General

  • Target

    52e693ba345643fc630fe0e4025b5122_JaffaCakes118

  • Size

    26.1MB

  • Sample

    240518-ec96xaag45

  • MD5

    52e693ba345643fc630fe0e4025b5122

  • SHA1

    33d635a43d9ea9ab81eb6d4ec23f57d3de70cc4b

  • SHA256

    4455286dea5a5b15aed0464d463ef021ef91f4f1fee76f2b33558bd2c6fdbfea

  • SHA512

    27293198353eff5671a42d20289e1e358780ec7ad81fc0ec20ae3fdca17e535406e90b5d8e7ab9636f16b58719fd57ecb85da545d45ca2367c3150fafe08dffc

  • SSDEEP

    786432:+Wz0Ficgg73PQzzeeZdC8zoNsg/nCb0yk8UgcB/RY8B:L0FicgKQXrYsgfCQt7

Malware Config

Targets

    • Target

      52e693ba345643fc630fe0e4025b5122_JaffaCakes118

    • Size

      26.1MB

    • MD5

      52e693ba345643fc630fe0e4025b5122

    • SHA1

      33d635a43d9ea9ab81eb6d4ec23f57d3de70cc4b

    • SHA256

      4455286dea5a5b15aed0464d463ef021ef91f4f1fee76f2b33558bd2c6fdbfea

    • SHA512

      27293198353eff5671a42d20289e1e358780ec7ad81fc0ec20ae3fdca17e535406e90b5d8e7ab9636f16b58719fd57ecb85da545d45ca2367c3150fafe08dffc

    • SSDEEP

      786432:+Wz0Ficgg73PQzzeeZdC8zoNsg/nCb0yk8UgcB/RY8B:L0FicgKQXrYsgfCQt7

    • Checks if the Android device is rooted.

    • Checks CPU information

      Checks CPU information which indicate if the system is an emulator.

    • Checks memory information

      Checks memory information which indicate if the system is an emulator.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Queries information about the current nearby Wi-Fi networks

      Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

    • Registers a broadcast receiver at runtime (usually for listening for system events)

    • Checks if the internet connection is available

    • Reads information about phone network operator.

    • Schedules tasks to execute at a specified time

      Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    • Listens for changes in the sensor environment (might be used to detect emulation)

MITRE ATT&CK Mobile v15

Tasks