8a71b39b5d8572385595aa6a33f678eb9643e5595578fb7f5fd06cfd66398fb4

General

Target

b7169b7860bd7900668bab866e4ffbf7_JaffaCakes118
Size

11.8MB
Sample

240617-gptqssxdmb
MD5

b7169b7860bd7900668bab866e4ffbf7
SHA1

f7ff330353dad36b5970d032d6b96a1bceaf0c32
SHA256

8a71b39b5d8572385595aa6a33f678eb9643e5595578fb7f5fd06cfd66398fb4
SHA512

5a1b90184e625ccd79700c98c2c4d2451eb2c37406db25c8dea28bb272027446e74b904fd11ab9b41b224ed02141a432cdb215cb800a8da6a3532fd07a18040d
SSDEEP

196608:+/dI/daooE+UCsRNvis0W7WY67clpkso6SOYwsdHL8bCHobBbXw/euepa2ILPaka:+W4UPrtr68YjycHCCIVLuRayAV

Score

7^/10

Malware Config

Targets

- Target
  
  b7169b7860bd7900668bab866e4ffbf7_JaffaCakes118
- Size
  
  11.8MB
- MD5
  
  b7169b7860bd7900668bab866e4ffbf7
- SHA1
  
  f7ff330353dad36b5970d032d6b96a1bceaf0c32
- SHA256
  
  8a71b39b5d8572385595aa6a33f678eb9643e5595578fb7f5fd06cfd66398fb4
- SHA512
  
  5a1b90184e625ccd79700c98c2c4d2451eb2c37406db25c8dea28bb272027446e74b904fd11ab9b41b224ed02141a432cdb215cb800a8da6a3532fd07a18040d
- SSDEEP
  
  196608:+/dI/daooE+UCsRNvis0W7WY67clpkso6SOYwsdHL8bCHobBbXw/euepa2ILPaka:+W4UPrtr68YjycHCCIVLuRayAV
Score

7^/10

banker collection discovery evasion impact persistence
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Queries information about running processes on the device
  Application may abuse the framework's APIs to collect information about running processes on the device.
  discovery
- Queries information about the current nearby Wi-Fi networks
  Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
  discovery
- Requests cell location
  Uses Android APIs to to get current cell location.
  collection discovery evasion
- Acquires the wake lock
- Domain associated with commercial stalkerware software, includes indicators from echap.eu.org
- Queries information about active data network
  discovery
- Queries information about the current Wi-Fi connection
  Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
  discovery
- Queries the mobile country code (MCC)
  discovery
- Reads information about phone network operator.
  discovery
behavioral1
- Target
  
  __pasys_remote_banner.jar
- Size
  
  108KB
- MD5
  
  63ba17ca047dc71aa659c7ed8bb60de5
- SHA1
  
  675bd0556bce8d43cd29a6d9b3d996d41f3e0b2b
- SHA256
  
  2750f3af62f5b9d1d21f6a8215f529e472e7098ac16295b976a29115e8520a52
- SHA512
  
  5b70f6bc391276d2034a97e371adad0a635caafdfc33d32791db1432d4cca3f0364e1af6b10b574df5c8f3345bd5539a4d70455aa521f10b239e68216f5ddc39
- SSDEEP
  
  1536:JsIZFap4+HLANZ5+01fFI5iWBrANsLIHmd1C4i6L/AvuWD7i3z7Y6mrfrJvIC8O:JPZEpHrA3x1i53hxLOQ4I4mD3zk6mlI2
Score

1^/10
behavioral2 behavioral3 behavioral4
- Target
  
  __pasys_remote_feeds.jar
- Size
  
  51KB
- MD5
  
  998d0c80e8909e287ddcddb327473b10
- SHA1
  
  f8325e2e823feaee99348910f15b21fbe5a44280
- SHA256
  
  0ff2445f8cb3a2f3a188744f7f0c7e64056db4dcbe228acf368bd07063c059a0
- SHA512
  
  bdb6349308e8c719524a7b14d84ec7a2abf1dd64a3d2e4ce04eb942df71860c2d03b0dfd5d032565dbbd564416a568d43db5d28c528a95ca57841c065da1d4d2
- SSDEEP
  
  768:4y9d5mXbldQcKnJU5WEsG0YZhE+a8azMv0MgyKvgQ6eGjL8i0kitSD7rKTN:J9kobJREVZzavzMhgyxBek8i0tKnKTN
Score

1^/10
behavioral5 behavioral6 behavioral7