ffddef5f1b6d3e9d2fa6da987fbc78c53adb21b91528b0bd2490b7ef29f0bca7

General

Target

6fdf34d17f3a3775b82c1dd5fdf01db7_JaffaCakes118
Size

2.2MB
Sample

241023-tz3snssanj
MD5

6fdf34d17f3a3775b82c1dd5fdf01db7
SHA1

38fe5652102703168d23ed58db9f9f9846df6214
SHA256

ffddef5f1b6d3e9d2fa6da987fbc78c53adb21b91528b0bd2490b7ef29f0bca7
SHA512

790bb21b90a530437c3f758dc82b255cfeaa9c0242f5c7d9d6609e9057ce7ff9f0145933fc979ae01cb956547a20147ba81d3905d26484918bebbe2c49dd70bb
SSDEEP

49152:APoTtBnmh+HpT7E7WkTcTJLTna1YiYNK4ziBBnmPJ:APatBmh+HpTYpTuLTMHYNKkeBmPJ

Score

8^/10

Malware Config

Targets

- Target
  
  6fdf34d17f3a3775b82c1dd5fdf01db7_JaffaCakes118
- Size
  
  2.2MB
- MD5
  
  6fdf34d17f3a3775b82c1dd5fdf01db7
- SHA1
  
  38fe5652102703168d23ed58db9f9f9846df6214
- SHA256
  
  ffddef5f1b6d3e9d2fa6da987fbc78c53adb21b91528b0bd2490b7ef29f0bca7
- SHA512
  
  790bb21b90a530437c3f758dc82b255cfeaa9c0242f5c7d9d6609e9057ce7ff9f0145933fc979ae01cb956547a20147ba81d3905d26484918bebbe2c49dd70bb
- SSDEEP
  
  49152:APoTtBnmh+HpT7E7WkTcTJLTna1YiYNK4ziBBnmPJ:APatBmh+HpTYpTuLTMHYNKkeBmPJ
Score

8^/10

banker discovery evasion impact persistence stealth trojan collection credential_access
- Removes its main activity from the application launcher
  stealth trojan evasion
- Checks Android system properties for emulator presence.
  evasion
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Obtains sensitive information copied to the device clipboard
  Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
  collection credential_access impact
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Queries information about running processes on the device
  Application may abuse the framework's APIs to collect information about running processes on the device.
  discovery
- Queries the mobile country code (MCC)
  discovery
- Queries the unique device ID (IMEI, MEID, IMSI)
  discovery
behavioral1 behavioral2 behavioral3
- Target
  
  polyvideo.apk
- Size
  
  417KB
- MD5
  
  8ace627ef94c52afb06eaae0acf85feb
- SHA1
  
  c26f6164eda37a3151be59274639a56e3a3671df
- SHA256
  
  a990fecd5e36f453b1195a7868a645e1de6b1bfffb54df139d26d037c32a3eb1
- SHA512
  
  39276089f005f446ce5883296069cbe286176912eed66128007454da7bf64ba5db498726598d7ac18c1ad404df0411515f8691018cfc32b8068cde8409a065d7
- SSDEEP
  
  12288:1PnDnkGKX3gAQWa0LBca09eT+u9iXLP0hcnxc:1PnD7Q3DQ50Bc34T+D8hqxc
Score

7^/10

banker discovery evasion impact persistence collection credential_access
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Obtains sensitive information copied to the device clipboard
  Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
  collection credential_access impact
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Queries information about running processes on the device
  Application may abuse the framework's APIs to collect information about running processes on the device.
  discovery
- Queries information about active data network
  discovery
- Queries the mobile country code (MCC)
  discovery
- Queries the unique device ID (IMEI, MEID, IMSI)
  discovery
behavioral4 behavioral5 behavioral6