General

  • Target

    58fb5b58c0a4abd717a52debbc4fd117_JaffaCakes118

  • Size

    19.1MB

  • Sample

    240519-g6hpvsed48

  • MD5

    58fb5b58c0a4abd717a52debbc4fd117

  • SHA1

    21fcd420f183275a9d82748057f18df42a0dc80c

  • SHA256

    8d31255b638e531065206f1a8d87db546db8c690b77a34c20bd9d53effd57401

  • SHA512

    67c0460090eaf9a5f092c8dcca2e83c4f8dfba08589d4ed1a4bb7a81e2c7b7b7a7afb34834713aa65e1e4803001a752dd4f93026609235288076fd47ee602e5b

  • SSDEEP

    393216:B3e3eeR13mnW4JXkmt66oMNeQ+GVHGERodkGAJ4XSe4YCgopRuSh:Bu3eKknW4JUt6bNRHV6dwJ4XSe4fgouA

Malware Config

Targets

    • Target

      58fb5b58c0a4abd717a52debbc4fd117_JaffaCakes118

    • Size

      19.1MB

    • MD5

      58fb5b58c0a4abd717a52debbc4fd117

    • SHA1

      21fcd420f183275a9d82748057f18df42a0dc80c

    • SHA256

      8d31255b638e531065206f1a8d87db546db8c690b77a34c20bd9d53effd57401

    • SHA512

      67c0460090eaf9a5f092c8dcca2e83c4f8dfba08589d4ed1a4bb7a81e2c7b7b7a7afb34834713aa65e1e4803001a752dd4f93026609235288076fd47ee602e5b

    • SSDEEP

      393216:B3e3eeR13mnW4JXkmt66oMNeQ+GVHGERodkGAJ4XSe4YCgopRuSh:Bu3eKknW4JUt6bNRHV6dwJ4XSe4fgouA

    • Checks if the Android device is rooted.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Checks Android system properties for emulator presence.

    • Checks CPU information

      Checks CPU information which indicate if the system is an emulator.

    • Checks known Qemu files.

      Checks for known Qemu files that exist on Android virtual device images.

    • Checks known Qemu pipes.

      Checks for known pipes used by the Android emulator to communicate with the host.

    • Checks memory information

      Checks memory information which indicate if the system is an emulator.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Queries the mobile country code (MCC)

    • Registers a broadcast receiver at runtime (usually for listening for system events)

    • Checks if the internet connection is available

    • Queries the unique device ID (IMEI, MEID, IMSI)

    • Reads information about phone network operator.

MITRE ATT&CK Mobile v15

Tasks