Overview

overview

7

Static

static

6

a103949c32...18.apk

android-9-x86

7

a103949c32...18.apk

android-11-x64

7

__xadsdk__...__.apk

android-9-x86

__xadsdk__...__.apk

android-10-x64

__xadsdk__...__.apk

android-11-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a103949c322dd1e5bee8301c364299f9_JaffaCakes118

  • Size

    4.1MB

  • Sample

    240612-rzbcbascrl

  • MD5

    a103949c322dd1e5bee8301c364299f9

  • SHA1

    25bedcc4d2d21b3cd3ba8f14b655a9839f9e0ef4

  • SHA256

    e9ba800e3f309e864fdf375b6ad7186409c040dd992c3f6c212cdd493fc00b70

  • SHA512

    0f5979f0493601c030077a81f03c02582671e08de22f29bce670ace60bab5340e27b558a315d182b7f0eccafd7e71b73348a93bccde8e743c93e4748b483708f

  • SSDEEP

    98304:aS+1MEYzqNh8SRio2l34xdRTiJTew7z/jkqoFG54ryojHfRDsevls9:atgzq/8SRioModpiTewzeg4y6s9

Score
7/10
androidbankerdiscoveryevasionimpactpersistence

Malware Config

Targets

    • Target

      a103949c322dd1e5bee8301c364299f9_JaffaCakes118

    • Size

      4.1MB

    • MD5

      a103949c322dd1e5bee8301c364299f9

    • SHA1

      25bedcc4d2d21b3cd3ba8f14b655a9839f9e0ef4

    • SHA256

      e9ba800e3f309e864fdf375b6ad7186409c040dd992c3f6c212cdd493fc00b70

    • SHA512

      0f5979f0493601c030077a81f03c02582671e08de22f29bce670ace60bab5340e27b558a315d182b7f0eccafd7e71b73348a93bccde8e743c93e4748b483708f

    • SSDEEP

      98304:aS+1MEYzqNh8SRio2l34xdRTiJTew7z/jkqoFG54ryojHfRDsevls9:atgzq/8SRioModpiTewzeg4y6s9

    Score
    7/10
    bankerdiscoveryevasionimpactpersistence

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

      discovery

    • Acquires the wake lock

    • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

      evasionpersistence

    • Queries information about active data network

      discovery

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

      discovery

    • Queries the mobile country code (MCC)

      discovery
    behavioral1behavioral2

    • Target

      __xadsdk__remote__final__.jar

    • Size

      65KB

    • MD5

      d60e22388c11505582644c2d7f7e95d4

    • SHA1

      eb9be15de4480283f6cfb49c857db6b67cf405c8

    • SHA256

      d02b9df106a7a79642a3eb1a2cc254e2e4e39c37a0fdc6ed3ce7787521fce4cf

    • SHA512

      766f6ec02dcab4074602e9211000bf0911826c5fe001b02cc8ba5c21199c6b00e1eace2e7cbc4221cc793de03e681952608eab0424f883fac2618ac4b3ef6966

    • SSDEEP

      1536:gtuyrTC8xlwAAKs+S/FK31B3DaEv5NR92DnoeSUXnETWsTt7xLxlX4:YT3lwAT8A1t+q9IoyXnMWyH14

    Score
    1/10
    behavioral3behavioral4behavioral5

MITRE ATT&CK Mobile v15

Tasks