Overview

overview

10

Static

static

10

9e8aa2476b...18.apk

android-9-x86

8

9e8aa2476b...18.apk

android-11-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9e8aa2476bcdc551a33326f57f15b185_JaffaCakes118

  • Size

    14.4MB

  • Sample

    241125-3h9z4aypcn

  • MD5

    9e8aa2476bcdc551a33326f57f15b185

  • SHA1

    27564a325ffe51f45928d958572bb00c20e2486b

  • SHA256

    451a50c3f405e1c3f3a71c8c04f705a30c44737d22cc6fe374c9bdb8f7b4c5f7

  • SHA512

    d8567465e1325af5aac56c4fa383d67ff104af16b39c089b777426571d46573442204466474b910ed9b38d1166a6d808126b6131f4250dc3890b8bf63c13953c

  • SSDEEP

    393216:1UuNEt4HEep5BViqsS5vLwuUT0pvWPRtqOJePLkhIG:+uQinpjgqvvLPr1WzNJejkhT

Score
10/10
andrmonitorandroidbankercollectioncredential_accessdiscoveryevasionimpactpersistenceprivilege_escalationstealthtrojan

Malware Config

Targets

    • Target

      9e8aa2476bcdc551a33326f57f15b185_JaffaCakes118

    • Size

      14.4MB

    • MD5

      9e8aa2476bcdc551a33326f57f15b185

    • SHA1

      27564a325ffe51f45928d958572bb00c20e2486b

    • SHA256

      451a50c3f405e1c3f3a71c8c04f705a30c44737d22cc6fe374c9bdb8f7b4c5f7

    • SHA512

      d8567465e1325af5aac56c4fa383d67ff104af16b39c089b777426571d46573442204466474b910ed9b38d1166a6d808126b6131f4250dc3890b8bf63c13953c

    • SSDEEP

      393216:1UuNEt4HEep5BViqsS5vLwuUT0pvWPRtqOJePLkhIG:+uQinpjgqvvLPr1WzNJejkhT

    Score
    8/10
    bankercollectioncredential_accessdiscoveryevasionimpactpersistenceprivilege_escalationstealthtrojan

    • Checks if the Android device is rooted.

      evasion

    • Removes its main activity from the application launcher

      stealthtrojanevasion

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Queries the phone number (MSISDN for GSM devices)

      discovery

    • Acquires the wake lock

    • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

      evasionpersistence

    • Queries information about active data network

      discovery

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

      discovery

    • Reads information about phone network operator.

      discovery

    • Requests accessing notifications (often used to intercept notifications before users become aware).

      collectioncredential_access

    • Tries to add a device administrator.

      privilege_escalationimpact

    • Checks the presence of a debugger

      evasion
    behavioral1behavioral2

MITRE ATT&CK Mobile v15

Tasks