Overview

overview

8

Static

static

6

8ec97d3dfd...18.apk

android-9-x86

8

8ec97d3dfd...18.apk

android-13-x64

autonavi_R..._0.apk

android-9-x86

autonavi_R..._0.apk

android-10-x64

autonavi_R..._0.apk

android-11-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    8ec97d3dfd912226d32bbdc5d16ad0aa_JaffaCakes118

  • Size

    10.5MB

  • Sample

    240602-vh9qbshh84

  • MD5

    8ec97d3dfd912226d32bbdc5d16ad0aa

  • SHA1

    a79f16d4f5567ab5789f9a4d15c03be05bc2f59d

  • SHA256

    ff8ec2685544832454a307e5a1f3acd54d6bbd2b72420d75a4ad42c17bce141f

  • SHA512

    67bf8ae825e08d66a45b819a1539811530339b028db18e33a871844b77ea86d8618a449391d49c1456e9e1c37d5f0ccabab8a882aa4b0fb3e7eede6f6b22422e

  • SSDEEP

    196608:YjyvaqUDeu0t+zX4v44V5LziZ32Lr35g5LziEb2LY33axHVlCK:W5eQj4LJziZ32Lj5gJziEb2LC3a4K

Score
8/10
androiddiscoveryevasionimpactpersistence

Malware Config

Targets

    • Target

      8ec97d3dfd912226d32bbdc5d16ad0aa_JaffaCakes118

    • Size

      10.5MB

    • MD5

      8ec97d3dfd912226d32bbdc5d16ad0aa

    • SHA1

      a79f16d4f5567ab5789f9a4d15c03be05bc2f59d

    • SHA256

      ff8ec2685544832454a307e5a1f3acd54d6bbd2b72420d75a4ad42c17bce141f

    • SHA512

      67bf8ae825e08d66a45b819a1539811530339b028db18e33a871844b77ea86d8618a449391d49c1456e9e1c37d5f0ccabab8a882aa4b0fb3e7eede6f6b22422e

    • SSDEEP

      196608:YjyvaqUDeu0t+zX4v44V5LziZ32Lr35g5LziEb2LY33axHVlCK:W5eQj4LJziZ32Lj5gJziEb2LC3a4K

    Score
    8/10
    discoveryevasionimpactpersistence

    • Checks if the Android device is rooted.

      evasion

    • Checks CPU information

      Checks CPU information which indicate if the system is an emulator.

      evasiondiscovery

    • Checks memory information

      Checks memory information which indicate if the system is an emulator.

      evasiondiscovery

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

      discovery

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

      discovery

    • Queries information about the current nearby Wi-Fi networks

      Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

      discovery

    • Registers a broadcast receiver at runtime (usually for listening for system events)

      persistence

    • Checks if the internet connection is available

      discovery

    • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

    • Reads information about phone network operator.

      discovery
    behavioral1behavioral2

    • Target

      autonavi_Resource1_1_0.png

    • Size

      318KB

    • MD5

      ba63c2effb3dc142c4741a94b11a0b8e

    • SHA1

      836c9a2ea7113003fd4bcc9af3bfb1f77b36a568

    • SHA256

      1ddc70654b3299ccd2d59a7b9d0b687eb59d3c3db524a4b7ba5f7e572ef56377

    • SHA512

      c633c9e0fcad129ba2aa5279e4cff96a6520f51b6f5240ab6a06f9b8ef85541746cabce4836ed57cfa43b1d0412b6d099fa9a75904157de4225bed7f661ec5c0

    • SSDEEP

      6144:RpoNJGrdQSHWEGSLHBRzu6qCpLWb0P2tC78/DYDGyXGMlXY4Q6w0:RpoNJGhvhlzu6qIP2tyzGyXGMlo4Q6w0

    Score
    1/10
    behavioral3behavioral4behavioral5

MITRE ATT&CK Mobile v15

Tasks