irata | 2dbcdaa517464d2a1865a412dcaa7d6d87c165c2582ca024c164004af15b41bb

Sharing

Copy URL

Twitter E-mail

General

Target

c1f5a50625b0cd10266f1dc5413c810b_JaffaCakes118
Size

16.4MB
Sample

240826-bat55axcpm
MD5

c1f5a50625b0cd10266f1dc5413c810b
SHA1

2e627391016ddab7de61dbadc7728550ce6c9f8d
SHA256

2dbcdaa517464d2a1865a412dcaa7d6d87c165c2582ca024c164004af15b41bb
SHA512

59a58cea4887d758042cbe51cac39ab96aaa6836a20671440f6b3c32feb1212f5147a3ddc89986cdf992474396674126783ea7dce4c60cba0911ab0b43fc9ba7
SSDEEP

393216:AUskaRlwiD5y2fZQPWp5HVqZ3OdGGfyoVCwqaMgU:AUPaRlwidy6mPk51qAewCw7MgU

Score

10^/10

Malware Config

Targets

- Target
  
  c1f5a50625b0cd10266f1dc5413c810b_JaffaCakes118
- Size
  
  16.4MB
- MD5
  
  c1f5a50625b0cd10266f1dc5413c810b
- SHA1
  
  2e627391016ddab7de61dbadc7728550ce6c9f8d
- SHA256
  
  2dbcdaa517464d2a1865a412dcaa7d6d87c165c2582ca024c164004af15b41bb
- SHA512
  
  59a58cea4887d758042cbe51cac39ab96aaa6836a20671440f6b3c32feb1212f5147a3ddc89986cdf992474396674126783ea7dce4c60cba0911ab0b43fc9ba7
- SSDEEP
  
  393216:AUskaRlwiD5y2fZQPWp5HVqZ3OdGGfyoVCwqaMgU:AUPaRlwidy6mPk51qAewCw7MgU
Score

7^/10

discovery evasion
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Queries the phone number (MSISDN for GSM devices)
  discovery
- Acquires the wake lock
- Queries the unique device ID (IMEI, MEID, IMSI)
  discovery
behavioral1 behavioral2
- Target
  
  muzhiwanapp.apk
- Size
  
  6.7MB
- MD5
  
  f166fff17a539f053550965c87c42054
- SHA1
  
  8be071793576b6e324db218f02a017439fe826a3
- SHA256
  
  efa8e431c5d5b3bda3cfc0da4392d14ef447643412bbea22536a155c7aae82b4
- SHA512
  
  26869689b5a58e52e63d95b07cf04f560c4580e9bd408a432a61acace492201ffe93cb7e4166a360530eff8fa3827ae0df83ee43e30daa7f670010d59a8bab8a
- SSDEEP
  
  98304:thCSkJBDmTuhW+7eF0JUQ4KMB6NQP4WfxRENHpxPOJHMMC1dh4Zadvtvc8Y6dtR3:nru6wUQMBj4WfOHp+HPC1z4mkKdYIx
Score

8^/10

discovery evasion banker impact
- Checks if the Android device is rooted.
  evasion
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Queries information about running processes on the device
  Application may abuse the framework's APIs to collect information about running processes on the device.
  discovery
- Acquires the wake lock
- Domain associated with commercial stalkerware software, includes indicators from echap.eu.org
- Queries information about active data network
  discovery
- Queries information about the current Wi-Fi connection
  Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
  discovery
- Queries the unique device ID (IMEI, MEID, IMSI)
  discovery
- Reads information about phone network operator.
  discovery
behavioral3 behavioral4
- Target
  
  mzw_d
- Size
  
  59KB
- MD5
  
  b2a8fd2dba92c8f75869f79c70d441da
- SHA1
  
  faaf88b3c3653fc205a3a125ccb77fbc87b76215
- SHA256
  
  2514431fe50d909ac1385e07341ed8878b5f2400df151df5a43a59b98a31ea02
- SHA512
  
  a66893a5bb935dfefdc12ea32c2407cf9d8d040ff82852b415c599beb94d002ce77ec15bbac3f78ae6758a8c7f5e83c799ad84fb8ce2e6763da88a9bb20aa7b6
- SSDEEP
  
  1536:zsgtqpcH/obgLKxe7wust6XTyLaFcBowg/pL2Nka2MXX3C:zsqqKH/BKxXMXTym/pyKiXnC
Score

1^/10
behavioral5
- Target
  
  mzw_g
- Size
  
  42KB
- MD5
  
  c04d422c5a4bf58a127bbf2bf014965c
- SHA1
  
  3b1f3f4ad21fe0febe567e5a56996a7e61658cf9
- SHA256
  
  7a28fd857e1283e351d37931cc6e23cd6de5ad2fd4d3d23337a6f162b07f3978
- SHA512
  
  6cb2768a8344e3da470472ea906b5be2e33a24384efe35cdc3c0b0c24351c3b34444a4d2d6a9e21c48927b85554aaa3904fb0361071c0711841565222253e0a8
- SSDEEP
  
  768:ccPeR+EU5maX9WkB/gUrXFWLKxe7X+Fu9hRv6Xf3QpD+X7aFkuzkjEC:ccPeRiNWkZbgLKxe7wuzt6XCyLaFm3
Score

1^/10
behavioral6 behavioral7 behavioral8
- Target
  
  stasdk_core
- Size
  
  2.1MB
- MD5
  
  e1dd5bacfa75b9cf6abf6eaa1635e3c7
- SHA1
  
  96a86954d989f634798c91523712c34eab06da3d
- SHA256
  
  8dc8a08cb4af889317d11fec26e2c1058f2af5056a4dbc25deaec8707073947f
- SHA512
  
  e62c106f91d7a7202411a6938ed721fa695257f205e93772a87c59804a899a1bafd4887d48f2c9f33e5fe3ab6965227beb3fee007515ceb926e83d0e990fcc37
- SSDEEP
  
  49152:V1anRWSRRAeAOHy5mWr7cZVsjFrcZzVCuSlH7WKYnRgIpLLw:naRW0AqyJ0vsjFGzoNK7nRgIpLw
Score

7^/10

collection discovery evasion impact persistence
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Queries information about running processes on the device
  Application may abuse the framework's APIs to collect information about running processes on the device.
  discovery
- Queries information about the current nearby Wi-Fi networks
  Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
  discovery
- Requests cell location
  Uses Android APIs to to get current cell location.
  collection discovery evasion
- Requests cell location
  Uses Android APIs to to get current cell information.
  collection discovery
- Queries information about active data network
  discovery
- Queries information about the current Wi-Fi connection
  Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
  discovery
- Reads information about phone network operator.
  discovery
behavioral10 behavioral9