General

  • Target

    55012cc6da92a270fc438c3b37e413c4_JaffaCakes118

  • Size

    8.6MB

  • Sample

    240518-q1s33sec69

  • MD5

    55012cc6da92a270fc438c3b37e413c4

  • SHA1

    4eb85ddc5df71e65952716b4a920293ad9589224

  • SHA256

    f395d92861fccb61737ab1f1a25bd556cc94699f86d5ed115b153bb387e6f0e0

  • SHA512

    da3f104791fb9627aafcae4de1e99a9b2c8ab42eb18ce238b9bc584eb760c8e696e532c99ad127ab6f503d8eb7be3ee2fd9bb2cc7f0fcb44cc738463dad1c2b1

  • SSDEEP

    196608:YgB2JfPgLq8jbgRe0lVpWlTDUf3l3DMrNLC9dGm:YgclgL/bgzjmTDUMNmD

Malware Config

Targets

    • Target

      55012cc6da92a270fc438c3b37e413c4_JaffaCakes118

    • Size

      8.6MB

    • MD5

      55012cc6da92a270fc438c3b37e413c4

    • SHA1

      4eb85ddc5df71e65952716b4a920293ad9589224

    • SHA256

      f395d92861fccb61737ab1f1a25bd556cc94699f86d5ed115b153bb387e6f0e0

    • SHA512

      da3f104791fb9627aafcae4de1e99a9b2c8ab42eb18ce238b9bc584eb760c8e696e532c99ad127ab6f503d8eb7be3ee2fd9bb2cc7f0fcb44cc738463dad1c2b1

    • SSDEEP

      196608:YgB2JfPgLq8jbgRe0lVpWlTDUf3l3DMrNLC9dGm:YgclgL/bgzjmTDUMNmD

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Requests cell location

      Uses Android APIs to to get current cell location.

    • Checks CPU information

      Checks CPU information which indicate if the system is an emulator.

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Queries information about the current nearby Wi-Fi networks

      Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

    • Registers a broadcast receiver at runtime (usually for listening for system events)

    • Checks if the internet connection is available

    • Queries the unique device ID (IMEI, MEID, IMSI)

    • Reads information about phone network operator.

    • Listens for changes in the sensor environment (might be used to detect emulation)

    • Target

      PushPlugin.plugin

    • Size

      158KB

    • MD5

      0b1c22a5d5ebd04c6bd3808fea91dd3e

    • SHA1

      cbe8fc95406b2b07fa64f3d5d114b57c1c119058

    • SHA256

      1f3c687ea7a1be6ba48caf6824310237e2bd0c6078288b19226df09c5d8f5166

    • SHA512

      5baae4bbebcf96162aca6c0c809b64d8d465735ec911baf4ebf982e3942700d6264ec01bf306846446a00054a63483b847811fe9f512081c9b2e2cf7fe30a134

    • SSDEEP

      3072:ePpADR6eoUflaI0JJFF4Rd/smOj86zj4AviazQ2ftXzL7UkkT9n6CVo1F50lbnb7:ePOgLOZAKd/smzS0g/Q2ftjL1kT9Lo1m

    Score
    1/10
    • Target

      __xadsdk__remote__final__.jar

    • Size

      83KB

    • MD5

      607e65052147713115dd87f0866d504c

    • SHA1

      5ff2a1c2ebedeb61236c56edfde6406828a05c6c

    • SHA256

      fe2fe2810faab43ae935927bfde6faafb8c74532f760afbecff9585d4404e741

    • SHA512

      2bc7144ac0c6dfbcf097f778ee110405d9c58f4fc4901356c2cf2622d7a4f6b12ce30a51f168962a8c81fbab9c46a65c2b219633dd2a80cc345dbf255cebf2a1

    • SSDEEP

      1536:eKSS1UbomStT19s4G0/GZzgrF2nPOgfbexVK8RV+0XUv5VzUxwh3MPeUivu5iy:DSYsStT1ZT/ugrFsmgsHWzUxq3MPeUi8

    Score
    1/10
    • Target

      andashi_service.jar

    • Size

      5KB

    • MD5

      698ab7530be951c006c2cee52a074d0e

    • SHA1

      99d7e61a6d52d4114a7ed484ec71f17bbf0bf172

    • SHA256

      0fdd66997648d432a017b99e129faa7e50c9568902849cc8e26a1ff081ffb998

    • SHA512

      5ee3ab9c544c437c4b57b0d805d1c65bb6de85d59a74780da421772fe6f3f07c6a9b3dff626f5abbab331b96d9b362575654685872e682a0ad487dd04504a717

    • SSDEEP

      96:91TKogsufcYmnSYFH1JaLtccAiSu7uEzWwxoZtfgj2OJycL9cO1cxkK/r4cvweaM:9dKCnWjSu7uWqIxJ7raxj/yer

    Score
    1/10
    • Target

      gdtadv2.jar

    • Size

      99KB

    • MD5

      268ed763643b70cb46f7216f02f7033b

    • SHA1

      69077e226f5364f0e1d615a3a4c7724da37567e2

    • SHA256

      29e4237083b27e476bc26facf963e2468a39689e818e226c03245b71dfcdeacc

    • SHA512

      9787d3b3fd234541d22b213025e4cc0ddd72f4d733b08023d672d4c1b448e25302b0bb82545ae5e4666a9967ad694e3d331ee563a27a2c4be3c2ee789644de14

    • SSDEEP

      1536:puXANuU4FZsnJG0ohR0QYyLHGz2ax5sbXAniMjsvvYOA9MzDeNMAgnLiNri4LuWF:aUgiG0ocQLG5s7MQYZ+zmNriY

    Score
    1/10
    • Target

      hideapi_hook.jar

    • Size

      4KB

    • MD5

      955f0b11b1bc554df2dcd9f2bd601295

    • SHA1

      1659fed5f8cff1551becb68985cdb201cf03208f

    • SHA256

      5da278a5ce80e7c782d418c6f5bc54c146b1c2b4da382e1325b314701d659ebd

    • SHA512

      d7f1689973c2aa19fad36162ee7a232451f506490c097d1608f399ca02487f770806b359af9108ff4af73e53a4874f8f2d2c096b38fee20ff2c4e123378f528f

    • SSDEEP

      96:EOHkVY2wdcFKYPXc1Xwbv8484/EV22Xnhcq8o9hTrvtN1XiFvi:EOH00uKYPcAbv848KEVnh8ovTjl8i

    Score
    1/10

MITRE ATT&CK Mobile v15

Tasks