Overview

overview

8

Static

static

6

9f236e0d39...18.apk

android-9-x86

7

9f236e0d39...18.apk

android-11-x64

8

gdtadv2.apk

android-9-x86

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9f236e0d39f042b69f4e493b86061ee1_JaffaCakes118

  • Size

    13.5MB

  • Sample

    240611-w3tehswhlk

  • MD5

    9f236e0d39f042b69f4e493b86061ee1

  • SHA1

    4a10ce8b471fbb2f783d269d7ae5a2581fc7dc48

  • SHA256

    85040f1ca529f8e8b40f465bb9246524c468d9847a2d615944530107d80cbb66

  • SHA512

    657b6979fa8448da1d8f11d7e3b4ba065354bb2664fb11cc3437cb624760d1ddac549b09331a88fe2ee9b482a5d5b74563c99363eb409d70eba39f3c16c6b4af

  • SSDEEP

    393216:QJw8mGyA+tslOmaJ2yvIblwRhj2YuBj13SphzWp:j86tsYrUlWj2Yud13SL6p

Score
8/10
androidcollectioncredential_accessdiscoveryevasionimpactpersistence

Malware Config

Targets

    • Target

      9f236e0d39f042b69f4e493b86061ee1_JaffaCakes118

    • Size

      13.5MB

    • MD5

      9f236e0d39f042b69f4e493b86061ee1

    • SHA1

      4a10ce8b471fbb2f783d269d7ae5a2581fc7dc48

    • SHA256

      85040f1ca529f8e8b40f465bb9246524c468d9847a2d615944530107d80cbb66

    • SHA512

      657b6979fa8448da1d8f11d7e3b4ba065354bb2664fb11cc3437cb624760d1ddac549b09331a88fe2ee9b482a5d5b74563c99363eb409d70eba39f3c16c6b4af

    • SSDEEP

      393216:QJw8mGyA+tslOmaJ2yvIblwRhj2YuBj13SphzWp:j86tsYrUlWj2Yud13SL6p

    Score
    8/10
    discoveryevasionimpactpersistencecollectioncredential_access

    • Checks if the Android device is rooted.

      evasion

    • Checks known Qemu files.

      Checks for known Qemu files that exist on Android virtual device images.

      evasion

    • Checks known Qemu pipes.

      Checks for known pipes used by the Android emulator to communicate with the host.

      evasion

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Obtains sensitive information copied to the device clipboard

      Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

      collectioncredential_accessimpact

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

      discovery

    • Queries information about the current nearby Wi-Fi networks

      Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

      discovery

    • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

    • Queries information about active data network

      discovery

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

      discovery

    • Reads information about phone network operator.

      discovery
    behavioral1behavioral2

    • Target

      gdtadv2.jar

    • Size

      639KB

    • MD5

      2a790fd5de797b91ec2039008c6b5e0e

    • SHA1

      5c28490eee21201bc596c1ca4c9bb546c5be7393

    • SHA256

      80681ec3d7b66ba02b3baaec467c90c75fd21d4d9eed3370e3e7a1a717bb454a

    • SHA512

      82b89bf7320802e26f55d6aa6b8f4056821f9159389e9ebff6ec3075daf8cda30d2a7449047310e64370be84b5cc1f9b9dc3e252582afb508129abd1c08b9c6c

    • SSDEEP

      12288:Oqo1h48mUSsielxZE3OdKzoFs3rAn26iwpYGIDD5tw/wDwkG3:Oq8h4CSs9xZjwrO28YGotw4cV

    Score
    1/10
    behavioral3

MITRE ATT&CK Mobile v15

Tasks