Overview
overview
8Static
static
64ae5620eab...18.apk
android-9-x86
74ae5620eab...18.apk
android-11-x64
8com.newpay...dk.apk
android-9-x86
1com.newpay...dk.apk
android-10-x64
1com.newpay...dk.apk
android-11-x64
1com.skymob...17.apk
android-9-x86
1com.skymob...17.apk
android-10-x64
1com.skymob...17.apk
android-11-x64
1com.skymob...11.apk
android-9-x86
1com.skymob...11.apk
android-10-x64
1com.skymob...11.apk
android-11-x64
1com.skymob...39.apk
android-9-x86
com.skymob...39.apk
android-10-x64
com.skymob...39.apk
android-11-x64
skymobi_pa...in.apk
android-9-x86
4skymobi_pa...in.apk
android-10-x64
4skymobi_pa...in.apk
android-11-x64
1General
-
Target
4ae5620eabc6aec3f8a0ed38e75cf32d_JaffaCakes118
-
Size
2.3MB
-
Sample
241016-b9qxrawhrg
-
MD5
4ae5620eabc6aec3f8a0ed38e75cf32d
-
SHA1
1b1ecab8ff543584851681ca05213bc70be82741
-
SHA256
e7cb6501f711199d114af7ebb4419d7038ce7baf2d44e9fc1e59a0695b669490
-
SHA512
86b34c26697d200af9210ac87d739c83c4487c5cbd727a901f993242b1056d90e3c9373bc08c8e9fa0cc3edc0fd521afccc016b0604d46365114964c167a1768
-
SSDEEP
49152:eDa6+rtlY6bbmDma0mPy1XiRHmcTnBLybSh36D/4rwbKRzKIeyiZciMz:8a6kbbmDmi6hoBqa3U/oMOzFeyMjMz
Static task
static1
Behavioral task
behavioral1
Sample
4ae5620eabc6aec3f8a0ed38e75cf32d_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
4ae5620eabc6aec3f8a0ed38e75cf32d_JaffaCakes118.apk
Resource
android-x64-arm64-20240624-en
Behavioral task
behavioral3
Sample
com.newpay.spsdk.smspay.zfmgsdk.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral4
Sample
com.newpay.spsdk.smspay.zfmgsdk.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral5
Sample
com.newpay.spsdk.smspay.zfmgsdk.apk
Resource
android-x64-arm64-20240624-en
Behavioral task
behavioral6
Sample
com.skymobi.pay.plugin.main_v10017.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral7
Sample
com.skymobi.pay.plugin.main_v10017.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral8
Sample
com.skymobi.pay.plugin.main_v10017.apk
Resource
android-x64-arm64-20240624-en
Behavioral task
behavioral9
Sample
com.skymobi.pay.plugin.recordupload_v10011.apk
Resource
android-x86-arm-20240910-en
Behavioral task
behavioral10
Sample
com.skymobi.pay.plugin.recordupload_v10011.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral11
Sample
com.skymobi.pay.plugin.recordupload_v10011.apk
Resource
android-x64-arm64-20240910-en
Behavioral task
behavioral12
Sample
com.skymobi.pay.plugin.smspay_v10039.apk
Resource
android-x86-arm-20240910-en
Behavioral task
behavioral13
Sample
com.skymobi.pay.plugin.smspay_v10039.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral14
Sample
com.skymobi.pay.plugin.smspay_v10039.apk
Resource
android-x64-arm64-20240910-en
Behavioral task
behavioral15
Sample
skymobi_pay_wxplugin.apk
Resource
android-x86-arm-20240910-en
Behavioral task
behavioral16
Sample
skymobi_pay_wxplugin.apk
Resource
android-x64-20240910-en
Behavioral task
behavioral17
Sample
skymobi_pay_wxplugin.apk
Resource
android-x64-arm64-20240910-en
Malware Config
Targets
-
-
Target
4ae5620eabc6aec3f8a0ed38e75cf32d_JaffaCakes118
-
Size
2.3MB
-
MD5
4ae5620eabc6aec3f8a0ed38e75cf32d
-
SHA1
1b1ecab8ff543584851681ca05213bc70be82741
-
SHA256
e7cb6501f711199d114af7ebb4419d7038ce7baf2d44e9fc1e59a0695b669490
-
SHA512
86b34c26697d200af9210ac87d739c83c4487c5cbd727a901f993242b1056d90e3c9373bc08c8e9fa0cc3edc0fd521afccc016b0604d46365114964c167a1768
-
SSDEEP
49152:eDa6+rtlY6bbmDma0mPy1XiRHmcTnBLybSh36D/4rwbKRzKIeyiZciMz:8a6kbbmDmi6hoBqa3U/oMOzFeyMjMz
-
Checks if the Android device is rooted.
-
Checks Android system properties for emulator presence.
-
Obtains sensitive information copied to the device clipboard
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Queries information about running processes on the device
Application may abuse the framework's APIs to collect information about running processes on the device.
-
Queries the phone number (MSISDN for GSM devices)
-
Reads the content of SMS inbox messages.
-
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org
-
Queries information about active data network
-
Queries information about the current Wi-Fi connection
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries the mobile country code (MCC)
-
Reads information about phone network operator.
-
-
-
Target
com.newpay.spsdk.smspay.zfmgsdk.apk
-
Size
95KB
-
MD5
25cdc4eb758d0a793c61da97a2c02a9f
-
SHA1
dcaf1d357c8dd5e131b65d0eecfc509a93efdc1e
-
SHA256
0d1300ee97decedb4a6dc4a0304779ba475153fc1185f39d92d2df4865416866
-
SHA512
94bd124255b13fab7a20c14994666a4ddddc5c83890a01220db562225dadf7589377d01365840802dd5cc36b89a77a3dc8f9bd15067abed721f1b36b1cf89927
-
SSDEEP
1536:uOioreFZ+v4Dx0XUvVBqCqG9UnLEFrzZF00AEOHlveECCNwl4iu+G8aAWDKsF9kQ:uPoreT+wDx0QAyrzZWA3CfRnjKckxuGQ
Score1/10 -
-
-
Target
com.skymobi.pay.plugin.main_v10017.pl
-
Size
59KB
-
MD5
4fe57f0dbc1364a52f9616aca9623ee8
-
SHA1
d3fbaaafd79ff09ec88ad343e46258cfbda4139b
-
SHA256
c4a8a02e900f4fb066a0e8d4c9e2976c9a0f252729058b2915fdc93eae65af49
-
SHA512
e08aec2c36ccddc5b16409bf2d62ed6aa5e2ef468025779b400997f86c0b0943fbe16012e21be8e99685e743b3ef77adfa74b4c7bc03d30f6a506520c0edf17d
-
SSDEEP
1536:8ZWPMIYcGLcXagIirfjDYvR76G86bHT01LVj:8Ze/KpTiXMN6LSHT05Vj
Score1/10 -
-
-
Target
com.skymobi.pay.plugin.recordupload_v10011.pl
-
Size
42KB
-
MD5
95f7902d7442815283d4473ed23f3cca
-
SHA1
d2576ae331a71fc43968ed53eb73623c966aa7a3
-
SHA256
40952f4694ea1ad807aaffb579f146287bda52a15db2fa631571eb59efb3666b
-
SHA512
e6ed8ccab7245ac352af3dab4eb866a7fe69c9374c8e3568630ba40a8ebcf1aee36ef2d3ff99941b3a900a1b7c60ab05fecc5b9fcc6a0754ece2feba4210bb06
-
SSDEEP
768:J8zZxl2ezpx6l9tgZO5Ea2Ahe5B9M2t78xC8cJOzibemqfM9+lsA:Juxl1zpQgZOt2z978WnemDA
Score1/10 -
-
-
Target
com.skymobi.pay.plugin.smspay_v10039.pl
-
Size
248KB
-
MD5
f7b9113f2220d0c9bafb01c3c1864e5e
-
SHA1
40e8abb05c69f87a9e4e723885e6855d177c44e5
-
SHA256
229dc2c46231d85e6b4298f7e6a067df9840c754d4b1440e2e9594f92d000040
-
SHA512
7342091212a23843a2d5d4d9ef18d3aeff8d3c27657f4ece882f0a90844c00ee6b6179de9c750c3050468ed3aaaff46c37f6b966110b65b22c59330d2f614756
-
SSDEEP
6144:M5djDaCE+IKyOhmkHkj0cCTfT/YPoUt75p3KV8zaqqD1:AzE+aOfTOZtFxaDD1
Score1/10 -
-
-
Target
skymobi_pay_wxplugin.apk
-
Size
33KB
-
MD5
73d8a99bf9de4eb876f1739627197190
-
SHA1
135f99fe90f129274c74f5c9b032294bfae3d05a
-
SHA256
6d6f22a6688689b35a723620794bc03e958a69e1770073bd921d3c6129733f26
-
SHA512
d5d9068f5fbf3c85bafb8edf084c40e4411814f02542cde120815951c6a2cfae78a0b08f930ef7143f10145ce0abcbd942c44f54afbb0d963ba47c653a162049
-
SSDEEP
768:iwFX6Lei59coj/94ML6plol/S54bLhWQeJ:iwF0t5jj1/LMcaivhWQC
Score4/10 -
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Execution Guardrails
1Geofencing
1Virtualization/Sandbox Evasion
3System Checks
3Discovery
Location Tracking
1Process Discovery
1System Information Discovery
3System Network Configuration Discovery
3System Network Connections Discovery
2