Overview

overview

8

Static

static

6

ee9038da5d...18.apk

android-9-x86

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    ee9038da5da0f368c5ee96bd54cd7807_JaffaCakes118

  • Size

    12.5MB

  • Sample

    240920-2kxbcasdpq

  • MD5

    ee9038da5da0f368c5ee96bd54cd7807

  • SHA1

    c1e7b87b30d411fa16a926dbe19076a83a9798d2

  • SHA256

    1889d2ac523caaa709354da57d9866cd3df93f2cedb259e682b62c0bd242b3fb

  • SHA512

    4adb3be0d203d864adef3ac3a810b3a78481c56a77b581881dca19d35e6b039a684aca67623f5e76498df828e5e9b602d71f95e767f556c50ecb602e24e71d0c

  • SSDEEP

    393216:ri/yg9P0gh44jBpLzQaV1QHG9NXvoeIHqMI:wyg9Mgh44jjzQaV1/9ao

Score
8/10
androiddiscoveryevasionimpactpersistence

Malware Config

Targets

    • Target

      ee9038da5da0f368c5ee96bd54cd7807_JaffaCakes118

    • Size

      12.5MB

    • MD5

      ee9038da5da0f368c5ee96bd54cd7807

    • SHA1

      c1e7b87b30d411fa16a926dbe19076a83a9798d2

    • SHA256

      1889d2ac523caaa709354da57d9866cd3df93f2cedb259e682b62c0bd242b3fb

    • SHA512

      4adb3be0d203d864adef3ac3a810b3a78481c56a77b581881dca19d35e6b039a684aca67623f5e76498df828e5e9b602d71f95e767f556c50ecb602e24e71d0c

    • SSDEEP

      393216:ri/yg9P0gh44jBpLzQaV1QHG9NXvoeIHqMI:wyg9Mgh44jjzQaV1/9ao

    Score
    8/10
    discoveryevasionimpactpersistence

    • Checks if the Android device is rooted.

      evasion

    • Checks known Qemu files.

      Checks for known Qemu files that exist on Android virtual device images.

      evasion

    • Checks known Qemu pipes.

      Checks for known pipes used by the Android emulator to communicate with the host.

      evasion

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

      discovery

    • Queries the phone number (MSISDN for GSM devices)

      discovery

    • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

      evasionpersistence

    • Queries information about active data network

      discovery

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

      discovery

    • Reads information about phone network operator.

      discovery
    behavioral1

MITRE ATT&CK Mobile v15

Tasks