General

  • Target

    573b3a9f0489465dbf85141c02c054a0_JaffaCakes118

  • Size

    30.3MB

  • Sample

    240518-2rpj3scb21

  • MD5

    573b3a9f0489465dbf85141c02c054a0

  • SHA1

    bd045854cb0781979eb111b12ff116ad97b8c9a8

  • SHA256

    86cdc3416c4427e5e6e999af2596b2ea9210a3c1f83a85deb1ab560990a26f8c

  • SHA512

    ed7f03aa1dd418ce28f7ee2cc186dbdb6af8a54a7d3fc02b50ff59f4611f6da16846a95ff61eb0d793278608da22224863bcfb4cc61305185e0f12bcf78a408e

  • SSDEEP

    786432:/VOCaDVIqtMJvAyres8eBNzwGpBwN7jUem2BoQtB:/VOCa7WJvOHeBluD+AB

Malware Config

Targets

    • Target

      573b3a9f0489465dbf85141c02c054a0_JaffaCakes118

    • Size

      30.3MB

    • MD5

      573b3a9f0489465dbf85141c02c054a0

    • SHA1

      bd045854cb0781979eb111b12ff116ad97b8c9a8

    • SHA256

      86cdc3416c4427e5e6e999af2596b2ea9210a3c1f83a85deb1ab560990a26f8c

    • SHA512

      ed7f03aa1dd418ce28f7ee2cc186dbdb6af8a54a7d3fc02b50ff59f4611f6da16846a95ff61eb0d793278608da22224863bcfb4cc61305185e0f12bcf78a408e

    • SSDEEP

      786432:/VOCaDVIqtMJvAyres8eBNzwGpBwN7jUem2BoQtB:/VOCa7WJvOHeBluD+AB

    • Checks if the Android device is rooted.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Requests cell location

      Uses Android APIs to to get current cell location.

    • Checks CPU information

      Checks CPU information which indicate if the system is an emulator.

    • Checks memory information

      Checks memory information which indicate if the system is an emulator.

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Queries information about the current nearby Wi-Fi networks

      Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

    • Queries the phone number (MSISDN for GSM devices)

    • Registers a broadcast receiver at runtime (usually for listening for system events)

    • Checks if the internet connection is available

    • Reads information about phone network operator.

MITRE ATT&CK Mobile v15

Tasks