29e028d52b0a5b8e7b3d627028828cdf2e0b4ccae1dfaaeb3884cc7babbe17ce

General

Target

81e943f671ed37ace694fa916cad0436_JaffaCakes118
Size

2.8MB
Sample

240529-zt9xpaae39
MD5

81e943f671ed37ace694fa916cad0436
SHA1

b1a6808d74b3640686e9afca82d821c4503d120f
SHA256

29e028d52b0a5b8e7b3d627028828cdf2e0b4ccae1dfaaeb3884cc7babbe17ce
SHA512

64e4421361a6171e2a864c28a3e38578fb9dad12aefeb0e0015603e4b03a623b033259e5fecce5f9a045d773c4905914581374fccd356a1fa00418652c376373
SSDEEP

49152:mSGVCfKa+EJNNpyCXxGc5ujWFhS8fjvBWdIRfj9XqLJdYDX1RpkyFCH+:mDC53vKCX+qvVWm1j1qL/eXHa2CH+

Score

8^/10

Malware Config

Targets

- Target
  
  81e943f671ed37ace694fa916cad0436_JaffaCakes118
- Size
  
  2.8MB
- MD5
  
  81e943f671ed37ace694fa916cad0436
- SHA1
  
  b1a6808d74b3640686e9afca82d821c4503d120f
- SHA256
  
  29e028d52b0a5b8e7b3d627028828cdf2e0b4ccae1dfaaeb3884cc7babbe17ce
- SHA512
  
  64e4421361a6171e2a864c28a3e38578fb9dad12aefeb0e0015603e4b03a623b033259e5fecce5f9a045d773c4905914581374fccd356a1fa00418652c376373
- SSDEEP
  
  49152:mSGVCfKa+EJNNpyCXxGc5ujWFhS8fjvBWdIRfj9XqLJdYDX1RpkyFCH+:mDC53vKCX+qvVWm1j1qL/eXHa2CH+
Score

8^/10

evasion impact stealth trojan banker collection credential_access discovery persistence
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Removes its main activity from the application launcher
  stealth trojan evasion
- Checks memory information
  Checks memory information which indicate if the system is an emulator.
  evasion discovery
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Obtains sensitive information copied to the device clipboard
  Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
  collection credential_access impact
- Queries information about running processes on the device
  Application may abuse the framework's APIs to collect information about running processes on the device.
  discovery
- Queries the mobile country code (MCC)
  discovery
- Registers a broadcast receiver at runtime (usually for listening for system events)
  persistence
- Queries the unique device ID (IMEI, MEID, IMSI)
  discovery
behavioral1 behavioral2 behavioral3
- Target
  
  Flash-Browser.apk
- Size
  
  1.0MB
- MD5
  
  8b183c787aa69873965d24d67abeeb9a
- SHA1
  
  b80d5ed35d5cf7df5ebdf9169ec71dbb7a411a1b
- SHA256
  
  b4617f5735eec873ee271a8642c5fc29f293d2d6efc3f8504f808c5e1176816d
- SHA512
  
  d81b3cf096e6a89b700193389da1a792990207e1ed92f9aae54a340598c54b13db3ade1b315c342789e73e3697f5e02b40a436377ff4d4ec3823314f5c59ca1f
- SSDEEP
  
  24576:/SG9qt2Cfu0iusUs2RGLEJTZNrzljfUJLkHOO9t6J:/SGVCfKa+EJNNpyC6
Score

8^/10

banker collection discovery evasion impact persistence credential_access
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Checks CPU information
  Checks CPU information which indicate if the system is an emulator.
  evasion discovery
- Checks memory information
  Checks memory information which indicate if the system is an emulator.
  evasion discovery
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Obtains sensitive information copied to the device clipboard
  Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
  collection credential_access impact
- Queries information about running processes on the device
  Application may abuse the framework's APIs to collect information about running processes on the device.
  discovery
- Queries the mobile country code (MCC)
  discovery
- Reads the content of the browser bookmarks.
  collection
- Registers a broadcast receiver at runtime (usually for listening for system events)
  persistence
- Checks if the internet connection is available
  discovery
- Queries the unique device ID (IMEI, MEID, IMSI)
  discovery
behavioral4 behavioral5 behavioral6