Overview

overview

10

Static

static

6

86b19d7e4f...18.apk

android-9-x86

10

86b19d7e4f...18.apk

android-10-x64

10

86b19d7e4f...18.apk

android-11-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    86b19d7e4f8d950fb9e653824a4ce249_JaffaCakes118

  • Size

    2.3MB

  • Sample

    240531-mkyf3seg2z

  • MD5

    86b19d7e4f8d950fb9e653824a4ce249

  • SHA1

    f3c0d3a704e452e519cdc4c454dab02341a6dba1

  • SHA256

    59538c4bc60dea085aec1ebb720059281a117fa5c64747efc16f3ba77b00dde3

  • SHA512

    c8d1555348f351a1101e4795e08fbe630ac753a776ad90037fcd11a394fb03fabc885edd3524493bca1228b89f8f1ef724995d907062e726f6db0b75d8dc2062

  • SSDEEP

    49152:f4/hJWSDii35rUCzDAfZKAWO3NyzvMtG9KJgbdbp72oeU7Pu0w:f4/hJdlUCfAfLh3NsUgbRwWPY

Score
10/10
hydraandroidbankercollectioncredential_accessdiscoveryevasioninfostealerpersistencestealthtrojan

Malware Config

Targets

    • Target

      86b19d7e4f8d950fb9e653824a4ce249_JaffaCakes118

    • Size

      2.3MB

    • MD5

      86b19d7e4f8d950fb9e653824a4ce249

    • SHA1

      f3c0d3a704e452e519cdc4c454dab02341a6dba1

    • SHA256

      59538c4bc60dea085aec1ebb720059281a117fa5c64747efc16f3ba77b00dde3

    • SHA512

      c8d1555348f351a1101e4795e08fbe630ac753a776ad90037fcd11a394fb03fabc885edd3524493bca1228b89f8f1ef724995d907062e726f6db0b75d8dc2062

    • SSDEEP

      49152:f4/hJWSDii35rUCzDAfZKAWO3NyzvMtG9KJgbdbp72oeU7Pu0w:f4/hJdlUCfAfLh3NsUgbRwWPY

    Score
    10/10
    hydrabankercollectioncredential_accessdiscoveryevasioninfostealerpersistencestealthtrojan

    • Hydra

      Android banker and info stealer.

      bankertrojaninfostealerhydra

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

      collectionevasioncredential_access

    • Removes its main activity from the application launcher

      stealthtrojanevasion

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Queries the mobile country code (MCC)

      discovery

    • Registers a broadcast receiver at runtime (usually for listening for system events)

      persistence

    • Requests enabling of the accessibility settings.

    • Checks if the internet connection is available

      discovery

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Reads information about phone network operator.

      discovery
    behavioral1behavioral2behavioral3

MITRE ATT&CK Mobile v15

Tasks