Overview

overview

7

Static

static

6

f9db2e58ac...18.apk

android-9-x86

7

F88YUJ4.apk

android-9-x86

F88YUJ4.apk

android-10-x64

F88YUJ4.apk

android-11-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    f9db2e58ac3d0ec3eab7c7634bfa95e9_JaffaCakes118

  • Size

    1.1MB

  • Sample

    240927-gsbdma1fma

  • MD5

    f9db2e58ac3d0ec3eab7c7634bfa95e9

  • SHA1

    c4d67bad73e591791cb28283700a3136122ce45c

  • SHA256

    fe105078e37cd79363be8cf62afc07952b1b5d09567a511afb585b5f0be17590

  • SHA512

    53b1cf7fbbe7388d5b40038558e7707773ba2b2da1301d0a9c1c19b7ba6d0d7619e221d41562cb98659c8f8057be48dc585315f1a837024879f86822d66a018a

  • SSDEEP

    24576:ydjgdSftUCPDG/ciaeX3DFmuUK7AtJJXue5I7WaeM2X6Nt2q:gjQqDPDG/ciaenDFmuUpuII7lef6v

Score
7/10
androidbankercollectiondiscoveryevasionimpactpersistence

Malware Config

Targets

    • Target

      f9db2e58ac3d0ec3eab7c7634bfa95e9_JaffaCakes118

    • Size

      1.1MB

    • MD5

      f9db2e58ac3d0ec3eab7c7634bfa95e9

    • SHA1

      c4d67bad73e591791cb28283700a3136122ce45c

    • SHA256

      fe105078e37cd79363be8cf62afc07952b1b5d09567a511afb585b5f0be17590

    • SHA512

      53b1cf7fbbe7388d5b40038558e7707773ba2b2da1301d0a9c1c19b7ba6d0d7619e221d41562cb98659c8f8057be48dc585315f1a837024879f86822d66a018a

    • SSDEEP

      24576:ydjgdSftUCPDG/ciaeX3DFmuUK7AtJJXue5I7WaeM2X6Nt2q:gjQqDPDG/ciaenDFmuUpuII7lef6v

    Score
    7/10
    bankercollectiondiscoveryevasionimpactpersistence

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Queries the phone number (MSISDN for GSM devices)

      discovery

    • Reads the content of the SMS messages.

      collection

    • Requests cell location

      Uses Android APIs to to get current cell location.

      collectiondiscoveryevasion

    • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

    • Queries information about active data network

      discovery

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

      discovery

    • Queries the mobile country code (MCC)

      discovery

    • Reads information about phone network operator.

      discovery

    • Requests dangerous framework permissions

    behavioral1

    • Target

      F88YUJ4

    • Size

      96KB

    • MD5

      2ccef24c69721e9da759c19ca79b3f48

    • SHA1

      3d5fb18fa441e1249805b7ff103df552c5ebe4b0

    • SHA256

      0e3bfa7756771dbfbb6cab79a7a31bc74ad788b7625498617aa431d71905e20d

    • SHA512

      a94acfa01476898c20355c07a131e33b295ce5a9b017b0aa9c14198cc97f843f05f86c27bc8cfed47040746d4b90ab5f54add0c60fde9b2929be3f5b043b9f65

    • SSDEEP

      1536:AypAO/9VhXJ9WmsVHMNB9fLvBbsPF7+7jCBwhF+rOUPT/+c4tPBfajrGMF:TAO1T59iC5psdtwT+vb2JVRajr1

    Score
    1/10
    behavioral2behavioral3behavioral4

MITRE ATT&CK Mobile v15

Tasks