Overview

overview

8

Static

static

6

92857cb008...18.apk

android-9-x86

8

92857cb008...18.apk

android-11-x64

8

gdtadv2.apk

android-9-x86

gdtadv2.apk

android-10-x64

gdtadv2.apk

android-11-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    92857cb00820b9f2c77e958abd66a8d2_JaffaCakes118

  • Size

    10.6MB

  • Sample

    240603-vgr4wseb79

  • MD5

    92857cb00820b9f2c77e958abd66a8d2

  • SHA1

    de8c76e8a8f0711e711bd80e71a0132a0a961488

  • SHA256

    9546795f121025fdf2a780db0ea7d49985e146afe48628dc5ade0129284061eb

  • SHA512

    07409f0baf5d00a8b8c1a263526beb78a02253b88827cc1043b8cba7942a7789622b48b30b7400e849fd5fd7fcb085f50f1deeb67307cf0ab2a877edc8d55c69

  • SSDEEP

    196608:dHlhAQNtdMj3KypL0i/8LvMGkbYCbdFllMJ9HZPLGqpkFmFkJZNSEtw+2xT6t8Y8:dH/AQXq7KM0M8Ti1bjXMJ9HVLGCkFMKg

Score
8/10
androidbankerdiscoveryevasionpersistence

Malware Config

Targets

    • Target

      92857cb00820b9f2c77e958abd66a8d2_JaffaCakes118

    • Size

      10.6MB

    • MD5

      92857cb00820b9f2c77e958abd66a8d2

    • SHA1

      de8c76e8a8f0711e711bd80e71a0132a0a961488

    • SHA256

      9546795f121025fdf2a780db0ea7d49985e146afe48628dc5ade0129284061eb

    • SHA512

      07409f0baf5d00a8b8c1a263526beb78a02253b88827cc1043b8cba7942a7789622b48b30b7400e849fd5fd7fcb085f50f1deeb67307cf0ab2a877edc8d55c69

    • SSDEEP

      196608:dHlhAQNtdMj3KypL0i/8LvMGkbYCbdFllMJ9HZPLGqpkFmFkJZNSEtw+2xT6t8Y8:dH/AQXq7KM0M8Ti1bjXMJ9HVLGCkFMKg

    Score
    8/10
    bankerdiscoveryevasionpersistence

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Checks CPU information

      Checks CPU information which indicate if the system is an emulator.

      evasiondiscovery

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

      discovery

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

      discovery

    • Registers a broadcast receiver at runtime (usually for listening for system events)

      persistence

    • Checks if the internet connection is available

      discovery

    • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

    • Reads information about phone network operator.

      discovery
    behavioral1behavioral2

    • Target

      gdtadv2.jar

    • Size

      73KB

    • MD5

      07843c6d5969b685d39a7dadf635237e

    • SHA1

      3070199d4c497ad96e7f0d2beaa5ab9d8772234c

    • SHA256

      e344405b31ad9a52e9bcea6bc6ad7d0858ba4008102283adb1c72d86443ac796

    • SHA512

      b4e3e245641ce61757d5cfb74f6b39ec7ba4a2aeb0818a589af852e99a2669f849d334b1c57e4edb1c50ba5f3ecdf928650007d206c34f83e9eb8682d7455c8f

    • SSDEEP

      1536:YrNP+qzuTVQX1K9MR4/u6g591bFcEQIkkRM5E7Pe6NEkEC:8xzvK9M8g591bFcEbDume6NEK

    Score
    1/10
    behavioral3behavioral4behavioral5

MITRE ATT&CK Mobile v15

Tasks