General

  • Target

    58d7fd703e8c90253e91efb67c3f089f_JaffaCakes118

  • Size

    30.2MB

  • Sample

    240519-ghqessdb6x

  • MD5

    58d7fd703e8c90253e91efb67c3f089f

  • SHA1

    524892c08ce1e7ca576efe95e4fc8f6f9e4a2a51

  • SHA256

    96d61634f0d8be2c36df1a4cbfded39f1082a6e41ea68d88825df25a218babfe

  • SHA512

    f93074c711c6bc0fe47120090d6ac91789b9e38993ca41ff1083b4f0b396e0f2350c9aecc047cfa615ad0bbaf5a73e40890d9f49c634ae18c58ac69ebc9d4464

  • SSDEEP

    786432:GYa7x2kOKimoLqqu2i60613QjWpFdsp+BzNfixh:EtuutR6tsgvi

Malware Config

Targets

    • Target

      58d7fd703e8c90253e91efb67c3f089f_JaffaCakes118

    • Size

      30.2MB

    • MD5

      58d7fd703e8c90253e91efb67c3f089f

    • SHA1

      524892c08ce1e7ca576efe95e4fc8f6f9e4a2a51

    • SHA256

      96d61634f0d8be2c36df1a4cbfded39f1082a6e41ea68d88825df25a218babfe

    • SHA512

      f93074c711c6bc0fe47120090d6ac91789b9e38993ca41ff1083b4f0b396e0f2350c9aecc047cfa615ad0bbaf5a73e40890d9f49c634ae18c58ac69ebc9d4464

    • SSDEEP

      786432:GYa7x2kOKimoLqqu2i60613QjWpFdsp+BzNfixh:EtuutR6tsgvi

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Registers a broadcast receiver at runtime (usually for listening for system events)

    • Requests dangerous framework permissions

    • Target

      7723box_pjz.apk

    • Size

      1.3MB

    • MD5

      e289f461c283b18733dc096deb61d8c9

    • SHA1

      a1326cc213c071487c1b8ae26a0fa51fb41bedfc

    • SHA256

      85e97ed4033cdd94d5803837f1ae222809ca2e87d502c0bc2122427bd0119397

    • SHA512

      0eefaceed88dc68fa6e1ef532fd9d3a6312ae061e264d4d90918f9949741c83cf18a668dff99f90fa2193c69af81597f881f6e70a737802299fca387163ab797

    • SSDEEP

      24576:sPyqUePcCryD26+a2SHyAVHddI2gCGBS1G9lm3xcVcz0d8kM5NeRVWj:pqUePJWC6p9HRF/Id/oeVcAd8kM5Ne7k

    • Checks CPU information

      Checks CPU information which indicate if the system is an emulator.

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Acquires the wake lock

    • Checks if the internet connection is available

    • Reads information about phone network operator.

MITRE ATT&CK Mobile v15

Tasks