General

  • Target

    af63addf891e3e4a65d704439a6f8d7e_JaffaCakes118

  • Size

    8.6MB

  • Sample

    240404-evpypaed7y

  • MD5

    af63addf891e3e4a65d704439a6f8d7e

  • SHA1

    019f86d575ca924fcef321f55f9bcaaf00a42235

  • SHA256

    2cba43b0863ac8248f4f3ec1f7b34162429fe7a7e97d5939874a1875e5fcd44c

  • SHA512

    a57f46fddb4f458f6e78bb27f201b8693bf0959cbcda6bb4fe21157bfec36f0514949ee88854aee5bcc06b9fd80a01eb4923dade979def26506b827887b3c0dc

  • SSDEEP

    196608:ZBSTb8IFXjyNHEYuFIS4W73GKkDWx0RiQdyjynFAL9V:ZBf+j2HEYVrW73GKQWabyj40V

Malware Config

Targets

    • Target

      af63addf891e3e4a65d704439a6f8d7e_JaffaCakes118

    • Size

      8.6MB

    • MD5

      af63addf891e3e4a65d704439a6f8d7e

    • SHA1

      019f86d575ca924fcef321f55f9bcaaf00a42235

    • SHA256

      2cba43b0863ac8248f4f3ec1f7b34162429fe7a7e97d5939874a1875e5fcd44c

    • SHA512

      a57f46fddb4f458f6e78bb27f201b8693bf0959cbcda6bb4fe21157bfec36f0514949ee88854aee5bcc06b9fd80a01eb4923dade979def26506b827887b3c0dc

    • SSDEEP

      196608:ZBSTb8IFXjyNHEYuFIS4W73GKkDWx0RiQdyjynFAL9V:ZBf+j2HEYVrW73GKQWabyj40V

    • Hydra

      Android banker and info stealer.

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Reads information about phone network operator.

MITRE ATT&CK Mobile v15

Tasks