ec0abbe8ec2f81b14b1a6592dd04e1fd86631e3b1e04e6c23d192186fdaa95c0

Sharing

Copy URL Twitter E-mail

General

Target

7715717850feda695586a95b2ed6a384_JaffaCakes118
Size

6.8MB
Sample

240526-2x2rlafb9y
MD5

7715717850feda695586a95b2ed6a384
SHA1

1f18b0e0e5a423e7b096fcc1c13dee0f9c2ebd28
SHA256

ec0abbe8ec2f81b14b1a6592dd04e1fd86631e3b1e04e6c23d192186fdaa95c0
SHA512

3cac03e64590d6aefc13c742b7a07e2ba1ccccdfb72331e80c1745e6848fcec44422bb36b678c3fb2dd14afdf75b5a740cd98115f55a9da18acbd74d89ec8948
SSDEEP

98304:xpTKMgSOwZYmtwxk60nzb6TxbD9d0aeVF7uhjwqGvzBdVdS9ZTeRWFfvw+rWjrea:DTHgdhWWk6cuNa+wpvzZU9ZTpYWMKq

Score

8^/10

Malware Config

Targets

- Target
  
  7715717850feda695586a95b2ed6a384_JaffaCakes118
- Size
  
  6.8MB
- MD5
  
  7715717850feda695586a95b2ed6a384
- SHA1
  
  1f18b0e0e5a423e7b096fcc1c13dee0f9c2ebd28
- SHA256
  
  ec0abbe8ec2f81b14b1a6592dd04e1fd86631e3b1e04e6c23d192186fdaa95c0
- SHA512
  
  3cac03e64590d6aefc13c742b7a07e2ba1ccccdfb72331e80c1745e6848fcec44422bb36b678c3fb2dd14afdf75b5a740cd98115f55a9da18acbd74d89ec8948
- SSDEEP
  
  98304:xpTKMgSOwZYmtwxk60nzb6TxbD9d0aeVF7uhjwqGvzBdVdS9ZTeRWFfvw+rWjrea:DTHgdhWWk6cuNa+wpvzZU9ZTpYWMKq
Score

8^/10

banker collection discovery evasion persistence
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Requests cell location
  Uses Android APIs to to get current cell location.
  collection discovery evasion
- Checks CPU information
  Checks CPU information which indicate if the system is an emulator.
  evasion discovery
- Checks memory information
  Checks memory information which indicate if the system is an emulator.
  evasion discovery
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Queries information about the current Wi-Fi connection
  Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
  discovery
- Queries information about the current nearby Wi-Fi networks
  Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
  discovery
- Registers a broadcast receiver at runtime (usually for listening for system events)
  persistence
- Checks if the internet connection is available
  discovery
- Domain associated with commercial stalkerware software, includes indicators from echap.eu.org
- Reads information about phone network operator.
  discovery
behavioral1 behavioral2
- Target
  
  __pasys_remote_banner.jar
- Size
  
  108KB
- MD5
  
  63ba17ca047dc71aa659c7ed8bb60de5
- SHA1
  
  675bd0556bce8d43cd29a6d9b3d996d41f3e0b2b
- SHA256
  
  2750f3af62f5b9d1d21f6a8215f529e472e7098ac16295b976a29115e8520a52
- SHA512
  
  5b70f6bc391276d2034a97e371adad0a635caafdfc33d32791db1432d4cca3f0364e1af6b10b574df5c8f3345bd5539a4d70455aa521f10b239e68216f5ddc39
- SSDEEP
  
  1536:JsIZFap4+HLANZ5+01fFI5iWBrANsLIHmd1C4i6L/AvuWD7i3z7Y6mrfrJvIC8O:JPZEpHrA3x1i53hxLOQ4I4mD3zk6mlI2
Score

1^/10
behavioral3 behavioral4 behavioral5
- Target
  
  gdtadv2.jar
- Size
  
  95KB
- MD5
  
  1f8e471159989339dfd7ca1c1681406d
- SHA1
  
  ccccc7182b4b37edf956fe94e177953fe1b4e1c5
- SHA256
  
  877f09c95f6616e80d7dfc94dc3f5657666c0e79bfddf8ed8ce69031edad3e93
- SHA512
  
  d262e9291d7be76d1e6525cc483e46a172f3ab11363f0cf71dabc53fdd8edc6b8266c15b81c271adb194b76260b4c4f7c088fa7ad8b1d78e1dc7b5ab0f19ebcb
- SSDEEP
  
  1536:lRiH7wpRgi2XJ8FVkvf8iJwoMlqJ+FgRnZMzC5zJoHEzo2yOmEZ9MhtAho6wBOyN:lRmoI58FVkJLgqcFgRn2eXBk9LiMhtA8
Score

1^/10
behavioral6 behavioral7 behavioral8