Overview

overview

8

Static

static

6

9e762a4102...18.apk

android-9-x86

8

9e762a4102...18.apk

android-10-x64

8

9e762a4102...18.apk

android-11-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9e762a41028d829e98b147544802a819_JaffaCakes118

  • Size

    636KB

  • Sample

    241125-268aqs1pdv

  • MD5

    9e762a41028d829e98b147544802a819

  • SHA1

    9d04ffa1a13abf7c3f8bd5cf1935ba3ad759a04a

  • SHA256

    37a8186b50f7e71555de54e98165a875a579f92576aecfa56248bc9de211f0ef

  • SHA512

    d5fa7dad349ca70487c84d7fd279ca9579e74508325726db7fa70fa18fc92de06c48dcfa97fd2fd8eacca20a579c5116721328a280f9c74351812c99f304c122

  • SSDEEP

    12288:d4L4oQI8Y0FotaKIUtrbMmDS3FAGxLoi96kUjGLutzeFxvMol94vvQe6ERylTIY:JoL0otaYtXMBVAGxLoU6kVLm2hMkiydJ

Score
8/10
androidbankercollectiondiscoveryevasionpersistencestealthtrojan

Malware Config

Targets

    • Target

      9e762a41028d829e98b147544802a819_JaffaCakes118

    • Size

      636KB

    • MD5

      9e762a41028d829e98b147544802a819

    • SHA1

      9d04ffa1a13abf7c3f8bd5cf1935ba3ad759a04a

    • SHA256

      37a8186b50f7e71555de54e98165a875a579f92576aecfa56248bc9de211f0ef

    • SHA512

      d5fa7dad349ca70487c84d7fd279ca9579e74508325726db7fa70fa18fc92de06c48dcfa97fd2fd8eacca20a579c5116721328a280f9c74351812c99f304c122

    • SSDEEP

      12288:d4L4oQI8Y0FotaKIUtrbMmDS3FAGxLoi96kUjGLutzeFxvMol94vvQe6ERylTIY:JoL0otaYtXMBVAGxLoU6kVLm2hMkiydJ

    Score
    8/10
    bankercollectiondiscoveryevasionpersistencestealthtrojan

    • Removes its main activity from the application launcher

      stealthtrojanevasion

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Queries account information for other applications stored on the device

      Application may abuse the framework's APIs to collect account information stored on the device.

      collection

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

      discovery

    • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

    • Queries information about active data network

      discovery

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

      discovery

    • Queries the unique device ID (IMEI, MEID, IMSI)

      discovery

    • Reads information about phone network operator.

      discovery
    behavioral1behavioral2behavioral3

MITRE ATT&CK Mobile v15

Tasks