General

  • Target

    56c181cf11d792995c997dfab5e16a3a_JaffaCakes118

  • Size

    27.8MB

  • Sample

    240518-zr5j7afb8t

  • MD5

    56c181cf11d792995c997dfab5e16a3a

  • SHA1

    982b85bc4f2ff526fc22fc1cfa162f30069ae13c

  • SHA256

    ffd04aef0cae58ef118fac757f018e9eb8449a72ff68dc3ecca3dddb6bd07ec3

  • SHA512

    576ecb6bfd87aa1353b60562df8e57f85a481a945d94cbe0a821c7bcd80a9ab0d16ac469699efb0e9afba083eecf1f7216e2b24d770aed02969d5bec6e8082ac

  • SSDEEP

    786432:/eO87hrTI78TpYckA9DKXDCvoo7+IRvwF/iAg7e3C1Mj:P81QCpYckmuCCIGF/A7m

Malware Config

Targets

    • Target

      56c181cf11d792995c997dfab5e16a3a_JaffaCakes118

    • Size

      27.8MB

    • MD5

      56c181cf11d792995c997dfab5e16a3a

    • SHA1

      982b85bc4f2ff526fc22fc1cfa162f30069ae13c

    • SHA256

      ffd04aef0cae58ef118fac757f018e9eb8449a72ff68dc3ecca3dddb6bd07ec3

    • SHA512

      576ecb6bfd87aa1353b60562df8e57f85a481a945d94cbe0a821c7bcd80a9ab0d16ac469699efb0e9afba083eecf1f7216e2b24d770aed02969d5bec6e8082ac

    • SSDEEP

      786432:/eO87hrTI78TpYckA9DKXDCvoo7+IRvwF/iAg7e3C1Mj:P81QCpYckmuCCIGF/A7m

    • Checks if the Android device is rooted.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Requests cell location

      Uses Android APIs to to get current cell location.

    • Checks CPU information

      Checks CPU information which indicate if the system is an emulator.

    • Queries account information for other applications stored on the device

      Application may abuse the framework's APIs to collect account information stored on the device.

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Registers a broadcast receiver at runtime (usually for listening for system events)

    • Checks if the internet connection is available

    • Schedules tasks to execute at a specified time

      Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    • Listens for changes in the sensor environment (might be used to detect emulation)

    • Target

      360sdk_1_2148.zip

    • Size

      5.6MB

    • MD5

      207987a30203cbaea48a8df80f920500

    • SHA1

      69312ab6e46753ef2fd903616828914003b70435

    • SHA256

      daf9d4954c750da740e3ede04a627b6607e532d36babf4d86bdd23b8fa1931b0

    • SHA512

      ab110eaf1afa77c11ee22f6bbf7039e7fa9adaf93eaa4bdc735fa878f247977b3fd9747d9742ae3d1902edd3cd2468ade4d14449d4b40d77fc06625d12db51fb

    • SSDEEP

      98304:YQ/Dn09Lvk3q2Xu2fpFc1nFBFgU2rZ1kpswCz/y3zgyg/clh7jAfSgx7hSva/FmV:f/T09Lvk3y2fqFvik7Cz/yUohnuSW7hQ

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

    • Registers a broadcast receiver at runtime (usually for listening for system events)

    • Checks if the internet connection is available

    • Target

      360sdk_3_1000.zip

    • Size

      1.7MB

    • MD5

      1e9aa09b41624c4ab3dfa530fd1078e9

    • SHA1

      32896aa59fd6f1509f4f46ec4eebb496658f91aa

    • SHA256

      fdd2ac00ca6342d0ad1a684ab5ff6e683b2b56891ae08e6a16578892977e50b7

    • SHA512

      9ec9ffacd3db5ab686eed1f68ea8f466030301cebb510ec3a9f3ffb6dc94277d4afba85a92bf7c3679c3fd6ecedad486fdc07adb152a77ec4ddce9dd943d40f5

    • SSDEEP

      49152:ktqW6lW3LwyQmpkUTtjB0osrxHwD7lKHN:6qW6CLwQp/TT8rx6KHN

    • Registers a broadcast receiver at runtime (usually for listening for system events)

    • Checks if the internet connection is available

    • Queries the unique device ID (IMEI, MEID, IMSI)

MITRE ATT&CK Mobile v15

Tasks