fb576d35b45244520e79828113d5ce375efb99c44e730f96215879c07159f055

General

Target

806ce5cfba186eae504cb89bdf6ba6b0_JaffaCakes118
Size

18.2MB
Sample

240529-mg6naabe4y
MD5

806ce5cfba186eae504cb89bdf6ba6b0
SHA1

07b2f9a5f9be8c3f783cb18ad8cc2ab7e5d7ae33
SHA256

fb576d35b45244520e79828113d5ce375efb99c44e730f96215879c07159f055
SHA512

0c2bad6e0882b73d920992668d0e9ff52e81a0b24aa99ec4ef9135176f08f5e469b369207c226ed2831a5722d81556fc04ea9a43296586fc7d98a3348cd07771
SSDEEP

393216:vhZDYplbERyDUKd1kPhuOcFnVMJXP4YMAbz0CRxM+i/Rw8Pm:JRYXy0v7VMJXPEA/xMf/6J

Score

8^/10

Malware Config

Targets

- Target
  
  806ce5cfba186eae504cb89bdf6ba6b0_JaffaCakes118
- Size
  
  18.2MB
- MD5
  
  806ce5cfba186eae504cb89bdf6ba6b0
- SHA1
  
  07b2f9a5f9be8c3f783cb18ad8cc2ab7e5d7ae33
- SHA256
  
  fb576d35b45244520e79828113d5ce375efb99c44e730f96215879c07159f055
- SHA512
  
  0c2bad6e0882b73d920992668d0e9ff52e81a0b24aa99ec4ef9135176f08f5e469b369207c226ed2831a5722d81556fc04ea9a43296586fc7d98a3348cd07771
- SSDEEP
  
  393216:vhZDYplbERyDUKd1kPhuOcFnVMJXP4YMAbz0CRxM+i/Rw8Pm:JRYXy0v7VMJXPEA/xMf/6J
Score

8^/10

banker discovery evasion impact persistence
- Checks if the Android device is rooted.
  evasion
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Checks known Qemu files.
  Checks for known Qemu files that exist on Android virtual device images.
  evasion
- Checks known Qemu pipes.
  Checks for known pipes used by the Android emulator to communicate with the host.
  evasion
- Checks memory information
  Checks memory information which indicate if the system is an emulator.
  evasion discovery
- Queries information about running processes on the device
  Application may abuse the framework's APIs to collect information about running processes on the device.
  discovery
- Queries information about the current Wi-Fi connection
  Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
  discovery
- Queries information about the current nearby Wi-Fi networks
  Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
  discovery
- Registers a broadcast receiver at runtime (usually for listening for system events)
  persistence
- Checks if the internet connection is available
  discovery
- Reads information about phone network operator.
  discovery
behavioral1
- Target
  
  amap_resource1_0_0.png
- Size
  
  25KB
- MD5
  
  fe29e9e7455620cbe8fc94127695c40a
- SHA1
  
  9726c6e02f83f4ff734f00a27e5904cfbccea088
- SHA256
  
  db1d5b89899d7e3bd5a59ac1f08a865d98d95483d4bfa756818fd57a1d3678d9
- SHA512
  
  0fcc444faf8d1751df717022edcbd580ee42ab8710902e4e52271bee03c7f5081d2b81f97fbdbb6cb50ac5b6ef55e70c660974d8172e09e46ef6f3e822eb7659
- SSDEEP
  
  384:R2x7OeIWgvox8ESREGIEhV6p1gjIJE+roCaj12MVWMZDO6ARiSX7:RqIWgvztCG9hV6p1agMZq6Aow
Score

1^/10
behavioral2 behavioral3 behavioral4
- Target
  
  autonavi_Resource1_1_0.png
- Size
  
  450KB
- MD5
  
  f521823543572cb025b257795dc70241
- SHA1
  
  75be9d9c8324d78986ab85c0f47115db53454d53
- SHA256
  
  a0b2ea52c9b6eead5f0c4a2620c61d2f6ec86aa7c1fdca1ad41eea7cd29d39d9
- SHA512
  
  dd35f3eac327febbb163c971af75fbef6787e3dc48a2a4e5b585db9305836904fbc57fcc25762b6c95948c9cef5bc57bdeee37613e1c7e57782bd0f1f9e3da6e
- SSDEEP
  
  12288:hKoinyQIcMdMNE4/lzzm8vDCLG/dPt/Oo47X77:E4Q8dMO4/lzzmzLG/dPt/Oo47r7
Score

1^/10
behavioral5 behavioral6 behavioral7