General

  • Target

    4fb370c7d3d3a0efd6b16cf0bbed6a16_JaffaCakes118

  • Size

    30.1MB

  • Sample

    240517-nc2n7sfd96

  • MD5

    4fb370c7d3d3a0efd6b16cf0bbed6a16

  • SHA1

    0376eb703faf6f28cc7247f1cb1f60ac56925bf1

  • SHA256

    6339317679b65547ee9d7e59915717cb2a23bbdb73166ab7ed744d3b467bdcee

  • SHA512

    0a3c7accfac3b2e692f5b5f69cfe15f163e47bd7a348942ebb418f14070eeff6f344916b1e1a2c9a97a941b80db7c8934b795bd6c664bcd346202df58b356860

  • SSDEEP

    786432:QgPsm4LaJMTnKAnVVf2HrTxONQDjJbm5BXIVhEKw/aHIqNorSYaj:Q2smHM7zH2HrT8+D1bm5aVhBIkore

Malware Config

Targets

    • Target

      4fb370c7d3d3a0efd6b16cf0bbed6a16_JaffaCakes118

    • Size

      30.1MB

    • MD5

      4fb370c7d3d3a0efd6b16cf0bbed6a16

    • SHA1

      0376eb703faf6f28cc7247f1cb1f60ac56925bf1

    • SHA256

      6339317679b65547ee9d7e59915717cb2a23bbdb73166ab7ed744d3b467bdcee

    • SHA512

      0a3c7accfac3b2e692f5b5f69cfe15f163e47bd7a348942ebb418f14070eeff6f344916b1e1a2c9a97a941b80db7c8934b795bd6c664bcd346202df58b356860

    • SSDEEP

      786432:QgPsm4LaJMTnKAnVVf2HrTxONQDjJbm5BXIVhEKw/aHIqNorSYaj:Q2smHM7zH2HrT8+D1bm5aVhBIkore

    • Checks if the Android device is rooted.

    • Requests cell location

      Uses Android APIs to to get current cell location.

    • Checks Android system properties for emulator presence.

    • Checks CPU information

      Checks CPU information which indicate if the system is an emulator.

    • Checks memory information

      Checks memory information which indicate if the system is an emulator.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Queries information about the current nearby Wi-Fi networks

      Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

    • Queries the mobile country code (MCC)

    • Registers a broadcast receiver at runtime (usually for listening for system events)

    • Checks if the internet connection is available

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Queries the unique device ID (IMEI, MEID, IMSI)

    • Requests dangerous framework permissions

    • Listens for changes in the sensor environment (might be used to detect emulation)

    • Target

      ksc_plugin_v407.apk

    • Size

      520KB

    • MD5

      b9246a2a3a7364ed91bc4e451356214d

    • SHA1

      6290cd9545ce9651fbd0f2001f58569f61df9d53

    • SHA256

      96b5885222f07891882b9da6ce76e6327841e2d222802cd0fb5fdd8e152342a6

    • SHA512

      8d227d9be5b3c8aabb009f075486b5396aec2cf04e16515e2e095941ea56c39839f8ea4297fc5c7223d5a0f608d4055c9d2a7b50d348d3dd474afb3b7551112a

    • SSDEEP

      12288:aMORrkd7rc6e7xOW3abGRMMyCXnVaGDC2ndbLhy0bhQS:aMORkd7g6eMOBJyMVjT3VqS

    Score
    1/10
    • Target

      mimo_asset.apk

    • Size

      300KB

    • MD5

      b3bc6255feea6cd9398fa0cc9da7a88d

    • SHA1

      85924ff9afd7531e191367a1c1c086829161fa19

    • SHA256

      8de83f61dbba332ba95cdeefea24114adc08f483b45398a53bf06f5608e4d65e

    • SHA512

      0020ec00005ac5127d9425dea6713980881d33b72c767c42d0237fad5cf403c751a6d8d153ce6b4286e227042b36c0909e2a7af55b635963193e6cc99e78a644

    • SSDEEP

      6144:9ZuHNuP4S37gQ3HSBSZGFbtxTPgVpqzjDPNHcPLwyU8wgKZ/sCtYte:ewPD73HyVL0VpqzjrhW35KdJYte

    Score
    1/10

MITRE ATT&CK Enterprise v15

MITRE ATT&CK Mobile v15

Tasks