Overview

overview

10

Static

static

6

d9b427c189...18.apk

android-9-x86

10

d9b427c189...18.apk

android-10-x64

10

d9b427c189...18.apk

android-11-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d9b427c189fbdda7c2d74cace3e5f184_JaffaCakes118

  • Size

    2.1MB

  • Sample

    240911-f7sqsavcrq

  • MD5

    d9b427c189fbdda7c2d74cace3e5f184

  • SHA1

    e11c14c65b923f2a0565398c36eaab6846739522

  • SHA256

    5c4a0458c581c9bc0a7729b01926cd7b1f6b5b58aaecb2f31f571d4ded7ee419

  • SHA512

    8160e92113549e662c89655f77afadb9736687fce2693f04e2b5e5a2787091debb3a37da9f8297fa8a6dd36be391de893150d011308fd12594624a95424f4ada

  • SSDEEP

    49152:8RWMOdwtaY1wr9VOge7sGR8WVlNMUHr+yP8vnIKFG53RsiXZsP2:8kMOgh1wr9H+s48UlNMUHiTvIUG53RsY

Score
10/10
hydraandroidbankercollectioncredential_accessdiscoveryevasioninfostealerpersistencestealthtrojan

Malware Config

Targets

    • Target

      d9b427c189fbdda7c2d74cace3e5f184_JaffaCakes118

    • Size

      2.1MB

    • MD5

      d9b427c189fbdda7c2d74cace3e5f184

    • SHA1

      e11c14c65b923f2a0565398c36eaab6846739522

    • SHA256

      5c4a0458c581c9bc0a7729b01926cd7b1f6b5b58aaecb2f31f571d4ded7ee419

    • SHA512

      8160e92113549e662c89655f77afadb9736687fce2693f04e2b5e5a2787091debb3a37da9f8297fa8a6dd36be391de893150d011308fd12594624a95424f4ada

    • SSDEEP

      49152:8RWMOdwtaY1wr9VOge7sGR8WVlNMUHr+yP8vnIKFG53RsiXZsP2:8kMOgh1wr9H+s48UlNMUHiTvIUG53RsY

    Score
    10/10
    hydrabankercollectioncredential_accessdiscoveryevasioninfostealerpersistencestealthtrojan

    • Hydra

      Android banker and info stealer.

      bankertrojaninfostealerhydra

    • Removes its main activity from the application launcher

      stealthtrojanevasion

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

      collectionevasioncredential_access

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Queries information about active data network

      discovery

    • Queries the mobile country code (MCC)

      discovery

    • Reads information about phone network operator.

      discovery

    • Requests enabling of the accessibility settings.

    behavioral1behavioral2behavioral3

MITRE ATT&CK Mobile v15

Tasks