Overview

overview

8

Static

static

6

747c3978e2...18.apk

android-9-x86

8

747c3978e2...18.apk

android-13-x64

dump.apk

android-9-x86

1

dump.apk

android-10-x64

1

dump.apk

android-11-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    747c3978e270a4580e34e8cbd47a06ae_JaffaCakes118

  • Size

    6.7MB

  • Sample

    240726-r38rzsxfmd

  • MD5

    747c3978e270a4580e34e8cbd47a06ae

  • SHA1

    6c6b871bac35ebd9302a0f4435fc4e6ef66688fe

  • SHA256

    5bc861ae0992f6ae1a5f5617eccd134ecc14167c930fab2e84d93d7b458126e4

  • SHA512

    3e675270deb2f34d393f22b01ff3b32dcba3a237f8b8aa778b08058ae5e26f122948f7faa8c468c2e7478a4c2db1c51ab38640d6f3b9f2daad29cdc73a6be7f1

  • SSDEEP

    196608:W9BZESfl0u+kLJlE5HSSQu0bC5GMCTz7TZS9:0Z4kLJlErI6eT3e

Score
8/10
androidbankercollectiondiscoveryevasionexecutionimpactpersistence

Malware Config

Targets

    • Target

      747c3978e270a4580e34e8cbd47a06ae_JaffaCakes118

    • Size

      6.7MB

    • MD5

      747c3978e270a4580e34e8cbd47a06ae

    • SHA1

      6c6b871bac35ebd9302a0f4435fc4e6ef66688fe

    • SHA256

      5bc861ae0992f6ae1a5f5617eccd134ecc14167c930fab2e84d93d7b458126e4

    • SHA512

      3e675270deb2f34d393f22b01ff3b32dcba3a237f8b8aa778b08058ae5e26f122948f7faa8c468c2e7478a4c2db1c51ab38640d6f3b9f2daad29cdc73a6be7f1

    • SSDEEP

      196608:W9BZESfl0u+kLJlE5HSSQu0bC5GMCTz7TZS9:0Z4kLJlErI6eT3e

    Score
    8/10
    bankercollectiondiscoveryevasionexecutionimpactpersistence

    • Checks if the Android device is rooted.

      evasion

    • Checks known Qemu files.

      Checks for known Qemu files that exist on Android virtual device images.

      evasion

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Queries account information for other applications stored on the device

      Application may abuse the framework's APIs to collect account information stored on the device.

      collection

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

      discovery

    • Queries information about the current nearby Wi-Fi networks

      Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

      discovery

    • Requests cell location

      Uses Android APIs to to get current cell location.

      collectiondiscoveryevasion

    • Acquires the wake lock

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

      evasionpersistence

    • Queries information about active data network

      discovery

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

      discovery

    • Reads information about phone network operator.

      discovery
    behavioral1behavioral2

    • Target

      dump.jar

    • Size

      68KB

    • MD5

      fc86a61adb9f6c52f49836de04159cad

    • SHA1

      ce20ad7819f749db65e64df912e62fc95179c2de

    • SHA256

      39df03d741bb3e13392fd0c8c39fbbe903aca84b72cf1c04644ef81b13363265

    • SHA512

      7e44d71baa4cf9db1e805ce17b37b45f9621890aefce5ee5cc5c5e6e94e6cfd144ef1221e475e066b1fe3445f45982d56a107ad6fd65c2dfb6427b680d16b355

    • SSDEEP

      1536:rAbwGcYLL4MTeEhnlIKDCMzThhqzjUSykxl5R:aFf1JlIKfQU/AjR

    Score
    1/10
    behavioral3behavioral4behavioral5

MITRE ATT&CK Matrix

Tasks