ce6cba00caecf1f20a0251d7b3fb999ddecdd3b01ade209e0

    • SSDEEP

      3072:npJhJKLgGoJc+oJIvPy2/wD0WZRv18NIkTbIgdSqwsKj7OnY2KFSt9LGKLRM:npJhJxr/HyB0oNmHIgd2pj7cYe3LRM

    Score
    1/10
    behavioral3behavioral4behavioral5

MITRE ATT&CK Mobile v15

Tasks