General

  • Target

    62ee30709da99c9475d8635d1e3692f8_JaffaCakes118

  • Size

    31.1MB

  • Sample

    240521-l96cjshg6s

  • MD5

    62ee30709da99c9475d8635d1e3692f8

  • SHA1

    a8def8cb0eeed908c86243d9f2c2bdabce4f9c39

  • SHA256

    b1aaeca1dfbbe36bc2c435485980e7792fa2976bec45411f763b9ab98b7c801a

  • SHA512

    614282b61ecd7def4449c4f8a9b6de99a260f26c525a5fec240b2a39d935b63ee4ad797a619d81efcda39da17c7638ca7db380622e94dc7a1a7910aa01904070

  • SSDEEP

    786432:SGIj9BtQQ+8JPb6l/Qskvlla2yIPiU3zlZ+9q:SXBvQb8lY/XsDVzzx

Malware Config

Targets

    • Target

      62ee30709da99c9475d8635d1e3692f8_JaffaCakes118

    • Size

      31.1MB

    • MD5

      62ee30709da99c9475d8635d1e3692f8

    • SHA1

      a8def8cb0eeed908c86243d9f2c2bdabce4f9c39

    • SHA256

      b1aaeca1dfbbe36bc2c435485980e7792fa2976bec45411f763b9ab98b7c801a

    • SHA512

      614282b61ecd7def4449c4f8a9b6de99a260f26c525a5fec240b2a39d935b63ee4ad797a619d81efcda39da17c7638ca7db380622e94dc7a1a7910aa01904070

    • SSDEEP

      786432:SGIj9BtQQ+8JPb6l/Qskvlla2yIPiU3zlZ+9q:SXBvQb8lY/XsDVzzx

    • Checks if the Android device is rooted.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Requests cell location

      Uses Android APIs to to get current cell information.

    • Checks Android system properties for emulator presence.

    • Checks CPU information

      Checks CPU information which indicate if the system is an emulator.

    • Checks known Qemu files.

      Checks for known Qemu files that exist on Android virtual device images.

    • Checks known Qemu pipes.

      Checks for known pipes used by the Android emulator to communicate with the host.

    • Checks memory information

      Checks memory information which indicate if the system is an emulator.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Obtains sensitive information copied to the device clipboard

      Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Queries information about the current nearby Wi-Fi networks

      Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

    • Queries the mobile country code (MCC)

    • Queries the phone number (MSISDN for GSM devices)

    • Registers a broadcast receiver at runtime (usually for listening for system events)

    • Checks if the internet connection is available

    • Queries the unique device ID (IMEI, MEID, IMSI)

    • Reads device software version

      Uses Android APIs to read software version number for the device (IMEI/SV for GSM devices).

    • Reads information about phone network operator.

    • Checks the presence of a debugger

    • Listens for changes in the sensor environment (might be used to detect emulation)

MITRE ATT&CK Mobile v15

Tasks