Overview

overview

8

Static

static

6

8ce0dcfa57...18.apk

android-9-x86

8

8ce0dcfa57...18.apk

android-10-x64

6

__xadsdk__...__.apk

android-9-x86

__xadsdk__...__.apk

android-10-x64

__xadsdk__...__.apk

android-11-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8ce0dcfa579444eb5eb4c0fbfb5e5842_JaffaCakes118

  • Size

    2.8MB

  • Sample

    240602-ezba4abd53

  • MD5

    8ce0dcfa579444eb5eb4c0fbfb5e5842

  • SHA1

    b84d50de01feb152daa8eaf8415e0afd4fd3c9db

  • SHA256

    4a4f4314958c02123293022d18ed8d88171bdf6e43c86451b131a0db9ea4df55

  • SHA512

    f9683763c426b01cb033387812bd3ab4a71d7db9b40dfcdd88f839cc8b69d2a1efbf71fc9141b4c9e54870fa9c6f2f91df15738fa10d6be45559598dd2cec8dd

  • SSDEEP

    49152:y6xtl5LKA6Yh+pSJQURYe6TYTOe6otIAZT4ltaJrAlShs9hegenWubsr3AZW9wVd:lxNGAh+pSJWToV2AZTlrAEhsOgeDO3A9

Score
8/10
androidcollectiondiscoveryevasionpersistence

Malware Config

Targets

    • Target

      8ce0dcfa579444eb5eb4c0fbfb5e5842_JaffaCakes118

    • Size

      2.8MB

    • MD5

      8ce0dcfa579444eb5eb4c0fbfb5e5842

    • SHA1

      b84d50de01feb152daa8eaf8415e0afd4fd3c9db

    • SHA256

      4a4f4314958c02123293022d18ed8d88171bdf6e43c86451b131a0db9ea4df55

    • SHA512

      f9683763c426b01cb033387812bd3ab4a71d7db9b40dfcdd88f839cc8b69d2a1efbf71fc9141b4c9e54870fa9c6f2f91df15738fa10d6be45559598dd2cec8dd

    • SSDEEP

      49152:y6xtl5LKA6Yh+pSJQURYe6TYTOe6otIAZT4ltaJrAlShs9hegenWubsr3AZW9wVd:lxNGAh+pSJWToV2AZTlrAEhsOgeDO3A9

    Score
    8/10
    collectiondiscoveryevasionpersistence

    • Requests cell location

      Uses Android APIs to to get current cell location.

      collectiondiscoveryevasion

    • Checks CPU information

      Checks CPU information which indicate if the system is an emulator.

      evasiondiscovery

    • Checks memory information

      Checks memory information which indicate if the system is an emulator.

      evasiondiscovery

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

      discovery

    • Queries information about the current nearby Wi-Fi networks

      Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

      discovery

    • Queries the mobile country code (MCC)

      discovery

    • Registers a broadcast receiver at runtime (usually for listening for system events)

      persistence

    • Checks if the internet connection is available

      discovery

    • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

    behavioral1behavioral2

    • Target

      __xadsdk__remote__final__.jar

    • Size

      83KB

    • MD5

      966547c106f73a784aca1aa135361d0f

    • SHA1

      a53168f930ff22474537b2eead4b664add275086

    • SHA256

      0da3a3da3e7d97417fdcea5e7474bd92ba5eb1d087726bff38421efb0d6aa751

    • SHA512

      3d7cf4c1c501c2c7b4a9616608776a1085abdcc9555fc27ad99e199ff6d0eaae9e88fb98fe172d795884462bc20b1f276330b27029439519238184b0a6d78caf

    • SSDEEP

      1536:O8xMNdHR4wDhiJYGteSplt3EDYw6ob2v1AoLZsqo/HwLQuCo:Y/H6wDiYGteY3iYwtb2v5Zs5HE

    Score
    1/10
    behavioral3behavioral4behavioral5

MITRE ATT&CK Mobile v15

Tasks