d1ec09f6af50a001be1fe9aaa529719c15b048a9d4af8108375d8fe99a2e8c16

Sharing

Copy URL

Twitter E-mail

General

Target

9d16ba7afa6f0abea72e9c95d28beeb9_JaffaCakes118
Size

13.3MB
Sample

240611-fyeskawern
MD5

9d16ba7afa6f0abea72e9c95d28beeb9
SHA1

b8c3531192a1f2673fac1a37c7d86708ea8eac7a
SHA256

d1ec09f6af50a001be1fe9aaa529719c15b048a9d4af8108375d8fe99a2e8c16
SHA512

101680c9328b7535ecab4b40965cb3d6372df35d2f02132e32b3adca13bd9ba8958ea16984a93caa5992b87c70bc9af30a7e3715ee2d49f910739f6a39f0c723
SSDEEP

393216:ajC62EXHQaTPPdygR8JoUa5hnrfRiEvoSHsn2:IC62qHQaTPNR8JoUQnr5iE5E2

Score

8^/10

Malware Config

Targets

- Target
  
  9d16ba7afa6f0abea72e9c95d28beeb9_JaffaCakes118
- Size
  
  13.3MB
- MD5
  
  9d16ba7afa6f0abea72e9c95d28beeb9
- SHA1
  
  b8c3531192a1f2673fac1a37c7d86708ea8eac7a
- SHA256
  
  d1ec09f6af50a001be1fe9aaa529719c15b048a9d4af8108375d8fe99a2e8c16
- SHA512
  
  101680c9328b7535ecab4b40965cb3d6372df35d2f02132e32b3adca13bd9ba8958ea16984a93caa5992b87c70bc9af30a7e3715ee2d49f910739f6a39f0c723
- SSDEEP
  
  393216:ajC62EXHQaTPPdygR8JoUa5hnrfRiEvoSHsn2:IC62qHQaTPNR8JoUQnr5iE5E2
Score

8^/10

banker discovery evasion impact persistence
- Checks if the Android device is rooted.
  evasion
- Checks Android system properties for emulator presence.
  evasion
- Checks known Qemu pipes.
  Checks for known pipes used by the Android emulator to communicate with the host.
  evasion
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Queries information about running processes on the device
  Application may abuse the framework's APIs to collect information about running processes on the device.
  discovery
- Queries information about the current nearby Wi-Fi networks
  Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
  discovery
- Queries the phone number (MSISDN for GSM devices)
  discovery
- Queries information about active data network
  discovery
- Queries information about the current Wi-Fi connection
  Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
  discovery
- Reads information about phone network operator.
  discovery
- Listens for changes in the sensor environment (might be used to detect emulation)
  evasion
behavioral1 behavioral2
- Target
  
  aisdk_qtt.jar
- Size
  
  389KB
- MD5
  
  e16a451b3aa12edc776003680ad09660
- SHA1
  
  80cd0c9da760b87ff100ae57e4ff2cf81e6b77e0
- SHA256
  
  a9f1752e1ee67dc095e107cb75c324132792614f6fb713acc845eead3c3dcd2f
- SHA512
  
  9f28dfdc2072bbc291f21e2b3fee903515586503184ce72c3e5d86df5adb2bcfb2d452a8f147fb0f3d9ae592327ce6ff9d444f99b5922c5ace40cffe13974588
- SSDEEP
  
  12288:RmCXI9Ns/25Za6Rrv+VYm9vvawVX2mPyCK:rXoP5ZD+VYmDVX2mPyCK
Score

1^/10
behavioral3 behavioral4 behavioral5
- Target
  
  com_lechuan_midunovel.jar
- Size
  
  443KB
- MD5
  
  ee16bd1be824a91d508691b1c17ee1d8
- SHA1
  
  7742d78d049dc04a90a9efbd0921924f855e450d
- SHA256
  
  8b1663f2ce757fd8822a78da2449390aa112709997f1d2579013d4254dc883be
- SHA512
  
  7c94ea62201d4d48d7d5047c0b6843397d6c1cf76ff9a7fa9f81a24434afbbfb0e06e2a8894cd5f259bdcb203edda3f855fd381d575cefcf4491e8f0d69237a3
- SSDEEP
  
  6144:5YmcRgPTDBTgKiQB/B4Y4VD9qv6Et6i9Yw9aHni+eCHqWf0VrZumX9VO9Vl0VOE6:t+ITDtpj/BmCvn+eCH72f9+IJ8PE6n
Score

1^/10
behavioral6
- Target
  
  unpreverified.patch
- Size
  
  1KB
- MD5
  
  1b526370068cccc3106816f765e92582
- SHA1
  
  ba39b4d43095379d51b678f9545d16e05a461c42
- SHA256
  
  1c573224f0c70b31ada709c380a494fef5f605b18df7615ffa71f98d03ff4031
- SHA512
  
  cabf88b012aee9ebac2a32fa1efda127723b8c4e38de76784ea4867c2ec47ed27afcb4990cd63fe3525c0f6119fa019da82a259a5fa546c8ed844fdf78b88260
Score

1^/10
behavioral7 behavioral8 behavioral9