General

  • Target

    f998894c7bb9d99e82c9d712d4cc627c_JaffaCakes118

  • Size

    6.7MB

  • Sample

    240419-f3wa4shh74

  • MD5

    f998894c7bb9d99e82c9d712d4cc627c

  • SHA1

    5c117b1e48e91dd704132b5243681888699c8962

  • SHA256

    4ac94cc0795432d349dd504020eb91e310d166474f340c36548ff422060d4f03

  • SHA512

    b05c767375671f9ec31a51052c1f4b418b9a95b4edb627ca29fdd045a6a31aa73e40067b3754ea9e55a34844a5fd4287d812006df63acd166a9f5dbcf14001db

  • SSDEEP

    196608:W9BZESfl0u+kLJlE5HSSQu0bC5GMCTz7TZSD:0Z4kLJlErI6eT3M

Malware Config

Targets

    • Target

      f998894c7bb9d99e82c9d712d4cc627c_JaffaCakes118

    • Size

      6.7MB

    • MD5

      f998894c7bb9d99e82c9d712d4cc627c

    • SHA1

      5c117b1e48e91dd704132b5243681888699c8962

    • SHA256

      4ac94cc0795432d349dd504020eb91e310d166474f340c36548ff422060d4f03

    • SHA512

      b05c767375671f9ec31a51052c1f4b418b9a95b4edb627ca29fdd045a6a31aa73e40067b3754ea9e55a34844a5fd4287d812006df63acd166a9f5dbcf14001db

    • SSDEEP

      196608:W9BZESfl0u+kLJlE5HSSQu0bC5GMCTz7TZSD:0Z4kLJlErI6eT3M

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Requests cell location

      Uses Android APIs to to get current cell location.

    • Checks CPU information

      Checks CPU information which indicate if the system is an emulator.

    • Checks known Qemu files.

      Checks for known Qemu files that exist on Android virtual device images.

    • Checks memory information

      Checks memory information which indicate if the system is an emulator.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

    • Queries information about running processes on the device.

      Application may abuse the framework's APIs to collect information about running processes on the device.

    • Queries information about the current Wi-Fi connection.

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Queries information about the current nearby Wi-Fi networks.

      Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

    • Acquires the wake lock

    • Reads information about phone network operator.

    • Target

      dmss_v2.jar

    • Size

      126KB

    • MD5

      aa64c54de3204df266353f78f8f92743

    • SHA1

      f30391c3c576f3ad05cae309d4b3ed63759f140f

    • SHA256

      a9d07897e42c42c15f27ac1e3a907072bce90aeed7cf70ad3c52ea020a2bb1ac

    • SHA512

      a3be909d084d88dc1da4c0b0fd8dfbcc63d3149308f622b094fb1b9b4a47c2e5fe9633fd7354e2ce281d222fffcfdfd3896708cb398c81f12437aa8f0720690c

    • SSDEEP

      3072:QWDEMmwiLvzgsHGEIqTriwmelZLoALvFchukchKC+8G/ee:pDpmwiJ2Ur7mhAL+kkcPG1

    Score
    1/10
    • Target

      dump.jar

    • Size

      68KB

    • MD5

      fc86a61adb9f6c52f49836de04159cad

    • SHA1

      ce20ad7819f749db65e64df912e62fc95179c2de

    • SHA256

      39df03d741bb3e13392fd0c8c39fbbe903aca84b72cf1c04644ef81b13363265

    • SHA512

      7e44d71baa4cf9db1e805ce17b37b45f9621890aefce5ee5cc5c5e6e94e6cfd144ef1221e475e066b1fe3445f45982d56a107ad6fd65c2dfb6427b680d16b355

    • SSDEEP

      1536:rAbwGcYLL4MTeEhnlIKDCMzThhqzjUSykxl5R:aFf1JlIKfQU/AjR

    Score
    1/10
    • Target

      dynamic.jar

    • Size

      77KB

    • MD5

      c14c8a2f5d3a7c47eb2ca8c1b6e69adb

    • SHA1

      4e57b3c0f34427aba8a5be40c2e9b627172a89c8

    • SHA256

      7d7ada76ea057847b5c47ed0f16a6d0e52cdbebbbdb08c1a9519acf70a1a4107

    • SHA512

      2be420b849c0fa84d3c594ab6bc85255eb54915e05aac5fd3d711e8dc93f484c5a2add2c662a858d4c2ce316a716c9e930122e9cb1047be7482c495242d766e4

    • SSDEEP

      1536:fLAphepUaQbf6B7Xpy0lL8laR5pSbz1yBjwUP6SrL4z:cuXYm7XpywIoSb8scFL4z

    Score
    1/10

MITRE ATT&CK Matrix

Tasks