Overview

overview

8

Static

static

6

7e79ba2844...18.apk

android-9-x86

8

7e79ba2844...18.apk

android-10-x64

8

7e79ba2844...18.apk

android-11-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7e79ba2844318f16888f4ab4f96a6457_JaffaCakes118

  • Size

    508KB

  • Sample

    240528-1d47yaed57

  • MD5

    7e79ba2844318f16888f4ab4f96a6457

  • SHA1

    793c0ad71ac32022285de838f1a5c28b709a1687

  • SHA256

    a16db78a0ce705484bf1e594ef03ebfbf0115a0f51dc58d38e813ef22995ee56

  • SHA512

    549a10cb650207fc226616fb941ad8e8f7923030f52b5359a74cf8238327fdc0c9abc1a6626a1d5c0adf860149471e70bc74dff988fae5ee3a9a75661e455309

  • SSDEEP

    12288:XyTEnuMrgEcZQr9TTb/CEKVg7ZFvMQFHFZGidAhr1:gGrIiTTb/CEZEQFHxWr1

Score
8/10
androidcollectiondiscoveryevasionexecutionimpactpersistencestealthtrojan

Malware Config

Targets

    • Target

      7e79ba2844318f16888f4ab4f96a6457_JaffaCakes118

    • Size

      508KB

    • MD5

      7e79ba2844318f16888f4ab4f96a6457

    • SHA1

      793c0ad71ac32022285de838f1a5c28b709a1687

    • SHA256

      a16db78a0ce705484bf1e594ef03ebfbf0115a0f51dc58d38e813ef22995ee56

    • SHA512

      549a10cb650207fc226616fb941ad8e8f7923030f52b5359a74cf8238327fdc0c9abc1a6626a1d5c0adf860149471e70bc74dff988fae5ee3a9a75661e455309

    • SSDEEP

      12288:XyTEnuMrgEcZQr9TTb/CEKVg7ZFvMQFHFZGidAhr1:gGrIiTTb/CEZEQFHxWr1

    Score
    8/10
    collectiondiscoveryevasionexecutionimpactpersistencestealthtrojan

    • Checks if the Android device is rooted.

      evasion

    • Removes its main activity from the application launcher

      stealthtrojanevasion

    • Requests cell location

      Uses Android APIs to to get current cell information.

      collectiondiscovery

    • Registers a broadcast receiver at runtime (usually for listening for system events)

      persistence

    • Checks if the internet connection is available

      discovery

    • Reads information about phone network operator.

      discovery

    • Schedules tasks to execute at a specified time

      Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

      executionpersistence
    behavioral1behavioral2behavioral3

MITRE ATT&CK Matrix

Tasks