0516416947f71b9af9dbc95a72b0d4fd0fbff816c97bca163deed795cd75d02d

General

Target

840af04291bf6f8c239c5178e1674772_JaffaCakes118
Size

263KB
Sample

240530-nehn4sgc69
MD5

840af04291bf6f8c239c5178e1674772
SHA1

35322bd708e281a3af6f33a7a48cf01f969f123c
SHA256

0516416947f71b9af9dbc95a72b0d4fd0fbff816c97bca163deed795cd75d02d
SHA512

30a41c2a1ff09f2e7a0a479d7cd2b160d498398bc43ab0f338dae1a822e5611e3932ad21c60c836d8956003ad68497a5d9b47834107398305ef46ddf641696f2
SSDEEP

6144:bRIZPNvivXSCeVvnD2IJOsBFaw4IzEsS/ZXBc2Y4MT5fNq:bRI3i6tQIwsBFa/IvcR9Uq

Score

8^/10

Malware Config

Targets

- Target
  
  840af04291bf6f8c239c5178e1674772_JaffaCakes118
- Size
  
  263KB
- MD5
  
  840af04291bf6f8c239c5178e1674772
- SHA1
  
  35322bd708e281a3af6f33a7a48cf01f969f123c
- SHA256
  
  0516416947f71b9af9dbc95a72b0d4fd0fbff816c97bca163deed795cd75d02d
- SHA512
  
  30a41c2a1ff09f2e7a0a479d7cd2b160d498398bc43ab0f338dae1a822e5611e3932ad21c60c836d8956003ad68497a5d9b47834107398305ef46ddf641696f2
- SSDEEP
  
  6144:bRIZPNvivXSCeVvnD2IJOsBFaw4IzEsS/ZXBc2Y4MT5fNq:bRI3i6tQIwsBFa/IvcR9Uq
Score

8^/10

banker collection discovery evasion execution impact persistence stealth trojan credential_access
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Removes its main activity from the application launcher
  stealth trojan evasion
- Checks memory information
  Checks memory information which indicate if the system is an emulator.
  evasion discovery
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Obtains sensitive information copied to the device clipboard
  Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
  collection credential_access impact
- Queries account information for other applications stored on the device
  Application may abuse the framework's APIs to collect account information stored on the device.
  collection
- Queries the mobile country code (MCC)
  discovery
- Registers a broadcast receiver at runtime (usually for listening for system events)
  persistence
- Checks if the internet connection is available
  discovery
- Queries the unique device ID (IMEI, MEID, IMSI)
  discovery
- Reads information about phone network operator.
  discovery
- Schedules tasks to execute at a specified time
  Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
  execution persistence
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Targets

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Removes its main activity from the application launcher

Checks memory information

Loads dropped Dex/Jar

Obtains sensitive information copied to the device clipboard

Queries account information for other applications stored on the device

Queries the mobile country code (MCC)

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks if the internet connection is available

Queries the unique device ID (IMEI, MEID, IMSI)

Reads information about phone network operator.

Schedules tasks to execute at a specified time

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

behavioral3