General
-
Target
5d830f828df105d3efd3e6231b35ec66_JaffaCakes118
-
Size
31.7MB
-
Sample
240520-gnkrhafb51
-
MD5
5d830f828df105d3efd3e6231b35ec66
-
SHA1
4a542b00f73b6b3138868ad16fe8054845875be1
-
SHA256
16fbf8533d2fc296b045b899917fd00be8fd5b7aa750cd2865d06ccba00aa929
-
SHA512
55c2ca3b56c848239b161e0c17add79339b8e8bb644484070d058ad7f181e943641d632ceeaa9494b73751f3ef288140c4c10bb368997ba6dda2733d48c30d50
-
SSDEEP
786432:98onQlUZocBqv1RYphfAyWEwGEChfAyWLrg3baCaORfeB0xo:/ZvYvklzVlZ3baCaO+0i
Malware Config
Extracted
joker
http://api.exc.mob.com:80
http://loc.map.baidu.com/offline_loc
https://readapi.imread.com/api/upgrade/v1/sdk/getBook
Targets
-
-
Target
5d830f828df105d3efd3e6231b35ec66_JaffaCakes118
-
Size
31.7MB
-
MD5
5d830f828df105d3efd3e6231b35ec66
-
SHA1
4a542b00f73b6b3138868ad16fe8054845875be1
-
SHA256
16fbf8533d2fc296b045b899917fd00be8fd5b7aa750cd2865d06ccba00aa929
-
SHA512
55c2ca3b56c848239b161e0c17add79339b8e8bb644484070d058ad7f181e943641d632ceeaa9494b73751f3ef288140c4c10bb368997ba6dda2733d48c30d50
-
SSDEEP
786432:98onQlUZocBqv1RYphfAyWEwGEChfAyWLrg3baCaORfeB0xo:/ZvYvklzVlZ3baCaO+0i
Score8/10-
Checks if the Android device is rooted.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
-
Requests cell location
Uses Android APIs to to get current cell information.
-
Checks CPU information
Checks CPU information which indicate if the system is an emulator.
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries information about running processes on the device
Application may abuse the framework's APIs to collect information about running processes on the device.
-
Queries information about the current Wi-Fi connection
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries information about the current nearby Wi-Fi networks
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
-
Registers a broadcast receiver at runtime (usually for listening for system events)
-
Acquires the wake lock
-
Checks if the internet connection is available
-
Reads information about phone network operator.
-
-
-
Target
com.anzogame.yys.plug.pkg
-
Size
9.5MB
-
MD5
3ba7605de2df154d45704b1d8afef130
-
SHA1
38efbf943056fab575c7f70065c652cba3c73951
-
SHA256
698671a7f9a84969cbedb069a71cbcde07201bc5e07ffcdff7a0468c600b815a
-
SHA512
c610fe9644be3bc7eb60530caa5ce55ded1d533f17e72283bb2c271f9154f48f6e8aa200a6ec6cefe6ad135c65671d86108c76cf6926be1863fa09342a75fc3f
-
SSDEEP
196608:0+Lk2rVEtBiy8/ZTdabRB6IqIhOsJuL32IlJIEbHCMvknjEBQYkC1AbiH0Jd:tLk2q6x0bv8sMjLpv+j0kC1Abw8
Score1/10 -
-
-
Target
com.anzogame.yys.plug.pkg
-
Size
4.9MB
-
MD5
23a3b474cc7c3d28dae10ec5e0d390c5
-
SHA1
0ccf3b85d448870bae27352d23b30c29033506d3
-
SHA256
dd2ccf65b2789ebc97451be1d18a087028030b05aa443743f9410e9267a89536
-
SHA512
e4679d27d3391ecd99aad246960201202705e2df622275637d0e34cd4aca33412ec4ec4036d43a1d6af77587cd8767cf1d316fbbec12d82deee5d4c48c13dbf8
-
SSDEEP
98304:g+ExGn8jqKSIN7BSlDpIzBLA3NS0KgGqxAWMY/oakbD:g+EsnrON7EDpI634079xJ/ga2
Score1/10 -
-
-
Target
imread.src
-
Size
1.3MB
-
MD5
df2ae6129a8f0eedddcf8d8157d45c25
-
SHA1
3a36f636f2324d98a90aaa2bc78dd769026dc4b1
-
SHA256
0a7fdec3cada01027ddb25e33832374d94a8a1bdf3b634901640d1d12c995348
-
SHA512
199110ce7650b86688fcc32504224780a4709d01ad37d307e3939d9f7bb48d74fcf47d92e4deec41e595ecf76d7ae22cd48de33d16dfbcd0b29b54c2877f3134
-
SSDEEP
24576:NfryxzHpeNa9qLimWewmThX2ijMmA+0ZzaJjOSIkZWgBmF4/A:xCen7Bw02NmAHZzaJjOSIkcgEOA
Score1/10 -
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Defense Evasion
Foreground Persistence
1Virtualization/Sandbox Evasion
1System Checks
1