812a154d46d5fc703bc0b56eae32c2403038fa4c4e0086b3c85f1c8922f895ec | Triage

Sharing

Copy URL Twitter E-mail

General

Target

528f837d06eeed41f47ad96a4764a574_JaffaCakes118
Size

17.3MB
Sample

241017-tmalcsxbpl
MD5

528f837d06eeed41f47ad96a4764a574
SHA1

9ba9372885dc1c3fb44da3d2cfe2cc86079bb4fd
SHA256

812a154d46d5fc703bc0b56eae32c2403038fa4c4e0086b3c85f1c8922f895ec
SHA512

b6be4ce593473181dac781d7ef87db567c9b6e4b8583c4c13807307927b554a24f19fc1fb00580931b43705efc296cae80be16fac95d4ad259eef7d195b5c6b3
SSDEEP

393216:QoTnf9Up7mFTyhmJt0pvtLuwpATWOve2bop1CLf:QoD7TyhkAvtjEy2qif

Score

7^/10

android banker collection discovery evasion impact persistence

Malware Config

Targets

- Target
  
  528f837d06eeed41f47ad96a4764a574_JaffaCakes118
- Size
  
  17.3MB
- MD5
  
  528f837d06eeed41f47ad96a4764a574
- SHA1
  
  9ba9372885dc1c3fb44da3d2cfe2cc86079bb4fd
- SHA256
  
  812a154d46d5fc703bc0b56eae32c2403038fa4c4e0086b3c85f1c8922f895ec
- SHA512
  
  b6be4ce593473181dac781d7ef87db567c9b6e4b8583c4c13807307927b554a24f19fc1fb00580931b43705efc296cae80be16fac95d4ad259eef7d195b5c6b3
- SSDEEP
  
  393216:QoTnf9Up7mFTyhmJt0pvtLuwpATWOve2bop1CLf:QoD7TyhkAvtjEy2qif
Score

7^/10

discovery persistence banker collection evasion impact
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Queries information about running processes on the device
  Application may abuse the framework's APIs to collect information about running processes on the device.
  discovery
- Requests cell location
  Uses Android APIs to to get current cell location.
  collection discovery evasion
- Domain associated with commercial stalkerware software, includes indicators from echap.eu.org
- Queries information about active data network
  discovery
- Listens for changes in the sensor environment (might be used to detect emulation)
  evasion
behavioral1 behavioral2

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Privilege Escalation

Defense Evasion

Execution Guardrails

Geofencing

Hide Artifacts

User Evasion

Virtualization/Sandbox Evasion

System Checks

Credential Access

Discovery

Location Tracking

Process Discovery

Software Discovery

Security Software Discovery

System Information Discovery

System Network Connections Discovery

Lateral Movement

Collection

Location Tracking

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

bankercollectiondiscoveryevasionimpact