General

  • Target

    e64e9fc94ff0b95e5c0cf2b38be94502_JaffaCakes118

  • Size

    3.1MB

  • Sample

    240408-bpt4nscd7z

  • MD5

    e64e9fc94ff0b95e5c0cf2b38be94502

  • SHA1

    7c9861d9fb7b00ea43113d7a36902b2c2525a1ee

  • SHA256

    d97aab6e351401596e170f056c3833bfd709cf44a2db97739a9129910fe2ece1

  • SHA512

    59bafd293766ac2aa60d06fe375eb4e4855dbb4d88577b83995fe0970960dadc9bf442bcba96d2bca8f757d6035e9c90ee45f1a66f934d8b13fe710da3ead220

  • SSDEEP

    49152:YR2dtusPvSD0goCVIvBN/wVIxFeLuZtRqG69FF3w67KDzCxTn5fl3MHOL1:YR2dtlPqD0oOHwGFttRqlvd7Xhqg

Malware Config

Targets

    • Target

      e64e9fc94ff0b95e5c0cf2b38be94502_JaffaCakes118

    • Size

      3.1MB

    • MD5

      e64e9fc94ff0b95e5c0cf2b38be94502

    • SHA1

      7c9861d9fb7b00ea43113d7a36902b2c2525a1ee

    • SHA256

      d97aab6e351401596e170f056c3833bfd709cf44a2db97739a9129910fe2ece1

    • SHA512

      59bafd293766ac2aa60d06fe375eb4e4855dbb4d88577b83995fe0970960dadc9bf442bcba96d2bca8f757d6035e9c90ee45f1a66f934d8b13fe710da3ead220

    • SSDEEP

      49152:YR2dtusPvSD0goCVIvBN/wVIxFeLuZtRqG69FF3w67KDzCxTn5fl3MHOL1:YR2dtlPqD0oOHwGFttRqlvd7Xhqg

    • Hydra

      Android banker and info stealer.

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Reads information about phone network operator.

MITRE ATT&CK Mobile v15

Tasks