General

  • Target

    56efb573b5859e87d51a88afbfac96eb_JaffaCakes118

  • Size

    699KB

  • Sample

    240518-1kbh7shb4z

  • MD5

    56efb573b5859e87d51a88afbfac96eb

  • SHA1

    7661b7c743218e2ebda88bb2cecdf2f42260f42a

  • SHA256

    793b7d7d8bb91903424286e5df6a0d8d6767e38b7e0a0fce300212a129396e01

  • SHA512

    5defb747c6c0ccdf7471ecb9817b3446e4e58b3dd77afaed10094e7a43cf84a0b7a9a9ca22e65fa1433659989e8a28d3c1b66cf248c832cc31befb7a36bbda61

  • SSDEEP

    12288:xZsGhcUBzjcKDtU9Cq2TbD6+iBshVBhJ0BxZyiUrbmKkKeDFTIKn1MQWnA+Rhffl:xZsG3rt2CVK+iGhVBEB+rbCFTJ+REC

Malware Config

Targets

    • Target

      56efb573b5859e87d51a88afbfac96eb_JaffaCakes118

    • Size

      699KB

    • MD5

      56efb573b5859e87d51a88afbfac96eb

    • SHA1

      7661b7c743218e2ebda88bb2cecdf2f42260f42a

    • SHA256

      793b7d7d8bb91903424286e5df6a0d8d6767e38b7e0a0fce300212a129396e01

    • SHA512

      5defb747c6c0ccdf7471ecb9817b3446e4e58b3dd77afaed10094e7a43cf84a0b7a9a9ca22e65fa1433659989e8a28d3c1b66cf248c832cc31befb7a36bbda61

    • SSDEEP

      12288:xZsGhcUBzjcKDtU9Cq2TbD6+iBshVBhJ0BxZyiUrbmKkKeDFTIKn1MQWnA+Rhffl:xZsG3rt2CVK+iGhVBEB+rbCFTJ+REC

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Removes its main activity from the application launcher

    • Checks Android system properties for emulator presence.

    • Checks memory information

      Checks memory information which indicate if the system is an emulator.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Obtains sensitive information copied to the device clipboard

      Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    • Queries the mobile country code (MCC)

    • Registers a broadcast receiver at runtime (usually for listening for system events)

    • Target

      Fluent.apk

    • Size

      414KB

    • MD5

      3d596b729e275c8822001b56934f3acc

    • SHA1

      2230deddd141c20ecc3a6c2ead933107802494a9

    • SHA256

      9ef6b169afbf9f140dfba4cad958c6a096ffbcf05a707fc43f5d8e0449f62407

    • SHA512

      9287a05b4e9b7ede8b7a1f12cca41339c5fa5b04723a052fe9176b5f40afb4a837d3f01948af3741ea4eb49680ab9c02a325cee5be83556567f758a646741636

    • SSDEEP

      12288:NsGhcUBzjcKDtU9Cq2TbD6+iBshVBhJ0BxZyiUD:NsG3rt2CVK+iGhVBEB+D

    • Checks CPU information

      Checks CPU information which indicate if the system is an emulator.

    • Checks memory information

      Checks memory information which indicate if the system is an emulator.

    • Obtains sensitive information copied to the device clipboard

      Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    • Queries the mobile country code (MCC)

    • Registers a broadcast receiver at runtime (usually for listening for system events)

    • Checks if the internet connection is available

MITRE ATT&CK Mobile v15

Tasks