General

  • Target

    0b403075c78a652bb8e8e691b1db05fb_JaffaCakes118

  • Size

    8.4MB

  • Sample

    240328-vl4ngscb63

  • MD5

    0b403075c78a652bb8e8e691b1db05fb

  • SHA1

    5673d099771043b5b8fd8750c8d33f16b855eba4

  • SHA256

    c08903e2be8737c3fbea2293c6a1a5242afe58e6e90a3da45724a1dae7c88a25

  • SHA512

    54605c87abfc866bde178549a73d0cb88eee3e42b00ac729dd4ed99573cc07926840e10eb0077930227bb346ea7eb9437ebcc757d7d9fc340bd4687091584dc6

  • SSDEEP

    196608:qSmljAEayWctjkhEHyNFKMDWx0RiQdyjynFAL9AxC6+:qZllayWcRkCH2FKYWabyj40yC6+

Malware Config

Targets

    • Target

      0b403075c78a652bb8e8e691b1db05fb_JaffaCakes118

    • Size

      8.4MB

    • MD5

      0b403075c78a652bb8e8e691b1db05fb

    • SHA1

      5673d099771043b5b8fd8750c8d33f16b855eba4

    • SHA256

      c08903e2be8737c3fbea2293c6a1a5242afe58e6e90a3da45724a1dae7c88a25

    • SHA512

      54605c87abfc866bde178549a73d0cb88eee3e42b00ac729dd4ed99573cc07926840e10eb0077930227bb346ea7eb9437ebcc757d7d9fc340bd4687091584dc6

    • SSDEEP

      196608:qSmljAEayWctjkhEHyNFKMDWx0RiQdyjynFAL9AxC6+:qZllayWcRkCH2FKYWabyj40yC6+

    • Hydra

      Android banker and info stealer.

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Reads information about phone network operator.

MITRE ATT&CK Mobile v15

Tasks