General
-
Target
bcbb97c44674c0fa9ee662d2faa83e96_JaffaCakes118
-
Size
11.1MB
-
Sample
240618-s7aw7azeja
-
MD5
bcbb97c44674c0fa9ee662d2faa83e96
-
SHA1
b339c5a821cf8129b29bdc86d5a8cdde8a25490e
-
SHA256
a84fcb8cecea4ada83ad0725925e121e9c56ceadd54c1dcb6566ccd2eea0abdb
-
SHA512
9601026ca128430b465920e09502dfae2efe13e5c7816dcf638b7ca2fb5508ab78205c8637b3ab5d9d20419e98343b66fd0fee2ca70a1c83bffc87f65ff8b834
-
SSDEEP
196608:Y2+mbMGvTPg+T2eebq1HKmYKziFbJfi9XyN3yeJ4H2mid76ZrXYCidv4l3VW:GGE+T2KEQzVOE2xMYCiypVW
Static task
static1
Behavioral task
behavioral1
Sample
bcbb97c44674c0fa9ee662d2faa83e96_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral2
Sample
bcbb97c44674c0fa9ee662d2faa83e96_JaffaCakes118.apk
Resource
android-33-x64-arm64-20240611.1-en
Behavioral task
behavioral3
Sample
gdtadv2.apk
Resource
android-x86-arm-20240611.1-en
Malware Config
Targets
-
-
Target
bcbb97c44674c0fa9ee662d2faa83e96_JaffaCakes118
-
Size
11.1MB
-
MD5
bcbb97c44674c0fa9ee662d2faa83e96
-
SHA1
b339c5a821cf8129b29bdc86d5a8cdde8a25490e
-
SHA256
a84fcb8cecea4ada83ad0725925e121e9c56ceadd54c1dcb6566ccd2eea0abdb
-
SHA512
9601026ca128430b465920e09502dfae2efe13e5c7816dcf638b7ca2fb5508ab78205c8637b3ab5d9d20419e98343b66fd0fee2ca70a1c83bffc87f65ff8b834
-
SSDEEP
196608:Y2+mbMGvTPg+T2eebq1HKmYKziFbJfi9XyN3yeJ4H2mid76ZrXYCidv4l3VW:GGE+T2KEQzVOE2xMYCiypVW
-
Checks if the Android device is rooted.
-
Checks known Qemu files.
Checks for known Qemu files that exist on Android virtual device images.
-
Checks known Qemu pipes.
Checks for known pipes used by the Android emulator to communicate with the host.
-
Queries information about running processes on the device
Application may abuse the framework's APIs to collect information about running processes on the device.
-
Queries information about the current nearby Wi-Fi networks
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
-
Queries information about active data network
-
Queries information about the current Wi-Fi connection
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries the unique device ID (IMEI, MEID, IMSI)
-
Reads information about phone network operator.
-
Listens for changes in the sensor environment (might be used to detect emulation)
-
-
-
Target
gdtadv2.jar
-
Size
636KB
-
MD5
cf57d4f9f2ccd86816c4f02989252423
-
SHA1
6978f24478ba9baa004bf4d21db251fe67957ec2
-
SHA256
e6df28c535e661d33a134407674c32555fb985a6a8f3bf8ec743150db61fa7ec
-
SHA512
f759aea4c4fb91ce69f8238bd0e7c0f99b826cad04fc9c5f47c5afde2eceaf71d515d00f0e08b73c169e1a8bd21a17ddd3971bae27ddeb6960daaf5c5d719d4b
-
SSDEEP
12288:lsocNwAPog24tsNbfevYHzN953QZlo5M0f+DMpP7x07S232vjUG:MNvPA9oYHzN953QEM0npDx0nm
Score1/10 -
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Scheduled Task/Job
1Defense Evasion
Execution Guardrails
1Geofencing
1Hide Artifacts
1User Evasion
1Virtualization/Sandbox Evasion
4System Checks
4