Overview

overview

8

Static

static

6

f02f5abb48...18.apk

android-9-x86

7

f02f5abb48...18.apk

android-10-x64

8

f02f5abb48...18.apk

android-11-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    f02f5abb48369e4b47587cc45fb5cb71_JaffaCakes118

  • Size

    10.4MB

  • Sample

    240921-tw7x8a1grb

  • MD5

    f02f5abb48369e4b47587cc45fb5cb71

  • SHA1

    07074b667f74f03eddb9fc6c7a432ee9da59eb31

  • SHA256

    363d31b7709a8ed071f7619a4119a1b7c72e95a4f2047d1baa442c14ef91244e

  • SHA512

    ec21f67df364d2ca988c9cf35fc956a82e4d4d4c6781851f3f441ff0ea7c3adfb60c786fda07683f211a8a668d85a116305d4d91a5ae12b2d3356fd1aabc5a26

  • SSDEEP

    196608:DXka7jYwfaoEhUoSHRyAcxfMXojsghmLexENKweIFd2qzSlcqKtUfKi/a:wa//iThtwybZNIeekweaTeczTia

Score
8/10
androidbankercollectioncredential_accessdiscoveryevasionimpactpersistence

Malware Config

Targets

    • Target

      f02f5abb48369e4b47587cc45fb5cb71_JaffaCakes118

    • Size

      10.4MB

    • MD5

      f02f5abb48369e4b47587cc45fb5cb71

    • SHA1

      07074b667f74f03eddb9fc6c7a432ee9da59eb31

    • SHA256

      363d31b7709a8ed071f7619a4119a1b7c72e95a4f2047d1baa442c14ef91244e

    • SHA512

      ec21f67df364d2ca988c9cf35fc956a82e4d4d4c6781851f3f441ff0ea7c3adfb60c786fda07683f211a8a668d85a116305d4d91a5ae12b2d3356fd1aabc5a26

    • SSDEEP

      196608:DXka7jYwfaoEhUoSHRyAcxfMXojsghmLexENKweIFd2qzSlcqKtUfKi/a:wa//iThtwybZNIeekweaTeczTia

    Score
    8/10
    bankerdiscoverypersistencecollectioncredential_accessevasionimpact

    • Checks if the Android device is rooted.

      evasion

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Obtains sensitive information copied to the device clipboard

      Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

      collectioncredential_accessimpact

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

      discovery

    • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

    • Queries information about active data network

      discovery

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

      discovery

    • Queries the mobile country code (MCC)

      discovery

    • Queries the unique device ID (IMEI, MEID, IMSI)

      discovery

    • Reads information about phone network operator.

      discovery
    behavioral1behavioral2behavioral3

MITRE ATT&CK Mobile v15

Tasks