Overview

overview

10

Static

static

10

b8630d518f...18.apk

android-9-x86

8

gdtad.apk

android-9-x86

gdtad.apk

android-10-x64

gdtad.apk

android-11-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b8630d518f1018c882b1afe8283f9c7f_JaffaCakes118

  • Size

    8.1MB

  • Sample

    240617-nmra8asglk

  • MD5

    b8630d518f1018c882b1afe8283f9c7f

  • SHA1

    535db5f7f7fbffdc09b7f9db0503b43ddeac8e24

  • SHA256

    2422b7e9020fb1ec65103395b86bf4e6a8a1b9b652061d9c67f5cda7a03501f9

  • SHA512

    696e36728c59c8707196221c236d1233bd9d1d2a8fb6acf32fb81069e4e4e8a4ac358045cc7308ac98600065c3dcef2c81423db798b289e7c02035f465eb8c91

  • SSDEEP

    196608:XAb5Y0CIlbjPI0pfx7II7mprtsT66IGb0VKO6:XWC4bjPI0r7Is66o6

Score
10/10
jokerandroiddiscoveryevasionimpactpersistence

Malware Config

Targets

    • Target

      b8630d518f1018c882b1afe8283f9c7f_JaffaCakes118

    • Size

      8.1MB

    • MD5

      b8630d518f1018c882b1afe8283f9c7f

    • SHA1

      535db5f7f7fbffdc09b7f9db0503b43ddeac8e24

    • SHA256

      2422b7e9020fb1ec65103395b86bf4e6a8a1b9b652061d9c67f5cda7a03501f9

    • SHA512

      696e36728c59c8707196221c236d1233bd9d1d2a8fb6acf32fb81069e4e4e8a4ac358045cc7308ac98600065c3dcef2c81423db798b289e7c02035f465eb8c91

    • SSDEEP

      196608:XAb5Y0CIlbjPI0pfx7II7mprtsT66IGb0VKO6:XWC4bjPI0r7Is66o6

    Score
    8/10
    discoveryevasionimpactpersistence

    • Checks if the Android device is rooted.

      evasion

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

      discovery

    • Queries the phone number (MSISDN for GSM devices)

      discovery

    • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

    • Queries information about active data network

      discovery

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

      discovery

    • Queries the mobile country code (MCC)

      discovery

    • Reads information about phone network operator.

      discovery
    behavioral1

    • Target

      gdtad.jar

    • Size

      56KB

    • MD5

      5e6545246b1a8310b35bc96bc736e548

    • SHA1

      8744e88d615d0218b294a3919634ed99292ed40a

    • SHA256

      abcdcfaaec6a6e6778b1226b6dd41f708785999431bfd32a4ebbd2e12a8b3e20

    • SHA512

      b5352a8aa365b4c50710e287793e873c445467f0b796bc80105a299f62e295e4c29a894dd18067e0a6edd65f061130aac87803ba6bcdad6bb6819009b8746b1a

    • SSDEEP

      1536:XycitfPEGerAgzp9cSUynK1wNEnJh7GL7Z/PA5CaHnX:Xycit0GyzpKknYJhKL7C5vX

    Score
    1/10
    behavioral2behavioral3behavioral4

MITRE ATT&CK Mobile v15

Tasks