General

  • Target

    535e2d9656b90190f26a193975549dea_JaffaCakes118

  • Size

    14.3MB

  • Sample

    240518-g7cj8sff9y

  • MD5

    535e2d9656b90190f26a193975549dea

  • SHA1

    273ff75e7ed9a6d711a5532d94dff3d89288482f

  • SHA256

    d315ba57739caba61528793cee7dff09fb542bea1c7c8b6616dad9e0f4a95ec6

  • SHA512

    5b0c8741fdaaf0c00c21e0811df60446704c5e2848a321d2197ad123f3a0782d616e156642dbb88695f6c979d6ec458ef470549b85a6e3c8bf1489bd99e2f822

  • SSDEEP

    393216:CGV4fBZmpyPpsfxp6BSiHEle5haTyxcVeOLc1c:BVSZmE8puzHN5hEVeoc2

Malware Config

Targets

    • Target

      535e2d9656b90190f26a193975549dea_JaffaCakes118

    • Size

      14.3MB

    • MD5

      535e2d9656b90190f26a193975549dea

    • SHA1

      273ff75e7ed9a6d711a5532d94dff3d89288482f

    • SHA256

      d315ba57739caba61528793cee7dff09fb542bea1c7c8b6616dad9e0f4a95ec6

    • SHA512

      5b0c8741fdaaf0c00c21e0811df60446704c5e2848a321d2197ad123f3a0782d616e156642dbb88695f6c979d6ec458ef470549b85a6e3c8bf1489bd99e2f822

    • SSDEEP

      393216:CGV4fBZmpyPpsfxp6BSiHEle5haTyxcVeOLc1c:BVSZmE8puzHN5hEVeoc2

    • Checks if the Android device is rooted.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Checks Android system properties for emulator presence.

    • Checks CPU information

      Checks CPU information which indicate if the system is an emulator.

    • Checks Qemu related system properties.

      Checks for Android system properties related to Qemu for Emulator detection.

    • Checks known Qemu files.

      Checks for known Qemu files that exist on Android virtual device images.

    • Checks known Qemu pipes.

      Checks for known pipes used by the Android emulator to communicate with the host.

    • Checks memory information

      Checks memory information which indicate if the system is an emulator.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Registers a broadcast receiver at runtime (usually for listening for system events)

    • Checks if the internet connection is available

    • Listens for changes in the sensor environment (might be used to detect emulation)

    • Target

      gdtadv2.jar

    • Size

      1.1MB

    • MD5

      62d3210f0381703b79c016a5a475c650

    • SHA1

      d57e3810e0490f3c46c7cef1430047e640e1170f

    • SHA256

      b24e08fff96ed736f5f5751f2b5f7e5751118616f0e9557974748c8674e2d197

    • SHA512

      153dc4cee44b62ebefa59e260ddfb8c197188c17dfb8d384fb588a881b321e841b245b5e2fbb4d44ba6ca597e1a5e73b36441c6bb800fbf5a01f33d91fd98c14

    • SSDEEP

      24576:/ZrPZ3ONad/a9n3cOWPjywoGpe6LrA1kZb5wCWv1SC5+6Cmmtx/Q+b/:BrB3OcdS9n3cXywoRRqmCOSCk6At/j

    Score
    1/10

MITRE ATT&CK Mobile v15

Tasks