b97e3b5e91f3b74869b50e582c3c602eb1257edc34b0988325e37c9ce2bfb352 | Triage

Sharing

General

Target

6ff3bdae7667c0c0b03ccd111b179a5a_JaffaCakes118
Size

380KB
Sample

241023-vjdpaashkr
MD5

6ff3bdae7667c0c0b03ccd111b179a5a
SHA1

e2a7deaaf893dff1c43ed3c47a46d9736d3c882e
SHA256

b97e3b5e91f3b74869b50e582c3c602eb1257edc34b0988325e37c9ce2bfb352
SHA512

38b008cb5c6c8568d4399d51a9b5839399db024523999903de3d733660a407e1c582267ee1cb26fdca15636d6b199765207268d2ad2c0148f5ef2edc2e1156ff
SSDEEP

6144:hCDzLSGZ3weiQtv8qiv8TFWRaxfjcJB5BPsZpblyBXarYKHy/IPP+Y:hCDz+G6eiQt0bmcccSwBXQlP2Y

Score

8^/10

android banker collection credential_access discovery evasion impact persistence stealth trojan

Malware Config

Targets

- Target
  
  6ff3bdae7667c0c0b03ccd111b179a5a_JaffaCakes118
- Size
  
  380KB
- MD5
  
  6ff3bdae7667c0c0b03ccd111b179a5a
- SHA1
  
  e2a7deaaf893dff1c43ed3c47a46d9736d3c882e
- SHA256
  
  b97e3b5e91f3b74869b50e582c3c602eb1257edc34b0988325e37c9ce2bfb352
- SHA512
  
  38b008cb5c6c8568d4399d51a9b5839399db024523999903de3d733660a407e1c582267ee1cb26fdca15636d6b199765207268d2ad2c0148f5ef2edc2e1156ff
- SSDEEP
  
  6144:hCDzLSGZ3weiQtv8qiv8TFWRaxfjcJB5BPsZpblyBXarYKHy/IPP+Y:hCDz+G6eiQt0bmcccSwBXQlP2Y
Score

8^/10

discovery evasion impact persistence stealth trojan banker collection credential_access
- Removes its main activity from the application launcher
  stealth trojan evasion
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Obtains sensitive information copied to the device clipboard
  Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
  collection credential_access impact
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Queries information about active data network
  discovery
- Queries the mobile country code (MCC)
  discovery
- Queries the unique device ID (IMEI, MEID, IMSI)
  discovery
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Privilege Escalation

Defense Evasion

Download New Code at Runtime

Hide Artifacts

Suppress Application Icon

Virtualization/Sandbox Evasion

System Checks

Credential Access

Clipboard Data

Discovery

Software Discovery

Security Software Discovery

System Information Discovery

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Clipboard Data

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

Data Manipulation

Transmitted Data Manipulation

Tasks

static1

behavioral1

discoveryevasionimpactpersistencestealthtrojan

behavioral2

bankercollectioncredential_accessdiscoveryevasionimpactpersistencestealthtrojan

behavioral3

bankercollectioncredential_accessdiscoveryevasionimpactstealthtrojan