Overview

overview

8

Static

static

6

9e4d7752f5...18.apk

android-9-x86

8

9e4d7752f5...18.apk

android-13-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9e4d7752f53a443a4001ef922b8c74ee_JaffaCakes118

  • Size

    7.8MB

  • Sample

    241125-2j1x5swrfq

  • MD5

    9e4d7752f53a443a4001ef922b8c74ee

  • SHA1

    9e0c620a3f7d736ed0da9aa27e84e3b9f7bb9059

  • SHA256

    3a779afbca5e13f2162b417cc3fd9e4841be19951e2ce815d536dac418664f36

  • SHA512

    ba385cb2aaac235fe532e8e5cee5ee937953b67b0b98ed42d3d9127560b11829769832ce73e168bab9e3d120fa9f012ce1c66ae9e9b0582f7ffdb53e4d92bba5

  • SSDEEP

    196608:oEvwp6aE03//KSXuVaBvAtbggNPy8O/dD:oEbaE03/y7+vAucPyd/h

Score
8/10
androidbankercollectiondiscoveryevasionimpactpersistence

Malware Config

Targets

    • Target

      9e4d7752f53a443a4001ef922b8c74ee_JaffaCakes118

    • Size

      7.8MB

    • MD5

      9e4d7752f53a443a4001ef922b8c74ee

    • SHA1

      9e0c620a3f7d736ed0da9aa27e84e3b9f7bb9059

    • SHA256

      3a779afbca5e13f2162b417cc3fd9e4841be19951e2ce815d536dac418664f36

    • SHA512

      ba385cb2aaac235fe532e8e5cee5ee937953b67b0b98ed42d3d9127560b11829769832ce73e168bab9e3d120fa9f012ce1c66ae9e9b0582f7ffdb53e4d92bba5

    • SSDEEP

      196608:oEvwp6aE03//KSXuVaBvAtbggNPy8O/dD:oEbaE03/y7+vAucPyd/h

    Score
    8/10
    bankercollectiondiscoveryevasionimpactpersistence

    • Checks if the Android device is rooted.

      evasion

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

      discovery

    • Queries information about the current nearby Wi-Fi networks

      Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

      discovery

    • Requests cell location

      Uses Android APIs to to get current cell location.

      collectiondiscoveryevasion

    • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

      evasionpersistence

    • Queries information about active data network

      discovery

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

      discovery

    • Checks the presence of a debugger

      evasion
    behavioral1behavioral2

MITRE ATT&CK Mobile v15

Tasks