General
-
Target
281e3351772dc323d19056e0ca1ff1a8_JaffaCakes118
-
Size
24.0MB
-
Sample
240509-d5e1ssbc45
-
MD5
281e3351772dc323d19056e0ca1ff1a8
-
SHA1
4d783928dda0d31cd9ed8b56a8db4874fe0af120
-
SHA256
b12ddf2079cd8e588d406654eff4876e1642271b0d390ea66a344c8b7df2de73
-
SHA512
3d2a357764116c6b6c5c48053a9346fe25cb6370ec147a60696c09f7492f2d5cc30150161358062ade77c74a6747967c918d6273e24c7e3695a513c244c642ce
-
SSDEEP
786432:Q3yrDf2n7zJ9oP46JcSPWpOR7BibKoQSz:Q3yHfsmP401FZpoQq
Malware Config
Targets
-
-
Target
281e3351772dc323d19056e0ca1ff1a8_JaffaCakes118
-
Size
24.0MB
-
MD5
281e3351772dc323d19056e0ca1ff1a8
-
SHA1
4d783928dda0d31cd9ed8b56a8db4874fe0af120
-
SHA256
b12ddf2079cd8e588d406654eff4876e1642271b0d390ea66a344c8b7df2de73
-
SHA512
3d2a357764116c6b6c5c48053a9346fe25cb6370ec147a60696c09f7492f2d5cc30150161358062ade77c74a6747967c918d6273e24c7e3695a513c244c642ce
-
SSDEEP
786432:Q3yrDf2n7zJ9oP46JcSPWpOR7BibKoQSz:Q3yHfsmP401FZpoQq
Score8/10-
Requests cell location
Uses Android APIs to to get current cell location.
-
Checks CPU information
Checks CPU information which indicate if the system is an emulator.
-
Queries information about running processes on the device
Application may abuse the framework's APIs to collect information about running processes on the device.
-
Queries information about the current Wi-Fi connection
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Registers a broadcast receiver at runtime (usually for listening for system events)
-
Checks if the internet connection is available
-
Listens for changes in the sensor environment (might be used to detect emulation)
-
-
-
Target
VqsVirtual1.apk
-
Size
3.0MB
-
MD5
6bb4b69cc2285d212d93831fe52bb6f7
-
SHA1
725bfd49a206f4d347d7105b7f278a4dc9ff5ddc
-
SHA256
4a12517417ce94bb25090760e60a92cf88b53479281af3f4e5104e2180410986
-
SHA512
ebc5f919b0c631eb791da1ac09c16813becac83189f67207a6d5b7d5391579799e2a17d8f6febd7b4cfc8afd798ca91a2c36cd084f93a442e88b0c9cf3b8ee18
-
SSDEEP
98304:LRKaWLkhyUnCnMeGnzWGLATAS4V0FvFP2bwojGy3m2Iv:LIaWLOnmMeGzWG8v00hFPHojGIIv
Score8/10-
Requests cell location
Uses Android APIs to to get current cell location.
-
Checks CPU information
Checks CPU information which indicate if the system is an emulator.
-
Queries information about running processes on the device
Application may abuse the framework's APIs to collect information about running processes on the device.
-
Queries information about the current Wi-Fi connection
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries information about the current nearby Wi-Fi networks
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
-
Registers a broadcast receiver at runtime (usually for listening for system events)
-
Checks if the internet connection is available
-
Queries the unique device ID (IMEI, MEID, IMSI)
-
Listens for changes in the sensor environment (might be used to detect emulation)
-
-
-
Target
gdtadv2.jar
-
Size
241KB
-
MD5
b95166c2f63e536b6fc4b5b811444dec
-
SHA1
45fc74323bb2e66f4c2a493b65b70e0de2aeb77c
-
SHA256
2f92b98f55c7d4417dff3fc2af9245c66aad3ab8be65177954ed7a4f13bae20d
-
SHA512
65eb813d39270d83e6d43956ec139f04779dbea58e517da1727a0f4fad9de32bb4cd49bed1dc1fec31b95a95b1c653c22b327aa38cba1645330c9d256d94c087
-
SSDEEP
6144:KRKhU/uUwjTCpnUjgWkiCBliWLvghUhSj4qj80Gq7JqBGK:KoUmUgenUjwBl1jgVjJ57IBl
Score1/10 -
-
-
Target
gdtadv2.jar
-
Size
636KB
-
MD5
01df0cd6c4eeeefb8d41106170265c72
-
SHA1
09fa592cf510ec388606dd813f2f3f199a1768b3
-
SHA256
8ea2d581678e7671ad2db6936f43e0a62c09ba7411e2c812fa924baf0a82e512
-
SHA512
db295852e03b410d3a4f1deb11b573f74c8feb85f699227e73bbc9ccfeabdd13fc3171abe11d75e49b78a79cd6701fec4df0c15ca5328b435562bccbbe258970
-
SSDEEP
12288:2soNNwAPqg24tsNbfevYHzN953QZlo5M0f+DMpP7x07S232mjU1:8NvPq9oYHzN953QEM0npDx0nG
Score1/10 -
MITRE ATT&CK Mobile v15
Defense Evasion
Execution Guardrails
1Geofencing
1Hide Artifacts
1User Evasion
1Virtualization/Sandbox Evasion
1System Checks
1