eff7155af38497335622426d7bd5a0809149259691bd5a9b052655fd4b7d225b

Sharing

Copy URL

Twitter E-mail

General

Target

3779ec96a117c4e92b1707506727b34f_JaffaCakes118
Size

14.6MB
Sample

240512-blgn6scd55
MD5

3779ec96a117c4e92b1707506727b34f
SHA1

bb0240bd2fef251ea5b4de6206834469d67ac00a
SHA256

eff7155af38497335622426d7bd5a0809149259691bd5a9b052655fd4b7d225b
SHA512

7d2d50824becfcb63a86485943914da016964d8380afa63fad20946c693d3869079e293495e8074b778bf574e60df0774685815a170e6b328d4b263e197c79dd
SSDEEP

393216:YjQ67TpVAc3Txql4JuF3I7D5Fb0Mpgpr5GOY5zG9Pk5CgFzvO1nF:YkUTXAcNAl3k0Mpgl5Y5S98LF6v

Score

7^/10

Malware Config

Targets

- Target
  
  3779ec96a117c4e92b1707506727b34f_JaffaCakes118
- Size
  
  14.6MB
- MD5
  
  3779ec96a117c4e92b1707506727b34f
- SHA1
  
  bb0240bd2fef251ea5b4de6206834469d67ac00a
- SHA256
  
  eff7155af38497335622426d7bd5a0809149259691bd5a9b052655fd4b7d225b
- SHA512
  
  7d2d50824becfcb63a86485943914da016964d8380afa63fad20946c693d3869079e293495e8074b778bf574e60df0774685815a170e6b328d4b263e197c79dd
- SSDEEP
  
  393216:YjQ67TpVAc3Txql4JuF3I7D5Fb0Mpgpr5GOY5zG9Pk5CgFzvO1nF:YkUTXAcNAl3k0Mpgl5Y5S98LF6v
Score

7^/10

discovery evasion impact persistence
- Checks CPU information
  Checks CPU information which indicate if the system is an emulator.
  evasion discovery
- Checks memory information
  Checks memory information which indicate if the system is an emulator.
  evasion discovery
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Queries information about the current Wi-Fi connection
  Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
  discovery
- Queries the mobile country code (MCC)
  discovery
- Queries the phone number (MSISDN for GSM devices)
  discovery
- Registers a broadcast receiver at runtime (usually for listening for system events)
  persistence
- Checks if the internet connection is available
  discovery
- Queries the unique device ID (IMEI, MEID, IMSI)
  discovery
- Reads information about phone network operator.
  discovery
behavioral1 behavioral2
- Target
  
  core.jar
- Size
  
  442KB
- MD5
  
  f84ba6f0daba937e6d435442c99e8387
- SHA1
  
  038c9ca9c9ed1c3321bf7fa641975be25fd2241c
- SHA256
  
  428827b1d99667c2608ac1c8708b9e3c87018134c1e640b1990cd73adbb77088
- SHA512
  
  9a8091c2cd339187341868c4f7ac473852c9cff788d53e6148f99e3093ff6129155cdf985be556dfee4d58b1eb9ca39093fe82bc04d3fab147534dd47781a50f
- SSDEEP
  
  12288:uL5KMOiBt1m0FobBKUnJaVS5aNOVWtKVFJj6yHFDqH/H:uVKMdFobBKUnJaVS5jWtqJekc/H
Score

1^/10
behavioral3 behavioral4 behavioral5
- Target
  
  res.bin
- Size
  
  190KB
- MD5
  
  4f8ffbbab343c81c4965077c9d8e7800
- SHA1
  
  efffc6a83edc4ba34facf98a903eb0c08eea3c19
- SHA256
  
  724a9a674efd34affa4f8e34d5bd53b2617166b8def7099a9503adec0e5fc4cb
- SHA512
  
  fdf566c7189af57a7249aa9e263baee88728eb78c699fa0fadb75f58e1ce1c9f9e8f83375010fc3a273ff7486af8c74d1a44be37ca69d7340314ec502684b5ed
- SSDEEP
  
  3072:frnPPK5cnEcf/gNM6he9LmnVzNz56S1HeAIq6UUMN/Xlu0/Qb:jPy5cEcngS6wLmnE5A6svAZ
Score

1^/10
behavioral6 behavioral7 behavioral8
- Target
  
  update.jar
- Size
  
  6KB
- MD5
  
  3eea0fcda4a513b99cedf31c7452aaf8
- SHA1
  
  071da147eacf17f1c10fc6362ac43839ee96d5a2
- SHA256
  
  2a9b79160a4eae5fea2e7fbd3e0498eae8af9d0e8d784b18ac81c3468da6e0a6
- SHA512
  
  12a20677a8f36778ceeead1e35a9a20dce8ecc9999803db2e3e40312b74847ccc9efbc649b4949dae38520287b7a01bd50c81dbf9fe1db8fb7e9ecd070801880
- SSDEEP
  
  96:G2sO+8hQev6LJugBsw4+KqRdK44JO6kwR7VXChi6nnf6ilCVhRsjgojXFrXyF972:lsONVQJ6p+ZRg7Td1offlqujv671U
Score

1^/10
behavioral10 behavioral11 behavioral9
- Target
  
  v0.1.8_egret-dex.jar
- Size
  
  54KB
- MD5
  
  8977bf20054e1c0fe89d2f1ad8444e82
- SHA1
  
  7eb1f16abfe707daa644a32b8b76b8cacd55061e
- SHA256
  
  5e18021c099243845f4259d3be14f6fef2accbee67af52efb8651171ef091e45
- SHA512
  
  a4a12fca0de278cb6dc5ab5d3e602dbcee67f44a53ef8f1f5ded656759ba4bcff2f8bc28120d73eac79b078fe020dad9463a4a140764a6918ae078c26bc306d9
- SSDEEP
  
  1536:GrV6SeJiNmHnnANciZikuoLYjx8CS36E3A:O34ANciZikuoLALSVw
Score

1^/10
behavioral12 behavioral13 behavioral14

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Tasks

Sharing

General

Malware Config

Targets

Checks CPU information

Checks memory information

Loads dropped Dex/Jar

Queries information about the current Wi-Fi connection

Queries the mobile country code (MCC)

Queries the phone number (MSISDN for GSM devices)

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks if the internet connection is available

Queries the unique device ID (IMEI, MEID, IMSI)

Reads information about phone network operator.

MITRE ATT&CK Mobile v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14