Overview

overview

10

Static

static

6

c40079e960...18.apk

android-9-x86

10

c40079e960...18.apk

android-10-x64

10

c40079e960...18.apk

android-11-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c40079e960a5f4306e96d1c15da3fbec_JaffaCakes118

  • Size

    4.5MB

  • Sample

    240826-3hjsxasgjn

  • MD5

    c40079e960a5f4306e96d1c15da3fbec

  • SHA1

    281c09e16207b35080d6d17861182fde5e6175ee

  • SHA256

    47c73d0262944d49fa5f7ce979a42b80529aebc57654dda07b04d72cd2d2e260

  • SHA512

    09932f135357e263d002b0a4d9d0fa30a82bef0b010b597085a82228e5756ba06da9d6c8e01dfafa094715d5e685033aa66f703126a9f88d25cd7e01edf938c5

  • SSDEEP

    98304:vTFqttCD1m6SJo+O71eyM8mlKg8PsuJEPlUViQueqtDY7sUraYt:v8SD1h441eFp3Ykj07s8aYt

Score
10/10
hydraandroidbankercollectioncredential_accessdiscoveryevasioninfostealerpersistencetrojan

Malware Config

Targets

    • Target

      c40079e960a5f4306e96d1c15da3fbec_JaffaCakes118

    • Size

      4.5MB

    • MD5

      c40079e960a5f4306e96d1c15da3fbec

    • SHA1

      281c09e16207b35080d6d17861182fde5e6175ee

    • SHA256

      47c73d0262944d49fa5f7ce979a42b80529aebc57654dda07b04d72cd2d2e260

    • SHA512

      09932f135357e263d002b0a4d9d0fa30a82bef0b010b597085a82228e5756ba06da9d6c8e01dfafa094715d5e685033aa66f703126a9f88d25cd7e01edf938c5

    • SSDEEP

      98304:vTFqttCD1m6SJo+O71eyM8mlKg8PsuJEPlUViQueqtDY7sUraYt:v8SD1h441eFp3Ykj07s8aYt

    Score
    10/10
    hydrabankercollectioncredential_accessdiscoveryevasioninfostealerpersistencetrojan

    • Hydra

      Android banker and info stealer.

      bankertrojaninfostealerhydra

    • Hydra payload

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

      collectionevasioncredential_access

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Queries information about active data network

      discovery

    • Queries the mobile country code (MCC)

      discovery

    • Reads information about phone network operator.

      discovery
    behavioral1behavioral2behavioral3

MITRE ATT&CK Mobile v15

Tasks