General

  • Target

    5f27dd84cb04b3afdf8c6128d1c70c88_JaffaCakes118

  • Size

    6.6MB

  • Sample

    240520-p1w93abd22

  • MD5

    5f27dd84cb04b3afdf8c6128d1c70c88

  • SHA1

    13c3fc0d0089a3f18e0e4986be57e31797c9f49d

  • SHA256

    2912101be6902d0679f88c0d9174cc737bc1c63fa61c16d0cad93ea0b169583a

  • SHA512

    cc707ad990a1cc33f048a113a65b82170dd2290e3e8bbeab5db5da53d4384bcd2ff3072a8f01e4a0f09b8afa8b1786c64ca34de7f67d5257fb7fedf59b58f996

  • SSDEEP

    196608:bXY4z6xeDhge+PZSKyaR0PESdEVCnMrIi0WOf0KT:bI4z6xeVkmWf+EeM8tf5T

Malware Config

Targets

    • Target

      5f27dd84cb04b3afdf8c6128d1c70c88_JaffaCakes118

    • Size

      6.6MB

    • MD5

      5f27dd84cb04b3afdf8c6128d1c70c88

    • SHA1

      13c3fc0d0089a3f18e0e4986be57e31797c9f49d

    • SHA256

      2912101be6902d0679f88c0d9174cc737bc1c63fa61c16d0cad93ea0b169583a

    • SHA512

      cc707ad990a1cc33f048a113a65b82170dd2290e3e8bbeab5db5da53d4384bcd2ff3072a8f01e4a0f09b8afa8b1786c64ca34de7f67d5257fb7fedf59b58f996

    • SSDEEP

      196608:bXY4z6xeDhge+PZSKyaR0PESdEVCnMrIi0WOf0KT:bI4z6xeVkmWf+EeM8tf5T

    • Checks if the Android device is rooted.

    • Removes its main activity from the application launcher

    • Checks CPU information

      Checks CPU information which indicate if the system is an emulator.

    • Checks memory information

      Checks memory information which indicate if the system is an emulator.

    • Obtains sensitive information copied to the device clipboard

      Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

    • Queries the mobile country code (MCC)

    • Registers a broadcast receiver at runtime (usually for listening for system events)

    • Acquires the wake lock

    • Checks if the internet connection is available

    • Schedules tasks to execute at a specified time

      Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

MITRE ATT&CK Matrix

Tasks