Overview

overview

8

Static

static

6

9aa0e786e3...18.apk

android-9-x86

8

9aa0e786e3...18.apk

android-11-x64

8

UPPayPluginEx.apk

android-9-x86

1

UPPayPluginEx.apk

android-11-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9aa0e786e3917e9c97bf68246c042a6f_JaffaCakes118

  • Size

    13.4MB

  • Sample

    240610-pelw7sba76

  • MD5

    9aa0e786e3917e9c97bf68246c042a6f

  • SHA1

    b7e2751cfd0f923ce0d5ae854af61da5095de41a

  • SHA256

    db06ed5e6637ff22be77e5fff45ed82fb0869f687da61672705d9b89112e3ed8

  • SHA512

    d0ccbb2ed9f4b3f4b458e21e4c61e911f7d4cddba9074c75ab781f3d5d58e57dbb7a672f88d8e1ff07f37fb6df79f2a1d25d71c0e9c866b096427b4c431c4209

  • SSDEEP

    393216:E/GqygQJLeDisrn2bBqDz5RAtXP9P02NcmOhd9JULT:s5ygQyGsrwc5R2BpTEJs

Score
8/10
androidbankercollectioncredential_accessdiscoveryevasionimpactpersistence

Malware Config

Targets

    • Target

      9aa0e786e3917e9c97bf68246c042a6f_JaffaCakes118

    • Size

      13.4MB

    • MD5

      9aa0e786e3917e9c97bf68246c042a6f

    • SHA1

      b7e2751cfd0f923ce0d5ae854af61da5095de41a

    • SHA256

      db06ed5e6637ff22be77e5fff45ed82fb0869f687da61672705d9b89112e3ed8

    • SHA512

      d0ccbb2ed9f4b3f4b458e21e4c61e911f7d4cddba9074c75ab781f3d5d58e57dbb7a672f88d8e1ff07f37fb6df79f2a1d25d71c0e9c866b096427b4c431c4209

    • SSDEEP

      393216:E/GqygQJLeDisrn2bBqDz5RAtXP9P02NcmOhd9JULT:s5ygQyGsrwc5R2BpTEJs

    Score
    8/10
    bankercollectiondiscoveryevasionimpactpersistencecredential_access

    • Checks if the Android device is rooted.

      evasion

    • Obtains sensitive information copied to the device clipboard

      Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

      collectioncredential_accessimpact

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

      discovery

    • Queries information about the current nearby Wi-Fi networks

      Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

      discovery

    • Queries the phone number (MSISDN for GSM devices)

      discovery

    • Requests cell location

      Uses Android APIs to to get current cell location.

      collectiondiscoveryevasion

    • Requests cell location

      Uses Android APIs to to get current cell information.

      collectiondiscovery

    • Acquires the wake lock

    • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

    • Queries information about active data network

      discovery

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

      discovery

    • Queries the mobile country code (MCC)

      discovery

    • Reads information about phone network operator.

      discovery
    behavioral1behavioral2

    • Target

      UPPayPluginEx.apk

    • Size

      847KB

    • MD5

      d75bb2802e61738a9a03bf014f927d9a

    • SHA1

      dcb43893dd5211c842118daadaa191bdeda7c16d

    • SHA256

      2487ccc3a54b6e65bccb4961f6c28601be373162b9f17d1818c33fe54f799fe9

    • SHA512

      7fe6872bdf5366c2084e794efc3d067de9e11e475631997ea57b57313b84116ee625c8678778a15427a63f51a450ffd9102bd09c12ade437fee7176177812df6

    • SSDEEP

      12288:vKeuG5BeFpM6Jmy+dPSEdUK4dCIhKLm+byH2C84ApQXM2kkBOzdZ+eqOEveLEiAy:vKhGDui6JEmKaCIT8wkkkTqOEUE5gnt

    Score
    1/10
    behavioral3behavioral4

MITRE ATT&CK Matrix

Tasks