General

  • Target

    3eee8be8ba1ef09f0afd5de0138a5c91_JaffaCakes118

  • Size

    19.5MB

  • Sample

    240513-l1brkshd2x

  • MD5

    3eee8be8ba1ef09f0afd5de0138a5c91

  • SHA1

    0155bb3bf8c084521c54a8112bf83f1880860b74

  • SHA256

    6d228465bc95ce389d33086353b86444ff43db1a7373aa1462027b8fa4c5e601

  • SHA512

    8dd17285dfc8de8f1229e5cb1981c47d54c5585f5ef36567456557702e44e56433825610e605b093a4fc547ebb31295bde5edad654ff2cfed540d62e3768860a

  • SSDEEP

    393216:7jjNqeHH/k+kHXw1idNiGLE0cy+r2tF9Ymud3tS7gf/dgTRGF7e:7jjK+kH5uG4SF9C8c2TAw

Malware Config

Targets

    • Target

      3eee8be8ba1ef09f0afd5de0138a5c91_JaffaCakes118

    • Size

      19.5MB

    • MD5

      3eee8be8ba1ef09f0afd5de0138a5c91

    • SHA1

      0155bb3bf8c084521c54a8112bf83f1880860b74

    • SHA256

      6d228465bc95ce389d33086353b86444ff43db1a7373aa1462027b8fa4c5e601

    • SHA512

      8dd17285dfc8de8f1229e5cb1981c47d54c5585f5ef36567456557702e44e56433825610e605b093a4fc547ebb31295bde5edad654ff2cfed540d62e3768860a

    • SSDEEP

      393216:7jjNqeHH/k+kHXw1idNiGLE0cy+r2tF9Ymud3tS7gf/dgTRGF7e:7jjK+kH5uG4SF9C8c2TAw

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Requests cell location

      Uses Android APIs to to get current cell location.

    • Checks Android system properties for emulator presence.

    • Checks CPU information

      Checks CPU information which indicate if the system is an emulator.

    • Checks Qemu related system properties.

      Checks for Android system properties related to Qemu for Emulator detection.

    • Checks memory information

      Checks memory information which indicate if the system is an emulator.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Registers a broadcast receiver at runtime (usually for listening for system events)

    • Checks if the internet connection is available

    • Queries the unique device ID (IMEI, MEID, IMSI)

    • Reads information about phone network operator.

    • Listens for changes in the sensor environment (might be used to detect emulation)

MITRE ATT&CK Mobile v15

Tasks