5beb5e9fc022c295ed4cfe501ebc7d6e8f380fa4c72a05649c283c4e8b0f37b5 | Triage

Sharing

General

Target

6f2e59fb8cdf4b8011a481e94836767b_JaffaCakes118
Size

616KB
Sample

241023-qtvnbsvbql
MD5

6f2e59fb8cdf4b8011a481e94836767b
SHA1

3cc6d9bcc9022da4f6c9df564b3447df9e02f8d6
SHA256

5beb5e9fc022c295ed4cfe501ebc7d6e8f380fa4c72a05649c283c4e8b0f37b5
SHA512

0f06cbfa2f9f94c07e93ad42cd66c173b82d417e1eafdeca1e9f94d71729fa51cad9b1c6e479783aede0fedb52c0ca0195780f2771b794a81b2f12053e8bc050
SSDEEP

12288:FvYXs7wwqzrMXLPkeqUdFafYneCMEcbZDFTIKn1MQWnA+Rhffmdark:FvNSvGFazCyFTJ+REV

Score

8^/10

android banker collection credential_access discovery evasion impact persistence stealth trojan

Malware Config

Targets

- Target
  
  6f2e59fb8cdf4b8011a481e94836767b_JaffaCakes118
- Size
  
  616KB
- MD5
  
  6f2e59fb8cdf4b8011a481e94836767b
- SHA1
  
  3cc6d9bcc9022da4f6c9df564b3447df9e02f8d6
- SHA256
  
  5beb5e9fc022c295ed4cfe501ebc7d6e8f380fa4c72a05649c283c4e8b0f37b5
- SHA512
  
  0f06cbfa2f9f94c07e93ad42cd66c173b82d417e1eafdeca1e9f94d71729fa51cad9b1c6e479783aede0fedb52c0ca0195780f2771b794a81b2f12053e8bc050
- SSDEEP
  
  12288:FvYXs7wwqzrMXLPkeqUdFafYneCMEcbZDFTIKn1MQWnA+Rhffmdark:FvNSvGFazCyFTJ+REV
Score

8^/10

banker discovery evasion impact persistence stealth trojan collection credential_access
- Removes its main activity from the application launcher
  stealth trojan evasion
- Checks Android system properties for emulator presence.
  evasion
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Obtains sensitive information copied to the device clipboard
  Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
  collection credential_access impact
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Queries the mobile country code (MCC)
  discovery
- Queries the unique device ID (IMEI, MEID, IMSI)
  discovery
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Privilege Escalation

Defense Evasion

Download New Code at Runtime

Hide Artifacts

Suppress Application Icon

Virtualization/Sandbox Evasion

System Checks

Credential Access

Clipboard Data

Discovery

Software Discovery

Security Software Discovery

System Information Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Clipboard Data

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

Data Manipulation

Transmitted Data Manipulation

Tasks

static1

behavioral1

bankerdiscoveryevasionimpactpersistencestealthtrojan

behavioral2

bankercollectioncredential_accessdiscoveryevasionimpactpersistencestealthtrojan

behavioral3

bankercollectioncredential_accessdiscoveryevasionimpactstealthtrojan