Overview

overview

10

Static

static

6

JaffaCakes...3c.apk

android-9-x86

10

JaffaCakes...3c.apk

android-10-x64

10

JaffaCakes...3c.apk

android-11-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_f7c9818a25d2bbcbbf464ad5cd4da13c

  • Size

    2.8MB

  • Sample

    250111-frkegavqc1

  • MD5

    f7c9818a25d2bbcbbf464ad5cd4da13c

  • SHA1

    35cebb81310d40329792105deb2706798a799e2c

  • SHA256

    1437e111cfc3d76f3397bafc21a4ec81ad08d592ade86645fbbe552f61d7cfbd

  • SHA512

    24270fc57f351a5e8eb01909c11376305b72e65d41239e5fcfb110866a1581388bccb855760b87769f3c6249b83ba73eee7ad5c1303da23752a957f2b0add5f1

  • SSDEEP

    49152:xc9ma8/sQibfUuCltdJbTs/k+tfSuND4v8SC/mTR95ndMtDb5D2iED5sZ1dtXIaX:xcgyQib8Z7TMk8TND4vxcmTvw5DiDCfB

Score
10/10
hydraandroidbankercollectioncredential_accessdiscoveryevasioninfostealerpersistencetrojan

Malware Config

Targets

    • Target

      JaffaCakes118_f7c9818a25d2bbcbbf464ad5cd4da13c

    • Size

      2.8MB

    • MD5

      f7c9818a25d2bbcbbf464ad5cd4da13c

    • SHA1

      35cebb81310d40329792105deb2706798a799e2c

    • SHA256

      1437e111cfc3d76f3397bafc21a4ec81ad08d592ade86645fbbe552f61d7cfbd

    • SHA512

      24270fc57f351a5e8eb01909c11376305b72e65d41239e5fcfb110866a1581388bccb855760b87769f3c6249b83ba73eee7ad5c1303da23752a957f2b0add5f1

    • SSDEEP

      49152:xc9ma8/sQibfUuCltdJbTs/k+tfSuND4v8SC/mTR95ndMtDb5D2iED5sZ1dtXIaX:xcgyQib8Z7TMk8TND4vxcmTvw5DiDCfB

    Score
    10/10
    hydrabankercollectioncredential_accessdiscoveryevasioninfostealerpersistencetrojan

    • Hydra

      Android banker and info stealer.

      bankertrojaninfostealerhydra

    • Hydra family

      hydra

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

      collectionevasioncredential_access

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Queries information about active data network

      discovery

    • Queries the mobile country code (MCC)

      discovery

    • Reads information about phone network operator.

      discovery
    behavioral1behavioral2behavioral3

MITRE ATT&CK Mobile v15

Tasks