General
-
Target
68153348e95a2fc5fa214ba287ba4678_JaffaCakes118
-
Size
15.6MB
-
Sample
240522-wbw2bsah29
-
MD5
68153348e95a2fc5fa214ba287ba4678
-
SHA1
9b7e0d5d87ad1e7df429a665091c8ee5d4f56405
-
SHA256
3a1feb3a45aa2775c57d682586522c0e778d3b0a468dcc8f212ffa69b9541ca1
-
SHA512
e4ebcb3e0671dce4db16ea52fc2af8c595672f71ec5527e4b6951211eb8633e9010d0f4000681c38a75a320fae8d2de98747fe3c6b74c9f5189c27c036b7f8df
-
SSDEEP
393216:w5pnLjMlfGlqX3x2X7v0JJ8CWisF3/NLLBIl:upLtlqHxIvoKCLkC
Malware Config
Targets
-
-
Target
68153348e95a2fc5fa214ba287ba4678_JaffaCakes118
-
Size
15.6MB
-
MD5
68153348e95a2fc5fa214ba287ba4678
-
SHA1
9b7e0d5d87ad1e7df429a665091c8ee5d4f56405
-
SHA256
3a1feb3a45aa2775c57d682586522c0e778d3b0a468dcc8f212ffa69b9541ca1
-
SHA512
e4ebcb3e0671dce4db16ea52fc2af8c595672f71ec5527e4b6951211eb8633e9010d0f4000681c38a75a320fae8d2de98747fe3c6b74c9f5189c27c036b7f8df
-
SSDEEP
393216:w5pnLjMlfGlqX3x2X7v0JJ8CWisF3/NLLBIl:upLtlqHxIvoKCLkC
Score8/10-
Checks if the Android device is rooted.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
-
Requests cell location
Uses Android APIs to to get current cell location.
-
Checks CPU information
Checks CPU information which indicate if the system is an emulator.
-
Checks known Qemu files.
Checks for known Qemu files that exist on Android virtual device images.
-
Checks known Qemu pipes.
Checks for known pipes used by the Android emulator to communicate with the host.
-
Checks memory information
Checks memory information which indicate if the system is an emulator.
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Obtains sensitive information copied to the device clipboard
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Queries information about running processes on the device
Application may abuse the framework's APIs to collect information about running processes on the device.
-
Queries information about the current Wi-Fi connection
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries information about the current nearby Wi-Fi networks
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
-
Queries the mobile country code (MCC)
-
Queries the phone number (MSISDN for GSM devices)
-
Registers a broadcast receiver at runtime (usually for listening for system events)
-
Acquires the wake lock
-
Checks if the internet connection is available
-
Queries the unique device ID (IMEI, MEID, IMSI)
-
Reads device software version
Uses Android APIs to read software version number for the device (IMEI/SV for GSM devices).
-
Checks the presence of a debugger
-
-
-
Target
plugin-deploy.jar
-
Size
213KB
-
MD5
e70723b8f6c4c7c09a6019733022cf53
-
SHA1
e3ca32166c65e4dc73c21347ab22d54a7b5a9a83
-
SHA256
32d35cd80b0302e3fcdd7349b4ff9a7b689ce080435109607ff79a834ff710d5
-
SHA512
461c0499193c5ef5aa4e2e5d358031e7d28c98c8e1e38d22b710271bf3b561c28232bfaadbc2c275357e31b7b0ad6bca798008328ac3cff3701c1c9cca2ddddd
-
SSDEEP
6144:zIojh8YSG6e3Q7RZddAOKofd3yugpauc79lPcJJ6:Uoj2Ytg7RXdJfRyuVuCoJo
Score1/10 -