Overview

overview

8

Static

static

6

89475a793d...18.apk

android-9-x86

7

89475a793d...18.apk

android-13-x64

8

gdtadv2.apk

android-9-x86

gdtadv2.apk

android-10-x64

gdtadv2.apk

android-11-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    89475a793dc1e74bd5bd6f2d4e9867b4_JaffaCakes118

  • Size

    26.7MB

  • Sample

    240601-ecrdsshe35

  • MD5

    89475a793dc1e74bd5bd6f2d4e9867b4

  • SHA1

    44903e6a607a039ff4fcfcdd615ba912e3274df4

  • SHA256

    989ad5e75622095706fbe9cc3329ded2d4010a6e5987d027e7d577ee3637f5ed

  • SHA512

    c1afdc32363b61847477ae36b897c63c162a4c5d686159950ba4dcac1324b4904f7d015e17772c813dfd4a562658f49addf16381973ab891e86c4a8b3a550f34

  • SSDEEP

    786432:knA5WeCPiTmWBh3xMn/Dbhui+UzaNo8UyK7hLs9:knA9CCZW/D2U+IyKhI9

Score
8/10
androidcollectiondiscoveryevasionimpactpersistence

Malware Config

Targets

    • Target

      89475a793dc1e74bd5bd6f2d4e9867b4_JaffaCakes118

    • Size

      26.7MB

    • MD5

      89475a793dc1e74bd5bd6f2d4e9867b4

    • SHA1

      44903e6a607a039ff4fcfcdd615ba912e3274df4

    • SHA256

      989ad5e75622095706fbe9cc3329ded2d4010a6e5987d027e7d577ee3637f5ed

    • SHA512

      c1afdc32363b61847477ae36b897c63c162a4c5d686159950ba4dcac1324b4904f7d015e17772c813dfd4a562658f49addf16381973ab891e86c4a8b3a550f34

    • SSDEEP

      786432:knA5WeCPiTmWBh3xMn/Dbhui+UzaNo8UyK7hLs9:knA9CCZW/D2U+IyKhI9

    Score
    8/10
    discoveryevasionpersistencecollectionimpact

    • Checks if the Android device is rooted.

      evasion

    • Requests cell location

      Uses Android APIs to to get current cell location.

      collectiondiscoveryevasion

    • Checks CPU information

      Checks CPU information which indicate if the system is an emulator.

      evasiondiscovery

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

      discovery

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

      discovery

    • Queries the phone number (MSISDN for GSM devices)

      discovery

    • Registers a broadcast receiver at runtime (usually for listening for system events)

      persistence

    • Checks if the internet connection is available

      discovery

    • Queries the unique device ID (IMEI, MEID, IMSI)

      discovery

    • Listens for changes in the sensor environment (might be used to detect emulation)

      evasion
    behavioral1behavioral2

    • Target

      gdtadv2.jar

    • Size

      202KB

    • MD5

      b2fb1dfd29df8c269b2301faaa3760f4

    • SHA1

      1272f5b4fe3e1107854d14b996a605edcd43b5c7

    • SHA256

      1eb24079e8c7a0070d2c1a0307e63764fd61367cb419b6b971e719359b5fafd8

    • SHA512

      65d6f6fc6bf92136e0427a53331a679c726e8ce0b285cec33ec9eb03217a39a013f60d883b0d782bc5da7d40deb5d0241c2c7073cbcce609610aaf4d5dca1598

    • SSDEEP

      3072:k5lugZXQ8u7ERKSnU842ocL+AB9p+5YrZ3a3xevx3Ogkp63lWlvxqZq8gzs:rgxo7ERKC3LT7/taBev1jkpC+vxkAzs

    Score
    1/10
    behavioral3behavioral4behavioral5

MITRE ATT&CK Mobile v15

Tasks