General

  • Target

    6cbd363526dfc8f906ab75d5565e5921_JaffaCakes118

  • Size

    5.8MB

  • Sample

    240401-j43y5ahc2s

  • MD5

    6cbd363526dfc8f906ab75d5565e5921

  • SHA1

    a430ceba75aa61a5132c28cfc0d1b8d15dd5cb1b

  • SHA256

    a02fdcfe2bb128d9a1614a3dfa94863f2e0cc565ede1548aa0f1ad348a979e0f

  • SHA512

    5e87d1fa60a4f5b342b140b6031fc2b525947d3d2d6b66ad47bc8f519cab59bf53258399d1fb2cec82825b29d7a3ef4ee0b6bfd1e5262bf76df56ff298720f55

  • SSDEEP

    98304:qBbaBg8iJRiPzLMCzhPv3CvJOZXZbzW4f8ejiHRa5l93f/gfTI7ND05+rgFScyvE:qBmi3ivvv3kMZPJf87HRaR3HV7p05Ugr

Malware Config

Targets

    • Target

      6cbd363526dfc8f906ab75d5565e5921_JaffaCakes118

    • Size

      5.8MB

    • MD5

      6cbd363526dfc8f906ab75d5565e5921

    • SHA1

      a430ceba75aa61a5132c28cfc0d1b8d15dd5cb1b

    • SHA256

      a02fdcfe2bb128d9a1614a3dfa94863f2e0cc565ede1548aa0f1ad348a979e0f

    • SHA512

      5e87d1fa60a4f5b342b140b6031fc2b525947d3d2d6b66ad47bc8f519cab59bf53258399d1fb2cec82825b29d7a3ef4ee0b6bfd1e5262bf76df56ff298720f55

    • SSDEEP

      98304:qBbaBg8iJRiPzLMCzhPv3CvJOZXZbzW4f8ejiHRa5l93f/gfTI7ND05+rgFScyvE:qBmi3ivvv3kMZPJf87HRaR3HV7p05Ugr

    • Hydra

      Android banker and info stealer.

    • Hydra payload

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Reads information about phone network operator.

MITRE ATT&CK Mobile v15

Tasks