Overview

overview

8

Static

static

6

9e41171ff5...18.apk

android-9-x86

8

com.skymob...10.apk

android-9-x86

1

com.skymob...10.apk

android-10-x64

1

com.skymob...10.apk

android-11-x64

1

com.skymob...09.apk

android-9-x86

1

com.skymob...09.apk

android-10-x64

1

com.skymob...09.apk

android-11-x64

1

com.skymob...15.apk

android-9-x86

com.skymob...15.apk

android-10-x64

com.skymob...15.apk

android-11-x64

skymobi_pa...in.apk

android-9-x86

4

skymobi_pa...in.apk

android-10-x64

4

skymobi_pa...in.apk

android-11-x64

1

unicom_resource.apk

android-9-x86

1

unicom_resource.apk

android-10-x64

1

unicom_resource.apk

android-11-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9e41171ff555e83d3331e97ca9e98f39_JaffaCakes118

  • Size

    2.3MB

  • Sample

    241125-2c9xgawpdm

  • MD5

    9e41171ff555e83d3331e97ca9e98f39

  • SHA1

    e9b79643878fde3d08a9a6262b389c57dfc77fdd

  • SHA256

    92ca24f761c7bd3bc9f15c46edcbabb94b74a7fccaec55e4c00831f4ddcff513

  • SHA512

    db37b6896a748dbd30a566a93f18d7e30e416c5fc2e23ca18f0b8f421338f611e30d5e68a2ce95e76e74e40ed73bc60e0bc1bbf5c80f5a160651c5b12712dfde

  • SSDEEP

    49152:NpVO/JpAFpZ6ghntQBQP5DWWpG9/V6kik5fj/vONCPGjP8l:NpVaaF76ghntQBQBDWWpw/V6HKLvORm

Score
8/10
androidcollectiondiscoveryevasionimpactpersistence

Malware Config

Targets

    • Target

      9e41171ff555e83d3331e97ca9e98f39_JaffaCakes118

    • Size

      2.3MB

    • MD5

      9e41171ff555e83d3331e97ca9e98f39

    • SHA1

      e9b79643878fde3d08a9a6262b389c57dfc77fdd

    • SHA256

      92ca24f761c7bd3bc9f15c46edcbabb94b74a7fccaec55e4c00831f4ddcff513

    • SHA512

      db37b6896a748dbd30a566a93f18d7e30e416c5fc2e23ca18f0b8f421338f611e30d5e68a2ce95e76e74e40ed73bc60e0bc1bbf5c80f5a160651c5b12712dfde

    • SSDEEP

      49152:NpVO/JpAFpZ6ghntQBQP5DWWpG9/V6kik5fj/vONCPGjP8l:NpVaaF76ghntQBQBDWWpw/V6HKLvORm

    Score
    8/10
    collectiondiscoveryevasionimpactpersistence

    • Checks if the Android device is rooted.

      evasion

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

      discovery

    • Reads the content of SMS inbox messages.

      collection

    • Reads the content of the SMS messages.

      collection

    • Requests cell location

      Uses Android APIs to to get current cell location.

      collectiondiscoveryevasion

    • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

    • Queries information about active data network

      discovery

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

      discovery
    behavioral1

    • Target

      com.skymobi.pay.plugin.main_v10010.pl

    • Size

      56KB

    • MD5

      f7ac8045aed15eb38ffad345cf33389e

    • SHA1

      c07acd8c9b82d029669e4befa08830df804f0d3e

    • SHA256

      e6c51d15ade2eaff2ce08fc9b7826c97cf4b47db05054b22b3a8e775f21cb8a0

    • SHA512

      267a0036597282cd1dbaaf8204aa5eadf82543fb0af449b9ae0a4d9eb878e29514f2332725c8ef35b74fe5e7fd23c20924b9bf53c4cdb29fa7bde53d02753c83

    • SSDEEP

      1536:/0dSymllAt4YjEIbDZT8OT7m3WNlSN2rpcSPqNF5oa:vK4YYInZT5Hm3wFldPqNFya

    Score
    1/10
    behavioral2behavioral3behavioral4

    • Target

      com.skymobi.pay.plugin.recordupload_v10009.pl

    • Size

      38KB

    • MD5

      55c24dc00f667f62ee0cc0dfca41fc28

    • SHA1

      1811dd0ba5f5bdfeef743332b7ef1b8e4097a23c

    • SHA256

      8199c84eb1412ac9f13edc3bff4cd66e788847143bd0c8497ce7f699a0d68e77

    • SHA512

      b5a5269065f4bcf05c560315255c49dc7eafc015458eca425f6b44eec0ee74c3e1d481e06df70deca25056a8fd070efb5adcf364061a8e5c1e26fb8e102caf69

    • SSDEEP

      768:Tf5Ui0Wh/Ndv7j7LF12NADhHl2ASeCYuD:+WNNdDJ0NahHMAS3D

    Score
    1/10
    behavioral5behavioral6behavioral7

    • Target

      com.skymobi.pay.plugin.smspay_v10015.pl

    • Size

      206KB

    • MD5

      e5ac4347c4d13f0e3cc929ad78372f88

    • SHA1

      97960a66ff300158e0b74c0122fcf9d80ed8cd93

    • SHA256

      74b6542895aeef975ea0aacd8d3c29145543438f86d120ca46c6083d2a3dac1b

    • SHA512

      0c20a1b348106b6582742b35a48ba703a24616e34a28b1eedc009d64d090a8157a1c167e3d6efa04fe9b3e7fbb93bb7616323c6a19e23a343c850b05892ee372

    • SSDEEP

      6144:L5dvOF1MABFzlYGgbwhkIftWJ5CfO+j8/Yj:dAF1MAJh26WvCfO+j8/Yj

    Score
    1/10
    behavioral10behavioral8behavioral9

    • Target

      skymobi_pay_wxplugin.apk

    • Size

      33KB

    • MD5

      73d8a99bf9de4eb876f1739627197190

    • SHA1

      135f99fe90f129274c74f5c9b032294bfae3d05a

    • SHA256

      6d6f22a6688689b35a723620794bc03e958a69e1770073bd921d3c6129733f26

    • SHA512

      d5d9068f5fbf3c85bafb8edf084c40e4411814f02542cde120815951c6a2cfae78a0b08f930ef7143f10145ce0abcbd942c44f54afbb0d963ba47c653a162049

    • SSDEEP

      768:iwFX6Lei59coj/94ML6plol/S54bLhWQeJ:iwF0t5jj1/LMcaivhWQC

    Score
    4/10
    persistence
    behavioral11behavioral12behavioral13

    • Target

      unicom_resource.dat

    • Size

      41KB

    • MD5

      5fc87888ecf3a4bcc60e2db055b2e766

    • SHA1

      8f80d454f5d1e4e39e469f29a2658d460c73222f

    • SHA256

      4307d3609485339da7438d4f27169a1399edbb8daa31a63cbefe69663f7f323c

    • SHA512

      cbbfde6679cb3f345531b20ec98f9c5b81acc6f60dbac348ed06f363e2533c586949567604439287abf5739b717fc2edfada53d7bb6da0a61fc1a019d36886ae

    • SSDEEP

      768:F0IUSGCpONOKIfwiFWAkEsDVop56mAQZuYMiELqYRc15:5XbpO4KsOQZuYHaRcP

    Score
    1/10
    behavioral14behavioral15behavioral16

MITRE ATT&CK Mobile v15

Tasks