Overview

overview

8

Static

static

6

70259b128f...18.apk

android-9-x86

8

70259b128f...18.apk

android-11-x64

8

com.hermes...er.apk

android-9-x86

8

com.hermes...er.apk

android-10-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    70259b128faa91bbf8da935f4158ece8_JaffaCakes118

  • Size

    5.3MB

  • Sample

    241023-wjr3casgnb

  • MD5

    70259b128faa91bbf8da935f4158ece8

  • SHA1

    340f698dedf86d491297097b77f9a390d91bd115

  • SHA256

    8749f3c2068d333c72c926a6cab5220fdf384ea5545ee772ddbe3a1c9718ff34

  • SHA512

    c678e33bc41ecb7f5cf8f5b02507148aa4867126455f78154e912a26b5673863d55142d06aced539d11281cdce2e64ac5332fffd6c209c0558fe4459a46e0d23

  • SSDEEP

    98304:4WANnHx/+RymhCsE205Y/9gnmJo2SSWa0gtHyrHr34egmIPNgJu:JAdR/NXZnm1SSVveLLlIP2g

Score
8/10
androidbankercollectioncredential_accessdiscoveryevasionimpactpersistencestealthtrojan

Malware Config

Targets

    • Target

      70259b128faa91bbf8da935f4158ece8_JaffaCakes118

    • Size

      5.3MB

    • MD5

      70259b128faa91bbf8da935f4158ece8

    • SHA1

      340f698dedf86d491297097b77f9a390d91bd115

    • SHA256

      8749f3c2068d333c72c926a6cab5220fdf384ea5545ee772ddbe3a1c9718ff34

    • SHA512

      c678e33bc41ecb7f5cf8f5b02507148aa4867126455f78154e912a26b5673863d55142d06aced539d11281cdce2e64ac5332fffd6c209c0558fe4459a46e0d23

    • SSDEEP

      98304:4WANnHx/+RymhCsE205Y/9gnmJo2SSWa0gtHyrHr34egmIPNgJu:JAdR/NXZnm1SSVveLLlIP2g

    Score
    8/10
    discoveryevasionstealthtrojan

    • Removes its main activity from the application launcher

      stealthtrojanevasion

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

      discovery

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Queries the mobile country code (MCC)

      discovery

    • Reads information about phone network operator.

      discovery
    behavioral1behavioral2

    • Target

      com.hermes.superb.booster.tmp

    • Size

      2.5MB

    • MD5

      bb818155f8c88a2883d52a1b1dd78e81

    • SHA1

      d21ddf05ee1ebdd4972f24759448bf890b0364f7

    • SHA256

      fbd1f055d71e7de66e09e83deba4c33ba61c91ab096c0939a157123309a9c49a

    • SHA512

      ffde8074ce8db61b04bba996addaa7647be7d0a5074719ecb0712784b48b20f792274aa4c72141cfe7a46345b3cc8889fe009a626de606a951eca3ef5cf3e0b5

    • SSDEEP

      49152:5d8DY7ANnHx+7g+vKVJwyAnhCf3YtE2RRwLuix1FVFkiMj94pnmJoHP:4WANnHx/+RymhCsE205Y/9gnmJov

    Score
    8/10
    bankercollectiondiscoveryevasionpersistencecredential_accessimpact

    • Checks if the Android device is rooted.

      evasion

    • Obtains sensitive information copied to the device clipboard

      Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

      collectioncredential_accessimpact

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Queries account information for other applications stored on the device

      Application may abuse the framework's APIs to collect account information stored on the device.

      collection

    • Queries information about active data network

      discovery

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

      discovery

    • Queries the mobile country code (MCC)

      discovery

    • Queries the unique device ID (IMEI, MEID, IMSI)

      discovery

    • Reads information about phone network operator.

      discovery
    behavioral3behavioral4

MITRE ATT&CK Mobile v15

Tasks