09d5b594e4fa41338aff1c9b1714c9dda47fe1acf8d17633b7746b6b276567da

Sharing

Copy URL

Twitter E-mail

General

Target

bf4c66695b2f6286d096b2b9f5064dac_JaffaCakes118
Size

12.4MB
Sample

240824-ymg3nayapm
MD5

bf4c66695b2f6286d096b2b9f5064dac
SHA1

e632b855b284bcdf8db7b32680bd738ca306f090
SHA256

09d5b594e4fa41338aff1c9b1714c9dda47fe1acf8d17633b7746b6b276567da
SHA512

ef75e0073de431e57a74710c15fe4bc11624a94405d878ce172aa8fea5e8986e113fbb03c8c08d1d7c4bb212ff031504bcb5247f617b7bd0763b22ea7b5ac3aa
SSDEEP

196608:2nby7dognF2recBU2fZP+ls8Wp5Ok/bkyRBz7xaRdAmMGz5bRHLCcd2FN6Z09B42:8D5y2fZQPWp5HVxOdGGf+cdzZ0X4MYIv

Score

8^/10

Malware Config

Targets

- Target
  
  bf4c66695b2f6286d096b2b9f5064dac_JaffaCakes118
- Size
  
  12.4MB
- MD5
  
  bf4c66695b2f6286d096b2b9f5064dac
- SHA1
  
  e632b855b284bcdf8db7b32680bd738ca306f090
- SHA256
  
  09d5b594e4fa41338aff1c9b1714c9dda47fe1acf8d17633b7746b6b276567da
- SHA512
  
  ef75e0073de431e57a74710c15fe4bc11624a94405d878ce172aa8fea5e8986e113fbb03c8c08d1d7c4bb212ff031504bcb5247f617b7bd0763b22ea7b5ac3aa
- SSDEEP
  
  196608:2nby7dognF2recBU2fZP+ls8Wp5Ok/bkyRBz7xaRdAmMGz5bRHLCcd2FN6Z09B42:8D5y2fZQPWp5HVxOdGGf+cdzZ0X4MYIv
Score

7^/10

discovery evasion
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Queries the phone number (MSISDN for GSM devices)
  discovery
behavioral1
- Target
  
  muzhiwanapp.apk
- Size
  
  6.7MB
- MD5
  
  f166fff17a539f053550965c87c42054
- SHA1
  
  8be071793576b6e324db218f02a017439fe826a3
- SHA256
  
  efa8e431c5d5b3bda3cfc0da4392d14ef447643412bbea22536a155c7aae82b4
- SHA512
  
  26869689b5a58e52e63d95b07cf04f560c4580e9bd408a432a61acace492201ffe93cb7e4166a360530eff8fa3827ae0df83ee43e30daa7f670010d59a8bab8a
- SSDEEP
  
  98304:thCSkJBDmTuhW+7eF0JUQ4KMB6NQP4WfxRENHpxPOJHMMC1dh4Zadvtvc8Y6dtR3:nru6wUQMBj4WfOHp+HPC1z4mkKdYIx
Score

8^/10

discovery evasion persistence banker collection credential_access impact
- Checks if the Android device is rooted.
  evasion
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Obtains sensitive information copied to the device clipboard
  Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
  collection credential_access impact
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Queries information about running processes on the device
  Application may abuse the framework's APIs to collect information about running processes on the device.
  discovery
- Acquires the wake lock
- Domain associated with commercial stalkerware software, includes indicators from echap.eu.org
- Queries information about active data network
  discovery
- Queries information about the current Wi-Fi connection
  Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
  discovery
- Reads information about phone network operator.
  discovery
behavioral2 behavioral3
- Target
  
  mzw_d
- Size
  
  59KB
- MD5
  
  b2a8fd2dba92c8f75869f79c70d441da
- SHA1
  
  faaf88b3c3653fc205a3a125ccb77fbc87b76215
- SHA256
  
  2514431fe50d909ac1385e07341ed8878b5f2400df151df5a43a59b98a31ea02
- SHA512
  
  a66893a5bb935dfefdc12ea32c2407cf9d8d040ff82852b415c599beb94d002ce77ec15bbac3f78ae6758a8c7f5e83c799ad84fb8ce2e6763da88a9bb20aa7b6
- SSDEEP
  
  1536:zsgtqpcH/obgLKxe7wust6XTyLaFcBowg/pL2Nka2MXX3C:zsqqKH/BKxXMXTym/pyKiXnC
Score

1^/10
behavioral4
- Target
  
  mzw_g
- Size
  
  42KB
- MD5
  
  c04d422c5a4bf58a127bbf2bf014965c
- SHA1
  
  3b1f3f4ad21fe0febe567e5a56996a7e61658cf9
- SHA256
  
  7a28fd857e1283e351d37931cc6e23cd6de5ad2fd4d3d23337a6f162b07f3978
- SHA512
  
  6cb2768a8344e3da470472ea906b5be2e33a24384efe35cdc3c0b0c24351c3b34444a4d2d6a9e21c48927b85554aaa3904fb0361071c0711841565222253e0a8
- SSDEEP
  
  768:ccPeR+EU5maX9WkB/gUrXFWLKxe7X+Fu9hRv6Xf3QpD+X7aFkuzkjEC:ccPeRiNWkZbgLKxe7wuzt6XCyLaFm3
Score

1^/10
behavioral5 behavioral6 behavioral7
- Target
  
  stasdk_core
- Size
  
  2.1MB
- MD5
  
  e1dd5bacfa75b9cf6abf6eaa1635e3c7
- SHA1
  
  96a86954d989f634798c91523712c34eab06da3d
- SHA256
  
  8dc8a08cb4af889317d11fec26e2c1058f2af5056a4dbc25deaec8707073947f
- SHA512
  
  e62c106f91d7a7202411a6938ed721fa695257f205e93772a87c59804a899a1bafd4887d48f2c9f33e5fe3ab6965227beb3fee007515ceb926e83d0e990fcc37
- SSDEEP
  
  49152:V1anRWSRRAeAOHy5mWr7cZVsjFrcZzVCuSlH7WKYnRgIpLLw:naRW0AqyJ0vsjFGzoNK7nRgIpLw
Score

7^/10

collection discovery evasion persistence
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Queries information about running processes on the device
  Application may abuse the framework's APIs to collect information about running processes on the device.
  discovery
- Queries information about the current nearby Wi-Fi networks
  Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
  discovery
- Requests cell location
  Uses Android APIs to to get current cell information.
  collection discovery
- Requests cell location
  Uses Android APIs to to get current cell location.
  collection discovery evasion
- Queries information about active data network
  discovery
- Queries information about the current Wi-Fi connection
  Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
  discovery
- Queries the unique device ID (IMEI, MEID, IMSI)
  discovery
behavioral8 behavioral9