81b7004621fdea626b1e3ddaca0a25d9e1dc3e27c71230cab1aad261cee9c099

General

Target

782888fe9b09bd25cbe7846d5285b983_JaffaCakes118
Size

30.8MB
Sample

240527-gyggtsbe32
MD5

782888fe9b09bd25cbe7846d5285b983
SHA1

4c54d535cd77718103c24f565e02be2b44634cae
SHA256

81b7004621fdea626b1e3ddaca0a25d9e1dc3e27c71230cab1aad261cee9c099
SHA512

3d47840cd34456e57a6ae26ea482fc9fc6fa98ff32db3500ca222347ee322104e184efd7eda282366bec58d1ee793523b860ed8c4e6b1d7d35bed0a0cf0f42dc
SSDEEP

786432:urZUIASrKMNxKxhU+5w3RpGL4enDf1RZLkz0Ja9INik:uSIASuMNxeG+5w3RNenZfQoE9INik

Score

8^/10

Malware Config

Targets

- Target
  
  782888fe9b09bd25cbe7846d5285b983_JaffaCakes118
- Size
  
  30.8MB
- MD5
  
  782888fe9b09bd25cbe7846d5285b983
- SHA1
  
  4c54d535cd77718103c24f565e02be2b44634cae
- SHA256
  
  81b7004621fdea626b1e3ddaca0a25d9e1dc3e27c71230cab1aad261cee9c099
- SHA512
  
  3d47840cd34456e57a6ae26ea482fc9fc6fa98ff32db3500ca222347ee322104e184efd7eda282366bec58d1ee793523b860ed8c4e6b1d7d35bed0a0cf0f42dc
- SSDEEP
  
  786432:urZUIASrKMNxKxhU+5w3RpGL4enDf1RZLkz0Ja9INik:uSIASuMNxeG+5w3RNenZfQoE9INik
Score

7^/10

discovery evasion
- Checks CPU information
  Checks CPU information which indicate if the system is an emulator.
  evasion discovery
- Acquires the wake lock
behavioral1
- Target
  
  xxzhushou.apk
- Size
  
  2.8MB
- MD5
  
  06bd15c05457a7e2572f0a40b9da05e4
- SHA1
  
  d9452718117fe52d33e0bd20e3b4e2b9d1a9f3a1
- SHA256
  
  c02090822d2b1860de36dfb29ce0f8ae4f022ce31493d3afc9cd13df7c17f428
- SHA512
  
  cdac155c689b7f924f0553ec3f45772af11207e628f4edd3347d59fd306991fe8b366958fe10bbcfcf3e3762af59c1b6c00cae68cb632dee2a041c2a978b8980
- SSDEEP
  
  49152:KhYFAqgURjZbJeRP/MeOpZ0fhOsFQ1Xaoo89+7zO6Foj/KqQaL8d:UBqgUhZVu36pZwhOsFQ1XxovFojCqQa2
Score

8^/10

banker discovery persistence
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Queries information about running processes on the device
  Application may abuse the framework's APIs to collect information about running processes on the device.
  discovery
- Registers a broadcast receiver at runtime (usually for listening for system events)
  persistence
- Checks if the internet connection is available
  discovery
- Reads information about phone network operator.
  discovery
- Requests dangerous framework permissions
behavioral2
- Target
  
  KingUser.apk
- Size
  
  724KB
- MD5
  
  026d6c196f1094dc16c77626d9cf1df3
- SHA1
  
  088e23bcdd74c40847d710d2dccb8e54dec6ef39
- SHA256
  
  d59d74cfc89a9f5c0027aaa43d05f8a80c1fa2057b17dc0c3b6ecafadd8ca4c0
- SHA512
  
  618d6a69ab76373e317da972c420168e7a7001c9b0dd195f6f2078343ee2c7ea8139d4e293d7497bf4737e9d9354a5215478fe3ea5089086b5e3ee54e2df6b62
- SSDEEP
  
  12288:sHzN6DvaGYBYUcrYYFA6O2Ng3l6O+tRVrFoOz5nQ4TeG9kpGhHbgEFsUC1/jDp:sTtYUcFFADqg3l6RRVywa4SSeGhHluUa
Score

8^/10

discovery impact banker evasion persistence
- Checks if the Android device is rooted.
  evasion
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Checks CPU information
  Checks CPU information which indicate if the system is an emulator.
  evasion discovery
- Checks memory information
  Checks memory information which indicate if the system is an emulator.
  evasion discovery
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Queries information about running processes on the device
  Application may abuse the framework's APIs to collect information about running processes on the device.
  discovery
- Queries information about the current Wi-Fi connection
  Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
  discovery
- Acquires the wake lock
- Checks if the internet connection is available
  discovery
- Queries the unique device ID (IMEI, MEID, IMSI)
  discovery
behavioral3 behavioral4 behavioral5