General

  • Target

    58e16444ee406d5690c6275a6f103a35_JaffaCakes118

  • Size

    4.0MB

  • Sample

    240519-gntz6sde62

  • MD5

    58e16444ee406d5690c6275a6f103a35

  • SHA1

    04d34c5192e787e18d0dcbae70e73af18061be25

  • SHA256

    e9ec533a3b7fea8d487d3ad712def1447a667575e84ea3c41bb2c568c6b1be73

  • SHA512

    9ff4e4bc06ed93f7c792140d4530f25d51ad4c5fdf077aaedd06082077f554e70462453a51d89f3a366dc9984c0cfe9dda46b2749807113c659f86132c85c3a7

  • SSDEEP

    98304:1gyiFOTin6up57LDiTjcfNW1y6JOhoSW5C8tLiU1v4umhu2vhnneGuYerO7eoAj9:0CaOT4W3QyTliUqBuIhnnDPejj9

Malware Config

Targets

    • Target

      58e16444ee406d5690c6275a6f103a35_JaffaCakes118

    • Size

      4.0MB

    • MD5

      58e16444ee406d5690c6275a6f103a35

    • SHA1

      04d34c5192e787e18d0dcbae70e73af18061be25

    • SHA256

      e9ec533a3b7fea8d487d3ad712def1447a667575e84ea3c41bb2c568c6b1be73

    • SHA512

      9ff4e4bc06ed93f7c792140d4530f25d51ad4c5fdf077aaedd06082077f554e70462453a51d89f3a366dc9984c0cfe9dda46b2749807113c659f86132c85c3a7

    • SSDEEP

      98304:1gyiFOTin6up57LDiTjcfNW1y6JOhoSW5C8tLiU1v4umhu2vhnneGuYerO7eoAj9:0CaOT4W3QyTliUqBuIhnnDPejj9

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Checks CPU information

      Checks CPU information which indicate if the system is an emulator.

    • Checks memory information

      Checks memory information which indicate if the system is an emulator.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Queries the mobile country code (MCC)

    • Queries the phone number (MSISDN for GSM devices)

    • Reads the content of the SMS messages.

    • Registers a broadcast receiver at runtime (usually for listening for system events)

    • Checks if the internet connection is available

    • Requests dangerous framework permissions

    • Schedules tasks to execute at a specified time

      Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

MITRE ATT&CK Mobile v15

Tasks