General

  • Target

    4fd427e4b093583e62f04ed76189d94b_JaffaCakes118

  • Size

    31.1MB

  • Sample

    240517-pxw5wshh55

  • MD5

    4fd427e4b093583e62f04ed76189d94b

  • SHA1

    5c35b253ee27ad938e871746a043a06ec11dbdcd

  • SHA256

    bc7792b77199ffdf767d69a8beb391b0cc60a08634d33bd8da60d93b414bf3f6

  • SHA512

    d3cf6b7fa03f4ccd154c4006d9c7c0c1a3a91a7c2730758deb091e4015a10c10f9462b31e9bce33bc851bb89d89ffda70340d67c561101ed4ab5bfdfc148c49d

  • SSDEEP

    786432:Fl8zk8ikXj91ug8sCIXuWwy3ckL32wky+bBVXgb:PkZ15CSqyMU2wx+NVXe

Malware Config

Targets

    • Target

      4fd427e4b093583e62f04ed76189d94b_JaffaCakes118

    • Size

      31.1MB

    • MD5

      4fd427e4b093583e62f04ed76189d94b

    • SHA1

      5c35b253ee27ad938e871746a043a06ec11dbdcd

    • SHA256

      bc7792b77199ffdf767d69a8beb391b0cc60a08634d33bd8da60d93b414bf3f6

    • SHA512

      d3cf6b7fa03f4ccd154c4006d9c7c0c1a3a91a7c2730758deb091e4015a10c10f9462b31e9bce33bc851bb89d89ffda70340d67c561101ed4ab5bfdfc148c49d

    • SSDEEP

      786432:Fl8zk8ikXj91ug8sCIXuWwy3ckL32wky+bBVXgb:PkZ15CSqyMU2wx+NVXe

    • Checks if the Android device is rooted.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Requests cell location

      Uses Android APIs to to get current cell location.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Queries information about the current nearby Wi-Fi networks

      Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

    • Registers a broadcast receiver at runtime (usually for listening for system events)

    • Checks if the internet connection is available

    • Target

      jhb.db

    • Size

      1.7MB

    • MD5

      6e603b639218eaf2fee89386d8dca31a

    • SHA1

      e4e329731a49061c61c01ccda1ffd3a40a5d738b

    • SHA256

      f2d4d790392747f3f59d343bde13f7043c7ab1d9bb3382db16d885d27878fe54

    • SHA512

      3abe71bdfd7bfaa3b0815b4873d7ae5160c17fbc9b4fd3229a21938d347ccecbc05002cb663193395a5f401ae8beaa2e1af071169667adc7bfe8e6a440c371b4

    • SSDEEP

      24576:PojXa1Covx8UBiIk6d51yXmZQHazZSbqRG4tiUuOhl9q/9HdRTKzbn3Snb2/w:QjkLCn4WXiSazZSYbhHq/NbSbn3b/w

    • Checks if the Android device is rooted.

    • Checks CPU information

      Checks CPU information which indicate if the system is an emulator.

    • Checks memory information

      Checks memory information which indicate if the system is an emulator.

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Registers a broadcast receiver at runtime (usually for listening for system events)

    • Checks if the internet connection is available

    • Reads information about phone network operator.

MITRE ATT&CK Mobile v15

Tasks