Overview

overview

8

Static

static

6

81d9d858a6...18.apk

android-9-x86

8

MiGameCent...ce.apk

android-9-x86

8

MiGameCent...ce.apk

android-10-x64

8

MiGameCent...ce.apk

android-11-x64

8

unicom_resource.apk

android-9-x86

1

unicom_resource.apk

android-10-x64

1

unicom_resource.apk

android-11-x64

1

mimo_asset.apk

android-9-x86

1

mimo_asset.apk

android-10-x64

1

mimo_asset.apk

android-11-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    81d9d858a67abcfcf8892804642da7d8_JaffaCakes118

  • Size

    29.6MB

  • Sample

    240529-zgal3ahb61

  • MD5

    81d9d858a67abcfcf8892804642da7d8

  • SHA1

    0d072ef0843ad6b3cf2503373166d66366258f0e

  • SHA256

    a613dc88c831b364dbd3cec517c727d8d57c1e4cd41317a3d89760d5f46e7cfa

  • SHA512

    5084b969269a125b1ff531a0334cb7047d16b75c050bbfa9423a8767352c18dae20c3b450d1a26810b60255be64df0a48a5caf6eb46a1341fa87c8dd93a7f1ae

  • SSDEEP

    786432:tCvQNIn6wRnvmmO2xhpKWOHNCaFnYBWLJ/9FuLR8Qfm:tC5nZR0ILKhC7BwToRNm

Score
8/10
androidbankercollectiondiscoveryevasionimpactpersistence

Malware Config

Targets

    • Target

      81d9d858a67abcfcf8892804642da7d8_JaffaCakes118

    • Size

      29.6MB

    • MD5

      81d9d858a67abcfcf8892804642da7d8

    • SHA1

      0d072ef0843ad6b3cf2503373166d66366258f0e

    • SHA256

      a613dc88c831b364dbd3cec517c727d8d57c1e4cd41317a3d89760d5f46e7cfa

    • SHA512

      5084b969269a125b1ff531a0334cb7047d16b75c050bbfa9423a8767352c18dae20c3b450d1a26810b60255be64df0a48a5caf6eb46a1341fa87c8dd93a7f1ae

    • SSDEEP

      786432:tCvQNIn6wRnvmmO2xhpKWOHNCaFnYBWLJ/9FuLR8Qfm:tC5nZR0ILKhC7BwToRNm

    Score
    8/10
    bankercollectiondiscoveryevasionimpactpersistence

    • Checks if the Android device is rooted.

      evasion

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Requests cell location

      Uses Android APIs to to get current cell location.

      collectiondiscoveryevasion

    • Checks CPU information

      Checks CPU information which indicate if the system is an emulator.

      evasiondiscovery

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

      discovery

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

      discovery

    • Queries information about the current nearby Wi-Fi networks

      Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

      discovery

    • Registers a broadcast receiver at runtime (usually for listening for system events)

      persistence

    • Checks if the internet connection is available

      discovery

    • Queries the unique device ID (IMEI, MEID, IMSI)

      discovery

    • Reads information about phone network operator.

      discovery

    • Requests dangerous framework permissions

    • Listens for changes in the sensor environment (might be used to detect emulation)

      evasion
    behavioral1

    • Target

      MiGameCenterSDKService.apk

    • Size

      5.2MB

    • MD5

      f32ab0ab2ed58691ba1f4fbd46be3506

    • SHA1

      89b2abe5a52714b55e7a6b5245f786f7be6d23f9

    • SHA256

      25ee37926cb10bf50f51ce817513059ade7ecbdf589142ab05e56ee2dcc94fd2

    • SHA512

      a75e0a12d1c216fc528577d1ef52d81e597e259f114ca8fb2af8fb9329cad1c86636408bb55b9bb5bb08583df96615f54590c142a8a736f9a089e322aa890e46

    • SSDEEP

      98304:ayrBRZZz1VGiDp05BrS0FTS40PY7lzYga7qYcsnsnEX/n1PI3:H1LZJ/pmBrBS45lU7qBssnEP+

    Score
    8/10
    bankerdiscoveryimpactpersistence

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

      discovery

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

      discovery

    • Registers a broadcast receiver at runtime (usually for listening for system events)

      persistence

    • Checks if the internet connection is available

      discovery

    • Queries the unique device ID (IMEI, MEID, IMSI)

      discovery

    • Reads information about phone network operator.

      discovery
    behavioral2behavioral3behavioral4

    • Target

      unicom_resource.dat

    • Size

      45KB

    • MD5

      b7b9f657da1f868a6b321dc2e6761eda

    • SHA1

      1f6a3a5f6af9ecabaa4018f747988cda7b60ca6c

    • SHA256

      a491c5e41b81127ff86d9ac9a5c23b3c63a026d5ea2e464a1d615e3b0225c1b9

    • SHA512

      5bb939512d4c4403896c87922974b99bc60755f7ee2a3840c5faeffd146b4dee97e089f808b3df25fa3041236ef1f63c78dd4c4383c0ab8e734542638033b003

    • SSDEEP

      768:foUlrwIc3/D+PM9pdN0KIv+ciFWAkEsDVop56mAlNZ6B/pEBTb7PZ6dkB1VXN65R:foUJwIAD+Cpd6KZilNZ6B/pgH7x4kB9A

    Score
    1/10
    behavioral5behavioral6behavioral7

    • Target

      mimo_asset.apk

    • Size

      300KB

    • MD5

      bf0be21e40885f5f682349db415ba2f8

    • SHA1

      823bcad773983ab798565f7b64b95783dce14d80

    • SHA256

      aca4c8f0522c09a77bcc790b10c772611525456cc88da97b0240ffdfe1c4a2eb

    • SHA512

      3c837718ddcc19885e00d54f9b7c336d83406571affdf64411e85a1ca317d67399e1cd56c5472a725568897dcd45bc5d94b87747be72b15e37e565034544be81

    • SSDEEP

      6144:9iUeeinlRr2M1qqdRT6y1hw7ayIaTAEQKmAxAJU8wgKZ/sCtY05:sULiXQqdUOEzUTKA95KdJY05

    Score
    1/10
    behavioral10behavioral8behavioral9

MITRE ATT&CK Mobile v15

Tasks