Overview

overview

8

Static

static

6

7334a59681...18.apk

android-9-x86

7

7334a59681...18.apk

android-10-x64

7

7334a59681...18.apk

android-11-x64

6

dx.apk

android-9-x86

8

dx.apk

android-10-x64

8

com.nd.and...me.apk

android-9-x86

1

com.nd.and...me.apk

android-10-x64

1

com.nd.and...me.apk

android-11-x64

1

com.nd.hil...12.apk

android-9-x86

7

com.nd.hil...12.apk

android-10-x64

7

com.nd.hil...12.apk

android-11-x64

1

nd.apk

android-9-x86

nd.apk

android-10-x64

nd.apk

android-11-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7334a596810fed970cf990a74cfaffba_JaffaCakes118

  • Size

    11.8MB

  • Sample

    240525-zmywvaad93

  • MD5

    7334a596810fed970cf990a74cfaffba

  • SHA1

    47258eaff968c66268c02d5bd85e0fa06cbadc6c

  • SHA256

    67e62234a3eb07a02fa8b48fc8b98d3173860d73cd0be4e2a35f26bed650f865

  • SHA512

    83c2d1d7c49aff558f8d9264e2e421b303dc0261e2444f18534aaaf76ef95ce2ca0aec867ca2fa04f83f696e26c7e479b08325394e0f9d4af094a5a2541382bd

  • SSDEEP

    196608:f9Sw+nVfQbWcGaAttoWqEjuGo/WyVrNgZRWqJHAB1uNX0/5e0cQtxQo:f9KR0BGr37Sx2ZRhHm0yxFcQbR

Score
8/10
androidcollectioncredential_accessdiscoveryevasionimpactpersistenceransomware

Malware Config

Targets

    • Target

      7334a596810fed970cf990a74cfaffba_JaffaCakes118

    • Size

      11.8MB

    • MD5

      7334a596810fed970cf990a74cfaffba

    • SHA1

      47258eaff968c66268c02d5bd85e0fa06cbadc6c

    • SHA256

      67e62234a3eb07a02fa8b48fc8b98d3173860d73cd0be4e2a35f26bed650f865

    • SHA512

      83c2d1d7c49aff558f8d9264e2e421b303dc0261e2444f18534aaaf76ef95ce2ca0aec867ca2fa04f83f696e26c7e479b08325394e0f9d4af094a5a2541382bd

    • SSDEEP

      196608:f9Sw+nVfQbWcGaAttoWqEjuGo/WyVrNgZRWqJHAB1uNX0/5e0cQtxQo:f9KR0BGr37Sx2ZRhHm0yxFcQbR

    Score
    7/10
    persistence

    • Registers a broadcast receiver at runtime (usually for listening for system events)

      persistence

    • Requests dangerous framework permissions

    behavioral1behavioral2behavioral3

    • Target

      dx.mp3

    • Size

      7.2MB

    • MD5

      0f950dfda38eefaeb6de94e093ad9d7f

    • SHA1

      b19d618f2b33358581e494f4df947b872c0ea210

    • SHA256

      b2becd583a525a93c4944ec984fdd1528eaf7c36632ac5bc3bb8c7791d40f586

    • SHA512

      d2b632e688c9de2e3efb4f50fe86fc73924dbefc8d4b9d90729a4ac8ddf6ca2bac69c7ff86db77cdb3ec255d6be657603fd388a92aebbd9df00ef31fae1e192d

    • SSDEEP

      98304:X9ZrEUl9ceYTVmkQb+FAEI7iTkpF/d4paAh7aAttoc7UlrJ2jNjbQT+VJoqHCONW:X9Sw+nVfQbWcGaAttoWqEjuGo/WyVr5

    Score
    8/10
    collectiondiscoveryevasionimpactpersistenceransomwarecredential_access

    • Checks if the Android device is rooted.

      evasion

    • Requests cell location

      Uses Android APIs to to get current cell location.

      collectiondiscoveryevasion

    • Checks memory information

      Checks memory information which indicate if the system is an emulator.

      evasiondiscovery

    • Obtains sensitive information copied to the device clipboard

      Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

      collectioncredential_accessimpact

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

      discovery

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

      discovery

    • Queries the mobile country code (MCC)

      discovery

    • Reads the content of the call log.

      collection

    • Registers a broadcast receiver at runtime (usually for listening for system events)

      persistence

    • Checks if the internet connection is available

      discovery

    • Queries the unique device ID (IMEI, MEID, IMSI)

      discovery

    • Reads information about phone network operator.

      discovery

    • Changes the wallpaper (common with ransomware activity)

      ransomware
    behavioral4behavioral5

    • Target

      com.nd.android.widget.pandahome.flashlight

    • Size

      420KB

    • MD5

      d7ed82aa742154281da5c6c64baa72be

    • SHA1

      833fa9169f66a4fac0a844902d8305da875f316e

    • SHA256

      5f54363be719d281f9d64d68af9e7093aba66b0781d99025e331a2375636e271

    • SHA512

      222b0664cdf950a8e6d189a822ed379c29f56e2d3e36d35a35b4afc07a800a225df23a8bd1de43455a94eedaf3e8a28773ea5da13009279191d27bca3106594b

    • SSDEEP

      6144:KvuvJ1RJBq3MA4DQ1siZAGml4T+fLJ7W1VXS4e8iay+8/faWdhDlE/8MskMZjv7c:KWx1Rm4DQ1cGlTWtINe8C+s3zPXwdp

    Score
    1/10
    behavioral6behavioral7behavioral8

    • Target

      com.nd.hilauncherdev.plugin.browser_V_3_M_11ca6e5243bb6ed7fad7b01082506412.jar

    • Size

      327KB

    • MD5

      8dd5d40f0cafe4c4bccb2749693d0237

    • SHA1

      505fb609c9c5bf906804418ea2e1a3561f19e893

    • SHA256

      42747bb18c44e480c583b030022b0ede18081f4458adff2438e23a62a4faea9a

    • SHA512

      42fd9da7fc0c283758b4af47bedc3dd553bb6e2de34364f19c9c043179c7e36720931292bb1b55091c99d256a7e48b0f753d78f4eacc52e360ba376b6dc3deb3

    • SSDEEP

      6144:ziogCBYgQMMknvo7pv8W8cCILTQtWIGQjmW//d+m:zpgCBY1pwo7pkz6QtUPm

    Score
    7/10
    discoverypersistence

    • Registers a broadcast receiver at runtime (usually for listening for system events)

      persistence

    • Queries the unique device ID (IMEI, MEID, IMSI)

      discovery
    behavioral10behavioral11behavioral9

    • Target

      nd.jar

    • Size

      3KB

    • MD5

      330e5a7a65f3d6593b4e3693cb6b581a

    • SHA1

      97ed25af93827667740ddc0f5f20efaa0db79f2f

    • SHA256

      effd679a8cfef061b537814b41f2733a9785d80d1d11f8c61216a78b35c747ca

    • SHA512

      3b2234d683cfbfde304d23150678595076eff41c691269dfc0d1d035b784113879e84d19ec732b257ea2146b4170edda2d8ece79449c2a33d948d0ae4e777328

    Score
    1/10
    behavioral12behavioral13behavioral14

MITRE ATT&CK Mobile v15

Tasks