Overview

overview

8

Static

static

6

eaf57e63a2...18.apk

android-9-x86

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    eaf57e63a2a6fc35afbd07bba8e914d6_JaffaCakes118

  • Size

    19.7MB

  • Sample

    240919-kjddeazbnb

  • MD5

    eaf57e63a2a6fc35afbd07bba8e914d6

  • SHA1

    c1c7403190c46d4ad930fb992870e4d8a4c4e2d4

  • SHA256

    9b7485d15b34c9ce1e6e9de26365f3d0a1d632f16dc6adde870a544612642d97

  • SHA512

    104e6def9ce633fddbb9b2ed5cc38bb623a5c4ee6a1682c40f8d027a8ecb6ea5035c63239f4fe96f4ccb6e06861618e6c1f9059b1ae30bfbdcf63e04cbe80a2f

  • SSDEEP

    393216:5CruAyGnVBKYum2Tgg54n+CnajCzF2ggr0ofoSNPYHVpdICWHdgJm6:Mr7yGn/ET0+3jCpM6SFYHndxWHdgw6

Score
8/10
androidbankercollectiondiscoveryevasionimpactpersistence

Malware Config

Targets

    • Target

      eaf57e63a2a6fc35afbd07bba8e914d6_JaffaCakes118

    • Size

      19.7MB

    • MD5

      eaf57e63a2a6fc35afbd07bba8e914d6

    • SHA1

      c1c7403190c46d4ad930fb992870e4d8a4c4e2d4

    • SHA256

      9b7485d15b34c9ce1e6e9de26365f3d0a1d632f16dc6adde870a544612642d97

    • SHA512

      104e6def9ce633fddbb9b2ed5cc38bb623a5c4ee6a1682c40f8d027a8ecb6ea5035c63239f4fe96f4ccb6e06861618e6c1f9059b1ae30bfbdcf63e04cbe80a2f

    • SSDEEP

      393216:5CruAyGnVBKYum2Tgg54n+CnajCzF2ggr0ofoSNPYHVpdICWHdgJm6:Mr7yGn/ET0+3jCpM6SFYHndxWHdgw6

    Score
    8/10
    bankercollectiondiscoveryevasionimpactpersistence

    • Checks if the Android device is rooted.

      evasion

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

      discovery

    • Queries information about the current nearby Wi-Fi networks

      Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

      discovery

    • Requests cell location

      Uses Android APIs to to get current cell location.

      collectiondiscoveryevasion

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

      evasionpersistence

    • Queries information about active data network

      discovery

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

      discovery

    • Queries the mobile country code (MCC)

      discovery
    behavioral1

MITRE ATT&CK Mobile v15

Tasks