4578b6e4759634ca73fe38c2d339a0eb944fb6b633605567a9e0eea8987b904d | Triage

Sharing

General

Target

f1095257201397e0f704dad123d79281_JaffaCakes118
Size

8.2MB
Sample

240415-pgh84age3x
MD5

f1095257201397e0f704dad123d79281
SHA1

cf34ee54b099c48f86dc1028401df1422a1996ce
SHA256

4578b6e4759634ca73fe38c2d339a0eb944fb6b633605567a9e0eea8987b904d
SHA512

c9120355159dad9ea065e78f13e148a24f02d3234fa0e4c901766f87a7e7102a98ca829209f49a76c4eab93b39fed143a5e5c2cbc204f432937ffb1edc8e3b38
SSDEEP

196608:bsmVs8TdVPM2U7MR2AlmtqClxsEMtjWF3X9S2CDS5I5I+TZ:JHTdVEXMR2AlmcC/sEMtUtS9T+Q

Score

7^/10

android collection discovery ransomware

Malware Config

Targets

- Target
  
  f1095257201397e0f704dad123d79281_JaffaCakes118
- Size
  
  8.2MB
- MD5
  
  f1095257201397e0f704dad123d79281
- SHA1
  
  cf34ee54b099c48f86dc1028401df1422a1996ce
- SHA256
  
  4578b6e4759634ca73fe38c2d339a0eb944fb6b633605567a9e0eea8987b904d
- SHA512
  
  c9120355159dad9ea065e78f13e148a24f02d3234fa0e4c901766f87a7e7102a98ca829209f49a76c4eab93b39fed143a5e5c2cbc204f432937ffb1edc8e3b38
- SSDEEP
  
  196608:bsmVs8TdVPM2U7MR2AlmtqClxsEMtjWF3X9S2CDS5I5I+TZ:JHTdVEXMR2AlmcC/sEMtUtS9T+Q
Score

6^/10
- Requests dangerous framework permissions
behavioral1 behavioral2 behavioral3
- Target
  
  PandaHome2.mp3
- Size
  
  6.5MB
- MD5
  
  280ba5577027559dd853cb340e5c24d2
- SHA1
  
  f2c1ebad15095b4372e525b41efb7322c4a4554f
- SHA256
  
  72e9b8a81ff25da01f0044cfd39cbae71784e5457fa7df59ebba162c5dac37ee
- SHA512
  
  61ac056ef96ea1bccee34746a899236dbb8ff627c30f654e0cbeb17ccc6dd8ec69f6644bf6c9af24f1fea6c70b2d62cef103ff3dbc3c9c42d147712e2d1aad9a
- SSDEEP
  
  98304:U7NQvD4Cj876UWlPs8TdKuPMXnjqpapPjMRKDAl3Rot3ZI99mW500IsEMtjc:JsmVs8TdVPM2U7MR2AlmtqClxsEMtjc
Score

7^/10

collection ransomware discovery
- Reads the content of the call log.
  collection
- Queries the unique device ID (IMEI, MEID, IMSI)
  discovery
- Changes the wallpaper (common with ransomware activity).
  ransomware
behavioral4 behavioral5 behavioral6
- Target
  
  com.nd.android.widget.pandahome.flashlight
- Size
  
  70KB
- MD5
  
  9f58e9f7fc5b3e56cbd077567e32aaa9
- SHA1
  
  1b1e628de052d4f83c07bdc9c0684c74df999688
- SHA256
  
  d1916c64a9583fe9f714aa2c9fbf6eb7bc23d013f8f9ad9c27a55c42e3928322
- SHA512
  
  d30ed5f64a04c5a7e7ea81e2c92c029480544135ff4f34bf8f7bcf4f119429804d0d2962b1296cf0dc0d8e177e5336f1e1f8b0426088a8c2f97ba49e25b8f19b
- SSDEEP
  
  1536:7uHm+K2cf0d2qxWE9SdfS4hMs+vNtHSLDZKz3:7Z2FdZxWE9SdfRWsw/8Ds
Score

1^/10
behavioral7 behavioral8 behavioral9
- Target
  
  com.nd.shortcut.shortcutslot
- Size
  
  124KB
- MD5
  
  e1bf2d842729c99263dc5943d41fdf7d
- SHA1
  
  b49d7b3b50cbfd93dc1f8bc2ac775c076cdef950
- SHA256
  
  9b59f2fb60dc99d158f63fc30bcebff6b388f6628aebd0834292d4d204c3b0ba
- SHA512
  
  b91523a05aed9dcc20b989ea3bfef58d11f822d99a5cd2b62edcabc995e2ab9dd88aad62b7448f36b09d04fe58fa3273251614718be192e8a8e17f8e3a7815c3
- SSDEEP
  
  3072:Ig6020RoKcK4KmkeYvymaC9t7u11xu3siqtebur+tFPS:Igz20RoxK71/LO1ra/6ebuitFPS
Score

1^/10
behavioral10 behavioral11 behavioral12
- Target
  
  nd.jar
- Size
  
  1KB
- MD5
  
  bd4608ba86a24c90b838d917fb6326a0
- SHA1
  
  16117417da18f361486d5c7570130e774b7b6b77
- SHA256
  
  a5fa05e1e7f630edf66e709803285c8e3e3afbb7b4cb378d4c31ec3b39d0cdc4
- SHA512
  
  c762ab4f14a82c1570b80a5463c05bfbfc0740822f6fb698758101110a691f444e9ef89bf7638be627c86c53707842438553c980bed6ab1f0584b016ec0ae89d
Score

1^/10
behavioral13 behavioral14 behavioral15

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Protected User Data

Call Log

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

collectionransomware

behavioral5

collectiondiscoveryransomware

behavioral6

collectionransomware

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15