159e969a3033801b26b6d0c69e283647a44093969f3d11df0c311c36ed63a952 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

6

d2d0a486fe...18.apk

android-9-x86

8

Sharing

General

Target

d2d0a486fe9d8e76fee51461f3604dc1_JaffaCakes118
Size

12.1MB
Sample

240907-znc1rsxblg
MD5

d2d0a486fe9d8e76fee51461f3604dc1
SHA1

e364d8ba23818b08446c62ca74a7609b8ddd9d89
SHA256

159e969a3033801b26b6d0c69e283647a44093969f3d11df0c311c36ed63a952
SHA512

9cde0c858b4e7a719aefdaf2f1315c8dd414cdeedac07cca21dab8f52312b6b9a0892b2253e437dd56e137eeb25d7145b56c4e3faf0ddde7a6aa52664c80a919
SSDEEP

393216:SX/o94NEJdONS6PFDXaw6bf9RyKCb+6zP:m/oq46NDXaDzryKd6zP

Score

8^/10

android banker discovery evasion persistence

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

d2d0a486fe9d8e76fee51461f3604dc1_JaffaCakes118.apk

Resource

android-x86-arm-20240910-en

banker discovery evasion persistence

android-9-x86

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  d2d0a486fe9d8e76fee51461f3604dc1_JaffaCakes118
- Size
  
  12.1MB
- MD5
  
  d2d0a486fe9d8e76fee51461f3604dc1
- SHA1
  
  e364d8ba23818b08446c62ca74a7609b8ddd9d89
- SHA256
  
  159e969a3033801b26b6d0c69e283647a44093969f3d11df0c311c36ed63a952
- SHA512
  
  9cde0c858b4e7a719aefdaf2f1315c8dd414cdeedac07cca21dab8f52312b6b9a0892b2253e437dd56e137eeb25d7145b56c4e3faf0ddde7a6aa52664c80a919
- SSDEEP
  
  393216:SX/o94NEJdONS6PFDXaw6bf9RyKCb+6zP:m/oq46NDXaDzryKd6zP
Score

8^/10

banker discovery evasion persistence
- Checks if the Android device is rooted.
  evasion
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Queries the phone number (MSISDN for GSM devices)
  discovery
- Domain associated with commercial stalkerware software, includes indicators from echap.eu.org
- Queries information about active data network
  discovery
- Queries information about the current Wi-Fi connection
  Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
  discovery
- Queries the mobile country code (MCC)
  discovery
- Queries the unique device ID (IMEI, MEID, IMSI)
  discovery
- Reads information about phone network operator.
  discovery
behavioral1

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

System Checks

Credential Access

Discovery

Software Discovery

Security Software Discovery

System Information Discovery

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bankerdiscoveryevasionpersistence

© 2018-2025

Terms | Privacy