Overview

overview

8

Static

static

6

8ba216c7c3...18.apk

android-9-x86

8

8ba216c7c3...18.apk

android-11-x64

8

gdtad.apk

android-9-x86

gdtad.apk

android-10-x64

gdtad.apk

android-11-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8ba216c7c377230a9d1bb27dd1524d80_JaffaCakes118

  • Size

    24.0MB

  • Sample

    240601-yx5xgadf7s

  • MD5

    8ba216c7c377230a9d1bb27dd1524d80

  • SHA1

    40e6d5194095e2041396ae8c5fe49e4e7953ea2d

  • SHA256

    129d76791729af6e88f638c9fda284d4cca7802e11cfbb025c7c541d84f2df36

  • SHA512

    c4a79b1025ce18f6a38f48fd3dce1dc147db616967fe11760ce71020eac774b69fe570506bd594ec59c327658d44b1f08913d695852c6b4b3a1d5b61c9362e66

  • SSDEEP

    393216:95q+rR4oUa70E2jLu05S71OMYJj0wHeMcrOkvFnBRcKWM7eUXxmcWGO:95q+R4oUM0TxtJjt+zDRcxMd87GO

Score
8/10
androidbankercollectiondiscoveryevasionimpactpersistence

Malware Config

Targets

    • Target

      8ba216c7c377230a9d1bb27dd1524d80_JaffaCakes118

    • Size

      24.0MB

    • MD5

      8ba216c7c377230a9d1bb27dd1524d80

    • SHA1

      40e6d5194095e2041396ae8c5fe49e4e7953ea2d

    • SHA256

      129d76791729af6e88f638c9fda284d4cca7802e11cfbb025c7c541d84f2df36

    • SHA512

      c4a79b1025ce18f6a38f48fd3dce1dc147db616967fe11760ce71020eac774b69fe570506bd594ec59c327658d44b1f08913d695852c6b4b3a1d5b61c9362e66

    • SSDEEP

      393216:95q+rR4oUa70E2jLu05S71OMYJj0wHeMcrOkvFnBRcKWM7eUXxmcWGO:95q+R4oUM0TxtJjt+zDRcxMd87GO

    Score
    8/10
    bankercollectiondiscoveryevasionimpactpersistence

    • Checks if the Android device is rooted.

      evasion

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Requests cell location

      Uses Android APIs to to get current cell location.

      collectiondiscoveryevasion

    • Checks CPU information

      Checks CPU information which indicate if the system is an emulator.

      evasiondiscovery

    • Checks memory information

      Checks memory information which indicate if the system is an emulator.

      evasiondiscovery

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

      discovery

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

      discovery

    • Registers a broadcast receiver at runtime (usually for listening for system events)

      persistence

    • Acquires the wake lock

    • Checks if the internet connection is available

      discovery

    • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

    • Reads information about phone network operator.

      discovery
    behavioral1behavioral2

    • Target

      gdtad.jar

    • Size

      75KB

    • MD5

      7068fc92af9e6dc686de8924e174180b

    • SHA1

      e8c47cb6f40b058b96bc5ab1bbff6a0a1a2adf2b

    • SHA256

      8b759e7358f706522f51d8774d38f264e13bd62dd49b1825b0ca7dfcc0c9e299

    • SHA512

      05ab5cfb9df4cca02c43bbc81a8e8b10469dd27604d487591fe15d3620d8623bb19d30af9607430e0a73fd04df02ffbf551f5c1e58af24293f681c928395aaa0

    • SSDEEP

      1536:P3AK+z0NSabIMKCxTEGDpCrLHgOnAOxyZV9r4L8fHROwbY3zZJYgwxx+p9/3:P3AKZNSafTrNkLxn36VVfYwbY3zZJY9W

    Score
    1/10
    behavioral3behavioral4behavioral5

MITRE ATT&CK Mobile v15

Tasks