General
-
Target
6a5aa10d1bb1c001060b40745ec030d3_JaffaCakes118
-
Size
18.9MB
-
Sample
240523-kf28csah46
-
MD5
6a5aa10d1bb1c001060b40745ec030d3
-
SHA1
44826c73c6dc795bcc7c2d3d1b0582dd8bd3fcb5
-
SHA256
3803ebef8dfa7d847caad81a7fb69ac124bf07afb904eb608374d0ae7fe97bc8
-
SHA512
69e70a255608de3bec3f74b4882da4f3f946518d6675becfd52d7bee230574f61e0a741fd2ecb0d76ff96bc650f527b1dd41336d01ba3656061d107415c2aa8b
-
SSDEEP
393216:yYfJ6URycycy69Ysy2YWH694747l75e2nycOZ6zuSMUk+qJ:+U8kYsy/5flE2nPOZQlk+qJ
Static task
static1
Malware Config
Targets
-
-
Target
6a5aa10d1bb1c001060b40745ec030d3_JaffaCakes118
-
Size
18.9MB
-
MD5
6a5aa10d1bb1c001060b40745ec030d3
-
SHA1
44826c73c6dc795bcc7c2d3d1b0582dd8bd3fcb5
-
SHA256
3803ebef8dfa7d847caad81a7fb69ac124bf07afb904eb608374d0ae7fe97bc8
-
SHA512
69e70a255608de3bec3f74b4882da4f3f946518d6675becfd52d7bee230574f61e0a741fd2ecb0d76ff96bc650f527b1dd41336d01ba3656061d107415c2aa8b
-
SSDEEP
393216:yYfJ6URycycy69Ysy2YWH694747l75e2nycOZ6zuSMUk+qJ:+U8kYsy/5flE2nPOZQlk+qJ
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Checks if the Android device is rooted.
-
Checks Android system properties for emulator presence.
-
Checks known Qemu files.
Checks for known Qemu files that exist on Android virtual device images.
-
Queries information about running processes on the device
Application may abuse the framework's APIs to collect information about running processes on the device.
-
Queries information about the current Wi-Fi connection
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries the mobile country code (MCC)
-
Registers a broadcast receiver at runtime (usually for listening for system events)
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Checks if the internet connection is available
-
Queries the unique device ID (IMEI, MEID, IMSI)
-
Reads information about phone network operator.
-
Schedules tasks to execute at a specified time
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
-
Listens for changes in the sensor environment (might be used to detect emulation)
-