Overview

overview

10

Static

static

10

ad5bdd1c61...18.apk

android-9-x86

8

gdtad.apk

android-9-x86

gdtad.apk

android-10-x64

gdtad.apk

android-11-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ad5bdd1c6153ec560dbcab6ea2480cc8_JaffaCakes118

  • Size

    5.7MB

  • Sample

    240615-jgf6vaselg

  • MD5

    ad5bdd1c6153ec560dbcab6ea2480cc8

  • SHA1

    64122057af227adef74589ed1d97ae9c4f84b9ec

  • SHA256

    304631f00c0d5fd54a67f810de0e3d43159ba713f41e1c2394bd3e9e69e3691a

  • SHA512

    cf20d7b5d562f7d45187b3eeaa555e2cb3576aa0da9384e38c8e71b5a4d2e260d8ae309cda7dcba939fc5f8a1aabcd8224ce071d65d8ad4beb4dd4a84635687c

  • SSDEEP

    98304:hyXDbbsbaz7MSwGqnq8R4QZXobhZKo28U48H0ldTo35Uc8jL:hyTsbSHw4kXK/2948H0lZs5Xe

Score
10/10
jokerandroiddiscoveryevasionimpactpersistence

Malware Config

Targets

    • Target

      ad5bdd1c6153ec560dbcab6ea2480cc8_JaffaCakes118

    • Size

      5.7MB

    • MD5

      ad5bdd1c6153ec560dbcab6ea2480cc8

    • SHA1

      64122057af227adef74589ed1d97ae9c4f84b9ec

    • SHA256

      304631f00c0d5fd54a67f810de0e3d43159ba713f41e1c2394bd3e9e69e3691a

    • SHA512

      cf20d7b5d562f7d45187b3eeaa555e2cb3576aa0da9384e38c8e71b5a4d2e260d8ae309cda7dcba939fc5f8a1aabcd8224ce071d65d8ad4beb4dd4a84635687c

    • SSDEEP

      98304:hyXDbbsbaz7MSwGqnq8R4QZXobhZKo28U48H0ldTo35Uc8jL:hyTsbSHw4kXK/2948H0lZs5Xe

    Score
    8/10
    discoveryevasionimpactpersistence

    • Checks if the Android device is rooted.

      evasion

    • Checks Android system properties for emulator presence.

      evasion

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

      discovery

    • Queries the phone number (MSISDN for GSM devices)

      discovery

    • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

    • Queries information about active data network

      discovery

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

      discovery

    • Queries the mobile country code (MCC)

      discovery

    • Reads information about phone network operator.

      discovery
    behavioral1

    • Target

      gdtad.jar

    • Size

      56KB

    • MD5

      5e6545246b1a8310b35bc96bc736e548

    • SHA1

      8744e88d615d0218b294a3919634ed99292ed40a

    • SHA256

      abcdcfaaec6a6e6778b1226b6dd41f708785999431bfd32a4ebbd2e12a8b3e20

    • SHA512

      b5352a8aa365b4c50710e287793e873c445467f0b796bc80105a299f62e295e4c29a894dd18067e0a6edd65f061130aac87803ba6bcdad6bb6819009b8746b1a

    • SSDEEP

      1536:XycitfPEGerAgzp9cSUynK1wNEnJh7GL7Z/PA5CaHnX:Xycit0GyzpKknYJhKL7C5vX

    Score
    1/10
    behavioral2behavioral3behavioral4

MITRE ATT&CK Mobile v15

Tasks