General
-
Target
663ca6d8781be948124cfb87703bac76_JaffaCakes118
-
Size
11.0MB
-
Sample
240522-gn6c7sed8t
-
MD5
663ca6d8781be948124cfb87703bac76
-
SHA1
a5d676290429b8e797ecd0e0463930da3c8eec35
-
SHA256
372b3e7a948880fc74bf1ae14b95db94e5f49a54d6183fc88e73472a25387b72
-
SHA512
455695df7257e18b5ca6e5bdb152475f405da2a62cff3c5d4dd355c9d277e610b7bd20a2a8ccbf3feafc0512d95d933332da98367dc5a9d925185ecaf8b18783
-
SSDEEP
196608:M6TmiERf8YP96RNveEzVpwmY8QSSEsW3FV7S1onb7Jpdu0o7ARZRqUbS6J/XbT:M6yhEYPILv5zVj0rOK+97u0eArRqMS61
Malware Config
Targets
-
-
Target
663ca6d8781be948124cfb87703bac76_JaffaCakes118
-
Size
11.0MB
-
MD5
663ca6d8781be948124cfb87703bac76
-
SHA1
a5d676290429b8e797ecd0e0463930da3c8eec35
-
SHA256
372b3e7a948880fc74bf1ae14b95db94e5f49a54d6183fc88e73472a25387b72
-
SHA512
455695df7257e18b5ca6e5bdb152475f405da2a62cff3c5d4dd355c9d277e610b7bd20a2a8ccbf3feafc0512d95d933332da98367dc5a9d925185ecaf8b18783
-
SSDEEP
196608:M6TmiERf8YP96RNveEzVpwmY8QSSEsW3FV7S1onb7Jpdu0o7ARZRqUbS6J/XbT:M6yhEYPILv5zVj0rOK+97u0eArRqMS61
Score8/10-
Checks if the Android device is rooted.
-
Checks CPU information
Checks CPU information which indicate if the system is an emulator.
-
Checks memory information
Checks memory information which indicate if the system is an emulator.
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries information about running processes on the device
Application may abuse the framework's APIs to collect information about running processes on the device.
-
Queries information about the current Wi-Fi connection
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries the phone number (MSISDN for GSM devices)
-
Registers a broadcast receiver at runtime (usually for listening for system events)
-
Checks if the internet connection is available
-
Queries the unique device ID (IMEI, MEID, IMSI)
-
Reads information about phone network operator.
-
-
-
Target
register.jar
-
Size
117KB
-
MD5
a00fee52f331e3917e22ceccd72c788d
-
SHA1
4d272e26d7f888d4014d976b30c78535d70ae03b
-
SHA256
8dc6319d14ac0d11c0bf0eb69647a043908f5b9c2db7c0b1eead38e9567ea69a
-
SHA512
76a57a5a8b3c091931d74bf7846c2d04cad3b3ae95411bf47910d04b84dca79b2a154cc1e54235c7019e95429c91bd6645cf0269d21ef79406356de97ebe572e
-
SSDEEP
1536:npp+E9NVq38fxz1EQEUvHCvqHDIEMvxK9hFzfHMrTdQKpgIFf7+V7faG5+WNmj+3:p1mEH3WvqH0Egx/eigG8T+WM+MtVK
Score7/10-
Registers a broadcast receiver at runtime (usually for listening for system events)
-
-
-
Target
vending.jar
-
Size
222KB
-
MD5
0670852d5867fd5f5a7462fd68fbb42f
-
SHA1
b286be0a939773f42b70e1e4a064540a0f5e1f2d
-
SHA256
894ab690f200185ab8aa85f5937d30c7262cb3f285f788c872caa21e6f5e50c0
-
SHA512
0e677e4c241b5bb36b5f2fc94555f504ad2a52f95cc224b4cb6dbb1187c7ef043ab47aac401181b5da03ece382396b100dec75e0c04c04a00adc0ff9e29f024d
-
SSDEEP
6144:saFQ5FQVIUXs/4AcotSbpxLk+5Ity6srYVx6dt:sKVIWsQIEbpxLlityhKU
Score7/10-
Checks CPU information
Checks CPU information which indicate if the system is an emulator.
-
Checks memory information
Checks memory information which indicate if the system is an emulator.
-
Obtains sensitive information copied to the device clipboard
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Queries the mobile country code (MCC)
-
Registers a broadcast receiver at runtime (usually for listening for system events)
-
Checks if the internet connection is available
-
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Defense Evasion
Download New Code at Runtime
1Foreground Persistence
1Virtualization/Sandbox Evasion
2System Checks
2