ac4db404f91cf289fb01be4fc3585414b013a5f8313639306a48c9096ea963e8

General

Target

daa3928804d44274b39ab59a0cfc27ff_JaffaCakes118
Size

4.3MB
Sample

240911-sqpc9axfkm
MD5

daa3928804d44274b39ab59a0cfc27ff
SHA1

c0debf305aa2e23316f4ab7c2417e8648f278efe
SHA256

ac4db404f91cf289fb01be4fc3585414b013a5f8313639306a48c9096ea963e8
SHA512

4decb4a3ef995cd3e84767c0fdfb84912e1d9634a5e6ffa539928cad407951fe75a0594eb96b02fddef8dac4f291431e2e292b631d1e94e5bdbac7013d630f07
SSDEEP

98304:qYWeoZRiyP9GEQrwM9yi0XN4+VO4GGjXmsbfD/+A8Dy1ZU:qv1ZRTPJQrw7i02+VOEjWyfCibU

Score

7^/10

Malware Config

Targets

- Target
  
  daa3928804d44274b39ab59a0cfc27ff_JaffaCakes118
- Size
  
  4.3MB
- MD5
  
  daa3928804d44274b39ab59a0cfc27ff
- SHA1
  
  c0debf305aa2e23316f4ab7c2417e8648f278efe
- SHA256
  
  ac4db404f91cf289fb01be4fc3585414b013a5f8313639306a48c9096ea963e8
- SHA512
  
  4decb4a3ef995cd3e84767c0fdfb84912e1d9634a5e6ffa539928cad407951fe75a0594eb96b02fddef8dac4f291431e2e292b631d1e94e5bdbac7013d630f07
- SSDEEP
  
  98304:qYWeoZRiyP9GEQrwM9yi0XN4+VO4GGjXmsbfD/+A8Dy1ZU:qv1ZRTPJQrw7i02+VOEjWyfCibU
Score

7^/10

banker discovery persistence
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Acquires the wake lock
- Domain associated with commercial stalkerware software, includes indicators from echap.eu.org
- Queries information about active data network
  discovery
- Queries information about the current Wi-Fi connection
  Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
  discovery
- Queries the mobile country code (MCC)
  discovery
- Reads information about phone network operator.
  discovery
behavioral1
- Target
  
  alipay_preset.apk
- Size
  
  350KB
- MD5
  
  b1305a5e4779e06a6c654258b02dfb15
- SHA1
  
  f9e387482bc9649fba2aaf04ba6ae02334651223
- SHA256
  
  258c17f04df6697fccf9ae1479f35543bd4a4081edda48a1ea2c37bc1b870e6a
- SHA512
  
  9a3f94b5d38dfa8f7e6b24c0dde0b940e48a757e8634754f3c37050d826e620dfc1838c783d99e94f97b08dd7474d7b619a22d037d414300c3874476fdc90cfd
- SSDEEP
  
  6144:5FeKnPt0/sEGId2fuRmlxLwEd0r2FfS4QlV7G8v9oKvFuQL2bBV2fnayx5:5FeKFFEGc2ymsMa4QlV7G8Ge62fnayv
Score

7^/10

collection discovery evasion
- Requests cell location
  Uses Android APIs to to get current cell location.
  collection discovery evasion
- Queries information about active data network
  discovery
- Queries information about the current Wi-Fi connection
  Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
  discovery
behavioral2
- Target
  
  huafubao.apk
- Size
  
  289KB
- MD5
  
  f85cf7fa8b498c833a7432ec70aeb7ac
- SHA1
  
  30a89809790ad7ee687e374e6543f32ecb74c856
- SHA256
  
  fbe72488ac9f404838175fb6eaf0212828ccda19f27f9a9f75f89ac4d753d466
- SHA512
  
  11ef42f2bcbf5ff4429d72ab33f3e723002be330e797226f50b822d88be55078ca32b59099514919d3d36229947f5733b0aea3c08589d793de149afb762faeb5
- SSDEEP
  
  6144:TbnpAKB42qBBaQWl8FjjKHG66ufzxD+CzygMT:OKBeBaQM8ZR69h+tV
Score

6^/10

discovery evasion persistence
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Queries information about active data network
  discovery
- Reads information about phone network operator.
  discovery
behavioral3