Overview

overview

8

Static

static

6

892965862e...18.apk

android-9-x86

8

892965862e...18.apk

android-10-x64

8

base.apk

android-9-x86

base.apk

android-10-x64

base.apk

android-11-x64

dynamic.apk

android-9-x86

dynamic.apk

android-10-x64

dynamic.apk

android-11-x64

gdtadv2.apk

android-9-x86

gdtadv2.apk

android-10-x64

gdtadv2.apk

android-11-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    892965862ecf6dfba48e1c015ea063ed_JaffaCakes118

  • Size

    7.6MB

  • Sample

    240601-c7rxpsfh45

  • MD5

    892965862ecf6dfba48e1c015ea063ed

  • SHA1

    c5b2e0614f96da3ef7cecfb059bc8c49a0a54005

  • SHA256

    157d3f1be4493f95efdd1c4ac73d02a808e795f081df3a0aaac355ed4f51b187

  • SHA512

    2dd0e54d1a46a37e2b10d31ccda35f524e1a9b399c245cc51d18bd339cdfe53feca26b18d7d91e42577d413ccc91e7fb4706cddaaaf560372890b104dd8f52c6

  • SSDEEP

    196608:yODloyE/BRqw/cR9zSTJRGte/zm5cpiYP4mGVjwPHV:yODu/OyS9GTJ8DC4YP4mGSV

Score
8/10
androidbankercollectioncredential_accessdiscoveryevasionimpactpersistence

Malware Config

Targets

    • Target

      892965862ecf6dfba48e1c015ea063ed_JaffaCakes118

    • Size

      7.6MB

    • MD5

      892965862ecf6dfba48e1c015ea063ed

    • SHA1

      c5b2e0614f96da3ef7cecfb059bc8c49a0a54005

    • SHA256

      157d3f1be4493f95efdd1c4ac73d02a808e795f081df3a0aaac355ed4f51b187

    • SHA512

      2dd0e54d1a46a37e2b10d31ccda35f524e1a9b399c245cc51d18bd339cdfe53feca26b18d7d91e42577d413ccc91e7fb4706cddaaaf560372890b104dd8f52c6

    • SSDEEP

      196608:yODloyE/BRqw/cR9zSTJRGte/zm5cpiYP4mGVjwPHV:yODu/OyS9GTJ8DC4YP4mGSV

    Score
    8/10
    bankercollectiondiscoveryevasionimpactpersistencecredential_access

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Requests cell location

      Uses Android APIs to to get current cell location.

      collectiondiscoveryevasion

    • Checks CPU information

      Checks CPU information which indicate if the system is an emulator.

      evasiondiscovery

    • Checks memory information

      Checks memory information which indicate if the system is an emulator.

      evasiondiscovery

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Obtains sensitive information copied to the device clipboard

      Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

      collectioncredential_accessimpact

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

      discovery

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

      discovery

    • Queries information about the current nearby Wi-Fi networks

      Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

      discovery

    • Queries the mobile country code (MCC)

      discovery

    • Registers a broadcast receiver at runtime (usually for listening for system events)

      persistence

    • Checks if the internet connection is available

      discovery

    • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

    • Queries the unique device ID (IMEI, MEID, IMSI)

      discovery

    • Reads information about phone network operator.

      discovery
    behavioral1behavioral2

    • Target

      base.bin

    • Size

      882KB

    • MD5

      a032e976b181f33eb6d1f05cd6e2177a

    • SHA1

      7b7ce7e65921025392d852879621dbbf115ae5c3

    • SHA256

      1fa9c64f849e4a55fee89ba2ff5da4f5e61ba49fcd9de20a3f06b05698ebe5c9

    • SHA512

      e6c6656c7b95412b28d80f0b317f251bcfdb6d635f62e42e1efec0d80be9458461c2fd00edbc23b030a609573308a8d3aad0543159addb6a5e85f837bcbbc9f4

    • SSDEEP

      24576:qNVi95ZECmCzVx3Mmh4ZQel0eH+1fiuJdEey:mi5ZECma3Mm6QJeHUiugL

    Score
    1/10
    behavioral3behavioral4behavioral5

    • Target

      dynamic.jar

    • Size

      108KB

    • MD5

      036c1d91555f71d141fded831b7060b9

    • SHA1

      8848f30afba238581420a22c267ee48de425f26c

    • SHA256

      b3391347fceb2a7ee182f9f13fd168b2f990044d866a7e765bdc21e79c2cc330

    • SHA512

      8eda9af8144e10ee9bf339385e814204a6a0e43f9a9597948f63e931d917d997d7985569f1850ec14c0df75ddd3d92a55abe8fd0c42fd2bf3897c525502d6afd

    • SSDEEP

      3072:O7o0mE6vhSEwJF6BC7TJ+R/o12tA80lB7Y:6HohdOEBC7TAloAt4lVY

    Score
    1/10
    behavioral6behavioral7behavioral8

    • Target

      gdtadv2.jar

    • Size

      184KB

    • MD5

      9c9416e5b583e395df107443deab01e6

    • SHA1

      9d7188b483bfe3dddc3d057a89a7f980006f26a9

    • SHA256

      340df5c81b4b9ac9154746fdb9a88ebfc4046b72b28951dfefb85f1ab2faf358

    • SHA512

      93f690db06ed593061e634c6a4316ab1bf466806a6f3cf0ff971521664cd379d249642549e04c899edd0749a6fe524109fbd1cba51d96dd9d50aa40d23b2ffa4

    • SSDEEP

      3072:NkY8wpgkFStgq9PNPuOnoGKy/zc/jB5B4HbyQhg1DEzSGFGelzGRUZ1g1M:X8/kFSt1NPudGIjB5qbziozvSM

    Score
    1/10
    behavioral10behavioral11behavioral9

MITRE ATT&CK Mobile v15

Tasks