General

  • Target

    6351b9fbee9c89d763bd4457380fa101_JaffaCakes118

  • Size

    10.4MB

  • Sample

    240521-ptljzsea34

  • MD5

    6351b9fbee9c89d763bd4457380fa101

  • SHA1

    17beaa4c8a37a2020fe4e03ed62f2abc88964198

  • SHA256

    63ce7ca37fe7cb1bccc42f720beaa38935229d59bb625ac3bbf40adca6754010

  • SHA512

    ae3bb1058d71fc566a1c0628e832d1e8da0493b1936b9e94df8bce9826bb8f5c8308d8b121201e5b6bbb02bf807cda1cb5f89a1710eeeb8733f235ec604bc4cb

  • SSDEEP

    196608:gCoLRtMzZqo2EpV/nU0tGPGMb8xncEv7LxlJ10fOTlW83CpzjaSA:gvRqNqob80t4banFv7Hz6Ok7/ZA

Malware Config

Targets

    • Target

      6351b9fbee9c89d763bd4457380fa101_JaffaCakes118

    • Size

      10.4MB

    • MD5

      6351b9fbee9c89d763bd4457380fa101

    • SHA1

      17beaa4c8a37a2020fe4e03ed62f2abc88964198

    • SHA256

      63ce7ca37fe7cb1bccc42f720beaa38935229d59bb625ac3bbf40adca6754010

    • SHA512

      ae3bb1058d71fc566a1c0628e832d1e8da0493b1936b9e94df8bce9826bb8f5c8308d8b121201e5b6bbb02bf807cda1cb5f89a1710eeeb8733f235ec604bc4cb

    • SSDEEP

      196608:gCoLRtMzZqo2EpV/nU0tGPGMb8xncEv7LxlJ10fOTlW83CpzjaSA:gvRqNqob80t4banFv7Hz6Ok7/ZA

    • Checks if the Android device is rooted.

    • Requests cell location

      Uses Android APIs to to get current cell location.

    • Checks CPU information

      Checks CPU information which indicate if the system is an emulator.

    • Checks memory information

      Checks memory information which indicate if the system is an emulator.

    • Obtains sensitive information copied to the device clipboard

      Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Queries information about the current nearby Wi-Fi networks

      Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

    • Queries the mobile country code (MCC)

    • Registers a broadcast receiver at runtime (usually for listening for system events)

    • Checks if the internet connection is available

    • Queries the unique device ID (IMEI, MEID, IMSI)

    • Reads information about phone network operator.

    • Listens for changes in the sensor environment (might be used to detect emulation)

MITRE ATT&CK Mobile v15

Tasks