Overview

overview

8

Static

static

6

9f2410ee38...18.apk

android-9-x86

6

9f2410ee38...18.apk

android-10-x64

6

9f2410ee38...18.apk

android-11-x64

6

dx.apk

android-9-x86

8

dx.apk

android-11-x64

8

com.nd.and...me.apk

android-9-x86

1

com.nd.and...me.apk

android-10-x64

1

com.nd.and...me.apk

android-11-x64

1

com.nd.hil...65.apk

android-9-x86

1

com.nd.hil...65.apk

android-10-x64

1

com.nd.hil...65.apk

android-11-x64

1

nd.apk

android-9-x86

nd.apk

android-10-x64

nd.apk

android-11-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9f2410ee38f11aa2e37717a36353524e_JaffaCakes118

  • Size

    11.1MB

  • Sample

    240611-w339qawhlp

  • MD5

    9f2410ee38f11aa2e37717a36353524e

  • SHA1

    b1759f09599c79467650fd20248ebe21be751d71

  • SHA256

    2e06f8b122b79a21f53c8ae5dcca3a2967b95d1df57c6429c134c26595f0c939

  • SHA512

    6922843814622c5f0c9a0e166f5d1de1a572ea8e4339c801d26928af9f7029bef7561f56ceaaacbbaa180d5e8346d64a66f42d055262b92708c6472afedd7bf7

  • SSDEEP

    196608:PZsAN+jIKa3Q/EsJTY16JoJIE38ZjMfvlqt4T5Y/QPN:yAcjaKhY16JoF3xHcyYgN

Score
8/10
androidcollectioncredential_accessdiscoveryevasionimpactpersistenceransomware

Malware Config

Targets

    • Target

      9f2410ee38f11aa2e37717a36353524e_JaffaCakes118

    • Size

      11.1MB

    • MD5

      9f2410ee38f11aa2e37717a36353524e

    • SHA1

      b1759f09599c79467650fd20248ebe21be751d71

    • SHA256

      2e06f8b122b79a21f53c8ae5dcca3a2967b95d1df57c6429c134c26595f0c939

    • SHA512

      6922843814622c5f0c9a0e166f5d1de1a572ea8e4339c801d26928af9f7029bef7561f56ceaaacbbaa180d5e8346d64a66f42d055262b92708c6472afedd7bf7

    • SSDEEP

      196608:PZsAN+jIKa3Q/EsJTY16JoJIE38ZjMfvlqt4T5Y/QPN:yAcjaKhY16JoF3xHcyYgN

    Score
    6/10
    persistence

    • Requests dangerous framework permissions

    behavioral1behavioral2behavioral3

    • Target

      dx.mp3

    • Size

      8.4MB

    • MD5

      38cf7f560430ccd33887e6cf3b4ad696

    • SHA1

      23a90e3d23a1fd87b5948be57e904f63d7ef18b2

    • SHA256

      4eb0a9241deb8176a85d30a755e403c3623acf12cc46b7a9738cb90bea10e73f

    • SHA512

      1f147fb51fb80c4a789c126ef72740829c05d6a86611308733ee68ce872e945f9739816604069a6b116afa7b2b262a118b60c76b0fd613b447a7bfac65dabb6b

    • SSDEEP

      196608:bZsAN+jIKa3Q/EsJTY16JoJIE38ZjMfvlqt4h:eAcjaKhY16JoF3xHcI

    Score
    8/10
    collectiondiscoveryevasionimpactpersistenceransomwarecredential_access

    • Checks if the Android device is rooted.

      evasion

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Obtains sensitive information copied to the device clipboard

      Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

      collectioncredential_accessimpact

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

      discovery

    • Reads the content of the call log.

      collection

    • Requests cell location

      Uses Android APIs to to get current cell location.

      collectiondiscoveryevasion

    • Queries information about active data network

      discovery

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

      discovery

    • Queries the mobile country code (MCC)

      discovery

    • Reads information about phone network operator.

      discovery

    • Changes the wallpaper (common with ransomware activity)

      ransomware
    behavioral4behavioral5

    • Target

      com.nd.android.widget.pandahome.flashlight

    • Size

      420KB

    • MD5

      d7ed82aa742154281da5c6c64baa72be

    • SHA1

      833fa9169f66a4fac0a844902d8305da875f316e

    • SHA256

      5f54363be719d281f9d64d68af9e7093aba66b0781d99025e331a2375636e271

    • SHA512

      222b0664cdf950a8e6d189a822ed379c29f56e2d3e36d35a35b4afc07a800a225df23a8bd1de43455a94eedaf3e8a28773ea5da13009279191d27bca3106594b

    • SSDEEP

      6144:KvuvJ1RJBq3MA4DQ1siZAGml4T+fLJ7W1VXS4e8iay+8/faWdhDlE/8MskMZjv7c:KWx1Rm4DQ1cGlTWtINe8C+s3zPXwdp

    Score
    1/10
    behavioral6behavioral7behavioral8

    • Target

      com.nd.hilauncherdev.plugin.navigation_V_21_M_b923c125854bdd0600f974e558015e65.jar

    • Size

      831KB

    • MD5

      c45a48e0a2078b658eaa95d360f93b9a

    • SHA1

      0118b82f02938f11c6a536e6c2911b06db126b9a

    • SHA256

      edb179615fca3b6cc2d8b9f6b013cadcf22d201bd561dc1de3c8adef0a03a662

    • SHA512

      99114913ad07b0d18dc2119629fd3837f51ddab274348870e98b561d8e4f0b3165f7f676636621dbf723fbb8d4657e387dcd4cb64e9e70ae7c337aaa595702bd

    • SSDEEP

      12288:QwgeRf6mQYBNEBnqUWAX5oHP+QPfLPUhj9GoJUuXMgCgJbymAtc9Uc2J/C:RgVmdBInqUWIizPUhxTB8gfymLCjC

    Score
    1/10
    behavioral10behavioral11behavioral9

    • Target

      nd.jar

    • Size

      3KB

    • MD5

      330e5a7a65f3d6593b4e3693cb6b581a

    • SHA1

      97ed25af93827667740ddc0f5f20efaa0db79f2f

    • SHA256

      effd679a8cfef061b537814b41f2733a9785d80d1d11f8c61216a78b35c747ca

    • SHA512

      3b2234d683cfbfde304d23150678595076eff41c691269dfc0d1d035b784113879e84d19ec732b257ea2146b4170edda2d8ece79449c2a33d948d0ae4e777328

    Score
    1/10
    behavioral12behavioral13behavioral14

MITRE ATT&CK Mobile v15

Tasks