Overview

overview

7

Static

static

6

8a110589d5...18.apk

android-9-x86

7

8a110589d5...18.apk

android-11-x64

7

BmobPayPlugin.apk

android-9-x86

1

BmobPayPlugin.apk

android-10-x64

1

BmobPayPlugin.apk

android-11-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    8a110589d51d7e4138b4ddc45c4de1a0_JaffaCakes118

  • Size

    5.6MB

  • Sample

    240601-ll3azsgh6v

  • MD5

    8a110589d51d7e4138b4ddc45c4de1a0

  • SHA1

    657d97e84f6b7adb629c00b96df5f955331937ae

  • SHA256

    49b878d56c6e3356daf8e10a29ff43152219bfa128f8118a2656ba237b3b40df

  • SHA512

    449431ff420f324e0d2458aba3ff15a0d50543b1c7e4d4aa82f7e7b2b7466a74340ef20cf732b6605c8449d53b79472afe92113c18b54f9ddde7f3d61fb4bd96

  • SSDEEP

    98304:4GPDX4Ri0z1tnVVlQB1k5U6IUXQhVkDk92EsIaBqwUI8hmnlHR8dpRbkkup/fY1:4ti+TlQBG5BXs9260lHR8dpGbk

Score
7/10
androidcollectioncredential_accessdiscoveryevasionimpactpersistence

Malware Config

Targets

    • Target

      8a110589d51d7e4138b4ddc45c4de1a0_JaffaCakes118

    • Size

      5.6MB

    • MD5

      8a110589d51d7e4138b4ddc45c4de1a0

    • SHA1

      657d97e84f6b7adb629c00b96df5f955331937ae

    • SHA256

      49b878d56c6e3356daf8e10a29ff43152219bfa128f8118a2656ba237b3b40df

    • SHA512

      449431ff420f324e0d2458aba3ff15a0d50543b1c7e4d4aa82f7e7b2b7466a74340ef20cf732b6605c8449d53b79472afe92113c18b54f9ddde7f3d61fb4bd96

    • SSDEEP

      98304:4GPDX4Ri0z1tnVVlQB1k5U6IUXQhVkDk92EsIaBqwUI8hmnlHR8dpRbkkup/fY1:4ti+TlQBG5BXs9260lHR8dpGbk

    Score
    7/10
    discoveryevasionimpactpersistencecollectioncredential_access

    • Checks CPU information

      Checks CPU information which indicate if the system is an emulator.

      evasiondiscovery

    • Checks memory information

      Checks memory information which indicate if the system is an emulator.

      evasiondiscovery

    • Obtains sensitive information copied to the device clipboard

      Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

      collectioncredential_accessimpact

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

      discovery

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

      discovery

    • Queries the mobile country code (MCC)

      discovery

    • Registers a broadcast receiver at runtime (usually for listening for system events)

      persistence

    • Checks if the internet connection is available

      discovery

    • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

    behavioral1behavioral2

    • Target

      BmobPayPlugin.apk

    • Size

      122KB

    • MD5

      b25975d920ea826e7cb8b1c051aa7fdc

    • SHA1

      6a25db78c54ce5d84381c99f87bee63deb294141

    • SHA256

      e5d2cc426ff5551c294f9ee2dd05cf9ae93535495dfdfc4149d58ded5afe2492

    • SHA512

      2069dd341887f14c8233b8fafffff6c7f53ec0a029fcb8a4c9bbed2d980a84ca279afa6858d10ddf4a87d98e6b44565b83be6ead0fd78dfdda5c54d1287dea99

    • SSDEEP

      3072:Nm9Uj7dTsLTOLP01WCsYfxNf2tD7BSbiuf550s:N+y7lCTOLPofCRNS355F

    Score
    1/10
    behavioral3behavioral4behavioral5

MITRE ATT&CK Mobile v15

Tasks