ef9a87ad3207cd8376170f77c3945df78656ad3c60d375d386b1cd2b021d39d7 | Triage

Sharing

General

Target

4a010da6b55852c0940b3625f191f788_JaffaCakes118
Size

13.2MB
Sample

240516-jb5l9aae88
MD5

4a010da6b55852c0940b3625f191f788
SHA1

46e9073e2a367b2e3e239754147d51ddd0b87109
SHA256

ef9a87ad3207cd8376170f77c3945df78656ad3c60d375d386b1cd2b021d39d7
SHA512

3a23db004e1981d833eb0e876bde0b1ff22a89dfdb84e942e502bbd50b03a5ad131a0213cc59a4dbe6d259befec4452120fad7ace216752cf27852536631a19a
SSDEEP

393216:m++x4C5fxoImPElipy3U/guzcDCq3Q6KU5qzHly:BUJnWMDzKPzHly

Score

8^/10

android collection discovery evasion impact persistence privilege_escalation ransomware

Malware Config

Targets

- Target
  
  4a010da6b55852c0940b3625f191f788_JaffaCakes118
- Size
  
  13.2MB
- MD5
  
  4a010da6b55852c0940b3625f191f788
- SHA1
  
  46e9073e2a367b2e3e239754147d51ddd0b87109
- SHA256
  
  ef9a87ad3207cd8376170f77c3945df78656ad3c60d375d386b1cd2b021d39d7
- SHA512
  
  3a23db004e1981d833eb0e876bde0b1ff22a89dfdb84e942e502bbd50b03a5ad131a0213cc59a4dbe6d259befec4452120fad7ace216752cf27852536631a19a
- SSDEEP
  
  393216:m++x4C5fxoImPElipy3U/guzcDCq3Q6KU5qzHly:BUJnWMDzKPzHly
Score

8^/10

collection discovery evasion impact persistence ransomware
- Checks if the Android device is rooted.
  evasion
- Checks CPU information
  Checks CPU information which indicate if the system is an emulator.
  evasion discovery
- Queries information about running processes on the device
  Application may abuse the framework's APIs to collect information about running processes on the device.
  discovery
- Queries information about the current Wi-Fi connection
  Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
  discovery
- Queries the phone number (MSISDN for GSM devices)
  discovery
- Reads the contacts stored on the device.
  collection
- Reads the content of the call log.
  collection
- Registers a broadcast receiver at runtime (usually for listening for system events)
  persistence
- Checks if the internet connection is available
  discovery
- Changes the wallpaper (common with ransomware activity)
  ransomware
behavioral1
- Target
  
  726.apk
- Size
  
  447KB
- MD5
  
  e11c9875ba71e9071aa10fc7dc8fb283
- SHA1
  
  9e260f24076b708fc60a982037f444128efb41d0
- SHA256
  
  a08e5e30930046518f72da24e4077b93b70e72011d9211729833f4b8fee691ef
- SHA512
  
  d59a043b65e9a218928fcbdf4cbf139c860dd287e32594d7e73a9d7137be7d0fe8728b9667063b25b22e526b456d388d1e950bd99c5deb52a12935c370887d6a
- SSDEEP
  
  6144:/hUow0zYsbsM4QJ0txCSCWVFS+RhXChP5d1ZmAdbD/xUanz6BG3n/nwoy6MODlC:/2l0zxbVNkzRHChP5/RxUy3n/FyAlC
Score

1^/10
behavioral2 behavioral3 behavioral4
- Target
  
  QRomCommand.jar
- Size
  
  10KB
- MD5
  
  f48e13dc081feb8cd33b78a5004b7a54
- SHA1
  
  422074c1584150bdfb42e3ffd6539ffce73a8001
- SHA256
  
  a2657b3767205a3971f807b2f2562d310435a28d24f35405d5c494af6ed5c6b0
- SHA512
  
  c378d1b8688a42736bb94acbcc9047cb82bbb10aee9008baa583d82fc15f9ba76f6e5b8dfdf64930d7de3cfe58bb61bc934efd6191e78018fa4bcddece823463
- SSDEEP
  
  192:jMQv0TgBlAsX2ABxwUzDc5ldMT/05j62xcUZXq6HF8ZxvkW6zEiGyq7:jqyuABrzDiMgJ6ChZXqHhkW6zEiGZ
Score

1^/10
behavioral5 behavioral6 behavioral7
- Target
  
  lock_screen
- Size
  
  20KB
- MD5
  
  20d475f3acf21a2bf96d3e6b535a5104
- SHA1
  
  3d4c57582a1d41ea803a2cbd862839af1043e730
- SHA256
  
  ae2ea18bff78f50e480a96a90d704b7fd126c683480287d26a8123dfa0e6f585
- SHA512
  
  4f6f2fd1ff6707387446b5e9dce664b3243af4bfd740c6bf927624eb2fb65dbc3abb2a75a323baaa64b5ba993c8c4071e08083d1d1b82734d6a4b63f154c3fb7
- SSDEEP
  
  384:0xAuIGEoaSsiHkabGbPHAkI6EqVTv5SeYbga9JmpoNmnr:iIGWabGHA36JB5B8LO/r
Score

7^/10

impact privilege_escalation
- Tries to add a device administrator.
  privilege_escalation impact
behavioral10 behavioral8 behavioral9

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

collectiondiscoveryevasionimpactpersistenceransomware

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

impactprivilege_escalation

behavioral9

behavioral10

impactprivilege_escalation