Overview

overview

8

Static

static

6

8e5ede909a...18.apk

android-9-x86

8

8e5ede909a...18.apk

android-10-x64

8

gdtad.apk

android-9-x86

gdtad.apk

android-10-x64

gdtad.apk

android-11-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    8e5ede909a9e74c936e68819ce9afe84_JaffaCakes118

  • Size

    31.0MB

  • Sample

    240602-rpkg8sfd28

  • MD5

    8e5ede909a9e74c936e68819ce9afe84

  • SHA1

    905065d6b7ac46f45806a8794ff3b56cb7eafdbd

  • SHA256

    4b56ac24ecf6c7700daf021ba818496feec061d3def85ee5ada2f79f5bc0761c

  • SHA512

    c1223e1e906bd78d766e4c3b73dff6e60f3956ac0267e4859958ce9ab6a92043fb6323ae51ede2514cb6dcaa851d85b29767e8471f0eb5e2dfe7bb1593dd3d0f

  • SSDEEP

    786432:aEro8eM4hQx99GK5J28CkZT7CkC5li+2NYzvien876uC3JsSMGAw6:s8eM4uMK5TJZvJC5li+VKen0xC3MGI

Score
8/10
androiddiscoveryevasionimpactpersistence

Malware Config

Targets

    • Target

      8e5ede909a9e74c936e68819ce9afe84_JaffaCakes118

    • Size

      31.0MB

    • MD5

      8e5ede909a9e74c936e68819ce9afe84

    • SHA1

      905065d6b7ac46f45806a8794ff3b56cb7eafdbd

    • SHA256

      4b56ac24ecf6c7700daf021ba818496feec061d3def85ee5ada2f79f5bc0761c

    • SHA512

      c1223e1e906bd78d766e4c3b73dff6e60f3956ac0267e4859958ce9ab6a92043fb6323ae51ede2514cb6dcaa851d85b29767e8471f0eb5e2dfe7bb1593dd3d0f

    • SSDEEP

      786432:aEro8eM4hQx99GK5J28CkZT7CkC5li+2NYzvien876uC3JsSMGAw6:s8eM4uMK5TJZvJC5li+VKen0xC3MGI

    Score
    8/10
    discoveryevasionimpactpersistence

    • Checks if the Android device is rooted.

      evasion

    • Checks CPU information

      Checks CPU information which indicate if the system is an emulator.

      evasiondiscovery

    • Checks memory information

      Checks memory information which indicate if the system is an emulator.

      evasiondiscovery

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

      discovery

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

      discovery

    • Registers a broadcast receiver at runtime (usually for listening for system events)

      persistence

    • Acquires the wake lock

    • Checks if the internet connection is available

      discovery

    • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

    • Queries the unique device ID (IMEI, MEID, IMSI)

      discovery

    • Reads information about phone network operator.

      discovery
    behavioral1behavioral2

    • Target

      gdtad.jar

    • Size

      75KB

    • MD5

      7068fc92af9e6dc686de8924e174180b

    • SHA1

      e8c47cb6f40b058b96bc5ab1bbff6a0a1a2adf2b

    • SHA256

      8b759e7358f706522f51d8774d38f264e13bd62dd49b1825b0ca7dfcc0c9e299

    • SHA512

      05ab5cfb9df4cca02c43bbc81a8e8b10469dd27604d487591fe15d3620d8623bb19d30af9607430e0a73fd04df02ffbf551f5c1e58af24293f681c928395aaa0

    • SSDEEP

      1536:P3AK+z0NSabIMKCxTEGDpCrLHgOnAOxyZV9r4L8fHROwbY3zZJYgwxx+p9/3:P3AKZNSafTrNkLxn36VVfYwbY3zZJY9W

    Score
    1/10
    behavioral3behavioral4behavioral5

MITRE ATT&CK Mobile v15

Tasks