Overview

overview

8

Static

static

6

fafa395235...18.apk

android-9-x86

8

fafa395235...18.apk

android-13-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    fafa39523588ef78b0d3523e54b9bdac_JaffaCakes118

  • Size

    13.0MB

  • Sample

    240927-1wdsps1hmk

  • MD5

    fafa39523588ef78b0d3523e54b9bdac

  • SHA1

    bb25c3684588e251351548b759d3d93cbd9125fa

  • SHA256

    da9c464c8aae2005b608d7c802b866e7f8a177d2d5ab0a66dbe0763b061df23f

  • SHA512

    726bac98a65fe7cef8b56dc5b77be617634a0362c8be06352fb0a652bef3f0040cbfc66a8230708a3af8260992b3da71f21cbba3d29c507cde139b15e234dbfc

  • SSDEEP

    196608:Te25DEeq8ByFZYUd12ji+95n4Rkt9MHxR4RftPLF0orHQSaIZ1xmPqU8caQp:lDEsBiZYUqumdfMHLufxLF0obQSaSmnp

Score
8/10
androidbankercollectiondiscoveryevasionexecutionimpactpersistence

Malware Config

Targets

    • Target

      fafa39523588ef78b0d3523e54b9bdac_JaffaCakes118

    • Size

      13.0MB

    • MD5

      fafa39523588ef78b0d3523e54b9bdac

    • SHA1

      bb25c3684588e251351548b759d3d93cbd9125fa

    • SHA256

      da9c464c8aae2005b608d7c802b866e7f8a177d2d5ab0a66dbe0763b061df23f

    • SHA512

      726bac98a65fe7cef8b56dc5b77be617634a0362c8be06352fb0a652bef3f0040cbfc66a8230708a3af8260992b3da71f21cbba3d29c507cde139b15e234dbfc

    • SSDEEP

      196608:Te25DEeq8ByFZYUd12ji+95n4Rkt9MHxR4RftPLF0orHQSaIZ1xmPqU8caQp:lDEsBiZYUqumdfMHLufxLF0obQSaSmnp

    Score
    8/10
    bankercollectiondiscoveryevasionexecutionimpactpersistence

    • Checks if the Android device is rooted.

      evasion

    • Checks known Qemu files.

      Checks for known Qemu files that exist on Android virtual device images.

      evasion

    • Checks known Qemu pipes.

      Checks for known pipes used by the Android emulator to communicate with the host.

      evasion

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

      discovery

    • Queries information about the current nearby Wi-Fi networks

      Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

      discovery

    • Queries the phone number (MSISDN for GSM devices)

      discovery

    • Requests cell location

      Uses Android APIs to to get current cell location.

      collectiondiscoveryevasion

    • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

    • Queries information about active data network

      discovery

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

      discovery

    • Reads information about phone network operator.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Mobile v15

Tasks