General

  • Target

    6b2b06dd4a7a54a382115a8ab7717d64_JaffaCakes118

  • Size

    31.1MB

  • Sample

    240523-rapteade2v

  • MD5

    6b2b06dd4a7a54a382115a8ab7717d64

  • SHA1

    b95bd36e103872670605d016db486a36cdacc1fd

  • SHA256

    4495fbbd10e073de7ef78abee8941b916738175c7e4e78f38b4c8af3fe4cf04f

  • SHA512

    1438bbe67c3c6cbaccbafc93e6e5e21e5d5d72ddbd4f7f66225c74ea4c58576b6a51a057262f49d30cb3b08cf3727ef90f01a3acf5c55587736a4e191e03f089

  • SSDEEP

    786432:WT9CLYZQ1c+Qtl+w9mGkt1RheNmIAgv5/YB8l3+sus/AMtgsG:IIcjtcwzo6NTBYY3NJ/AMLG

Malware Config

Targets

    • Target

      6b2b06dd4a7a54a382115a8ab7717d64_JaffaCakes118

    • Size

      31.1MB

    • MD5

      6b2b06dd4a7a54a382115a8ab7717d64

    • SHA1

      b95bd36e103872670605d016db486a36cdacc1fd

    • SHA256

      4495fbbd10e073de7ef78abee8941b916738175c7e4e78f38b4c8af3fe4cf04f

    • SHA512

      1438bbe67c3c6cbaccbafc93e6e5e21e5d5d72ddbd4f7f66225c74ea4c58576b6a51a057262f49d30cb3b08cf3727ef90f01a3acf5c55587736a4e191e03f089

    • SSDEEP

      786432:WT9CLYZQ1c+Qtl+w9mGkt1RheNmIAgv5/YB8l3+sus/AMtgsG:IIcjtcwzo6NTBYY3NJ/AMLG

    • Checks if the Android device is rooted.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Checks CPU information

      Checks CPU information which indicate if the system is an emulator.

    • Checks memory information

      Checks memory information which indicate if the system is an emulator.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Obtains sensitive information copied to the device clipboard

      Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    • Queries account information for other applications stored on the device

      Application may abuse the framework's APIs to collect account information stored on the device.

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

    • Queries the mobile country code (MCC)

    • Queries the phone number (MSISDN for GSM devices)

    • Registers a broadcast receiver at runtime (usually for listening for system events)

    • Checks if the internet connection is available

    • Queries the unique device ID (IMEI, MEID, IMSI)

    • Reads information about phone network operator.

MITRE ATT&CK Mobile v15

Tasks