General
-
Target
4fb370c7d3d3a0efd6b16cf0bbed6a16_JaffaCakes118
-
Size
30.1MB
-
Sample
240517-nc2n7sfd96
-
MD5
4fb370c7d3d3a0efd6b16cf0bbed6a16
-
SHA1
0376eb703faf6f28cc7247f1cb1f60ac56925bf1
-
SHA256
6339317679b65547ee9d7e59915717cb2a23bbdb73166ab7ed744d3b467bdcee
-
SHA512
0a3c7accfac3b2e692f5b5f69cfe15f163e47bd7a348942ebb418f14070eeff6f344916b1e1a2c9a97a941b80db7c8934b795bd6c664bcd346202df58b356860
-
SSDEEP
786432:QgPsm4LaJMTnKAnVVf2HrTxONQDjJbm5BXIVhEKw/aHIqNorSYaj:Q2smHM7zH2HrT8+D1bm5aVhBIkore
Static task
static1
Behavioral task
behavioral1
Sample
4fb370c7d3d3a0efd6b16cf0bbed6a16_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
4fb370c7d3d3a0efd6b16cf0bbed6a16_JaffaCakes118.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral3
Sample
ksc_plugin_v407.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral4
Sample
ksc_plugin_v407.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral5
Sample
ksc_plugin_v407.apk
Resource
android-x64-arm64-20240514-en
Behavioral task
behavioral6
Sample
mimo_asset.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral7
Sample
mimo_asset.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral8
Sample
mimo_asset.apk
Resource
android-x64-arm64-20240514-en
Malware Config
Targets
-
-
Target
4fb370c7d3d3a0efd6b16cf0bbed6a16_JaffaCakes118
-
Size
30.1MB
-
MD5
4fb370c7d3d3a0efd6b16cf0bbed6a16
-
SHA1
0376eb703faf6f28cc7247f1cb1f60ac56925bf1
-
SHA256
6339317679b65547ee9d7e59915717cb2a23bbdb73166ab7ed744d3b467bdcee
-
SHA512
0a3c7accfac3b2e692f5b5f69cfe15f163e47bd7a348942ebb418f14070eeff6f344916b1e1a2c9a97a941b80db7c8934b795bd6c664bcd346202df58b356860
-
SSDEEP
786432:QgPsm4LaJMTnKAnVVf2HrTxONQDjJbm5BXIVhEKw/aHIqNorSYaj:Q2smHM7zH2HrT8+D1bm5aVhBIkore
Score8/10-
Checks if the Android device is rooted.
-
Checks Android system properties for emulator presence.
-
Queries information about running processes on the device
Application may abuse the framework's APIs to collect information about running processes on the device.
-
Queries information about the current Wi-Fi connection
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries information about the current nearby Wi-Fi networks
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
-
Queries the mobile country code (MCC)
-
Registers a broadcast receiver at runtime (usually for listening for system events)
-
Checks if the internet connection is available
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Queries the unique device ID (IMEI, MEID, IMSI)
-
Requests dangerous framework permissions
-
Listens for changes in the sensor environment (might be used to detect emulation)
-
-
-
Target
ksc_plugin_v407.apk
-
Size
520KB
-
MD5
b9246a2a3a7364ed91bc4e451356214d
-
SHA1
6290cd9545ce9651fbd0f2001f58569f61df9d53
-
SHA256
96b5885222f07891882b9da6ce76e6327841e2d222802cd0fb5fdd8e152342a6
-
SHA512
8d227d9be5b3c8aabb009f075486b5396aec2cf04e16515e2e095941ea56c39839f8ea4297fc5c7223d5a0f608d4055c9d2a7b50d348d3dd474afb3b7551112a
-
SSDEEP
12288:aMORrkd7rc6e7xOW3abGRMMyCXnVaGDC2ndbLhy0bhQS:aMORkd7g6eMOBJyMVjT3VqS
Score1/10 -
-
-
Target
mimo_asset.apk
-
Size
300KB
-
MD5
b3bc6255feea6cd9398fa0cc9da7a88d
-
SHA1
85924ff9afd7531e191367a1c1c086829161fa19
-
SHA256
8de83f61dbba332ba95cdeefea24114adc08f483b45398a53bf06f5608e4d65e
-
SHA512
0020ec00005ac5127d9425dea6713980881d33b72c767c42d0237fad5cf403c751a6d8d153ce6b4286e227042b36c0909e2a7af55b635963193e6cc99e78a644
-
SSDEEP
6144:9ZuHNuP4S37gQ3HSBSZGFbtxTPgVpqzjDPNHcPLwyU8wgKZ/sCtYte:ewPD73HyVL0VpqzjrhW35KdJYte
Score1/10 -
MITRE ATT&CK Enterprise v15
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Execution Guardrails
1Geofencing
1Hide Artifacts
1User Evasion
1Virtualization/Sandbox Evasion
3System Checks
3