Extracted

• • Target

    2e611c42b6a47f535bf832b054ada8d7_JaffaCakes118

  • Size

    204KB

  • MD5

    2e611c42b6a47f535bf832b054ada8d7

  • SHA1

    a68af79d9ad0ab0127ece438bccc20222e31b617

  • SHA256

    61f9b09905c02759518c50a662d7391297c24fecff9420ffd9a070497e9e1985

  • SHA512

    9ddcb3cb75d1314ce6d46bcfea297c609d4e38c99d50ebe83448cf75ecee5770d1e3ef12c0522a9665caec4fd6aa54f2de4e34a691e303790463f6a9bbf37777

  • SSDEEP

    6144:f003SDX3SDXCSDXgSDXySDXFXBPgGSbzGQ/3BjpIMcOgn:fsDSDzDlDjD1XdreGQ/JpIROgn

  Score

  8^/10

  collectioncredential_accessdiscoveryevasionpersistencestealthtrojan

  • Removes its main activity from the application launcher

    stealthtrojanevasion

  • Makes use of the framework's Accessibility service

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access

  • Queries the phone number (MSISDN for GSM devices)

    discovery

  • Acquires the wake lock

  • Makes use of the framework's foreground persistence service

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence

  • Queries information about active data network

    discovery

  • Queries the mobile country code (MCC)

    discovery

  • Reads information about phone network operator.

    discovery

  • Requests disabling of battery optimizations (often used to enable hiding in the background).

    evasion

  • Requests enabling of the accessibility settings.

  • Listens for changes in the sensor environment (might be used to detect emulation)

    evasion
  behavioral1behavioral2behavioral3