Overview

overview

8

Static

static

6

5219b93905...18.apk

android-9-x86

8

5219b93905...18.apk

android-10-x64

8

5219b93905...18.apk

android-11-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5219b93905b81b3b93e81265692ceea7_JaffaCakes118

  • Size

    636KB

  • Sample

    241017-py7b9axgqa

  • MD5

    5219b93905b81b3b93e81265692ceea7

  • SHA1

    06a84c784890932e15d07909cd92e088ca643dbd

  • SHA256

    8295a67a73b1c94b4260b202a273a79cab55c4b8a8156dc9f64edd815b18f71c

  • SHA512

    068a92de585066befc8897a9a5269d18b93c049c5ed1224342b907f970fe28d4e2f9ee09dc0e092f332325e0aa861f9aca673a3b796e9b78bf7c2b8137f7e67b

  • SSDEEP

    12288:0J4LUaxJLbYf7cznXk4gJ6Xn0AZvIeFxfMYl94vvQe6ERylTEp:0l6LoUt0AZvZBMgiyd0

Score
8/10
androidbankercollectiondiscoveryevasionpersistencestealthtrojan

Malware Config

Targets

    • Target

      5219b93905b81b3b93e81265692ceea7_JaffaCakes118

    • Size

      636KB

    • MD5

      5219b93905b81b3b93e81265692ceea7

    • SHA1

      06a84c784890932e15d07909cd92e088ca643dbd

    • SHA256

      8295a67a73b1c94b4260b202a273a79cab55c4b8a8156dc9f64edd815b18f71c

    • SHA512

      068a92de585066befc8897a9a5269d18b93c049c5ed1224342b907f970fe28d4e2f9ee09dc0e092f332325e0aa861f9aca673a3b796e9b78bf7c2b8137f7e67b

    • SSDEEP

      12288:0J4LUaxJLbYf7cznXk4gJ6Xn0AZvIeFxfMYl94vvQe6ERylTEp:0l6LoUt0AZvZBMgiyd0

    Score
    8/10
    bankercollectiondiscoveryevasionpersistencestealthtrojan

    • Removes its main activity from the application launcher

      stealthtrojanevasion

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Queries account information for other applications stored on the device

      Application may abuse the framework's APIs to collect account information stored on the device.

      collection

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

      discovery

    • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

    • Queries information about active data network

      discovery

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

      discovery

    • Queries the unique device ID (IMEI, MEID, IMSI)

      discovery

    • Reads information about phone network operator.

      discovery
    behavioral1behavioral2behavioral3

MITRE ATT&CK Mobile v15

Tasks