Overview

overview

8

Static

static

6

956ca61d73...18.apk

android-9-x86

8

956ca61d73...18.apk

android-11-x64

8

dump.apk

android-9-x86

1

dump.apk

android-10-x64

1

dump.apk

android-11-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    956ca61d7390c917c49280b35cba29f5_JaffaCakes118

  • Size

    6.7MB

  • Sample

    240814-kybhcsyclk

  • MD5

    956ca61d7390c917c49280b35cba29f5

  • SHA1

    fc67d08484eae57b9e258680d3429246d94dd7f2

  • SHA256

    ef0e6985f630ded647816ce4a1d9d1820f9e6e4fd3d95baa8ac81a1f9ba1c5a2

  • SHA512

    b852bdd43fc66bbd07ad0da5aadb1b15d27ddd0a6c2cbc29e8f0e4834493b9c4787e8d7aba2c9c66906009ae178647188d7b3f91168587465c1297d72c4cce12

  • SSDEEP

    196608:W9BZESfl0u+kLJlE5HSSQu0bC5GMCTz7TZSZ:0Z4kLJlErI6eT3m

Score
8/10
androidbankercollectiondiscoveryevasionexecutionimpactpersistence

Malware Config

Targets

    • Target

      956ca61d7390c917c49280b35cba29f5_JaffaCakes118

    • Size

      6.7MB

    • MD5

      956ca61d7390c917c49280b35cba29f5

    • SHA1

      fc67d08484eae57b9e258680d3429246d94dd7f2

    • SHA256

      ef0e6985f630ded647816ce4a1d9d1820f9e6e4fd3d95baa8ac81a1f9ba1c5a2

    • SHA512

      b852bdd43fc66bbd07ad0da5aadb1b15d27ddd0a6c2cbc29e8f0e4834493b9c4787e8d7aba2c9c66906009ae178647188d7b3f91168587465c1297d72c4cce12

    • SSDEEP

      196608:W9BZESfl0u+kLJlE5HSSQu0bC5GMCTz7TZSZ:0Z4kLJlErI6eT3m

    Score
    8/10
    bankerdiscoveryevasionexecutionimpactpersistencecollection

    • Checks if the Android device is rooted.

      evasion

    • Checks known Qemu files.

      Checks for known Qemu files that exist on Android virtual device images.

      evasion

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Queries account information for other applications stored on the device

      Application may abuse the framework's APIs to collect account information stored on the device.

      collection

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

      discovery

    • Queries information about the current nearby Wi-Fi networks

      Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

      discovery

    • Requests cell location

      Uses Android APIs to to get current cell information.

      collectiondiscovery

    • Acquires the wake lock

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

      evasionpersistence

    • Queries information about active data network

      discovery

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

      discovery

    • Reads information about phone network operator.

      discovery
    behavioral1behavioral2

    • Target

      dump.jar

    • Size

      68KB

    • MD5

      fc86a61adb9f6c52f49836de04159cad

    • SHA1

      ce20ad7819f749db65e64df912e62fc95179c2de

    • SHA256

      39df03d741bb3e13392fd0c8c39fbbe903aca84b72cf1c04644ef81b13363265

    • SHA512

      7e44d71baa4cf9db1e805ce17b37b45f9621890aefce5ee5cc5c5e6e94e6cfd144ef1221e475e066b1fe3445f45982d56a107ad6fd65c2dfb6427b680d16b355

    • SSDEEP

      1536:rAbwGcYLL4MTeEhnlIKDCMzThhqzjUSykxl5R:aFf1JlIKfQU/AjR

    Score
    1/10
    behavioral3behavioral4behavioral5

MITRE ATT&CK Mobile v15

Tasks