General

  • Target

    6d1090475dfafb583e9906e39e2bdac1_JaffaCakes118

  • Size

    31.2MB

  • Sample

    240524-cze8yaab52

  • MD5

    6d1090475dfafb583e9906e39e2bdac1

  • SHA1

    e7653db3659220ae12faf35d9787ba42b23ff2ca

  • SHA256

    816aa0e670012ff7a9e91fbdd65c56754c32ca54ea1793b9bb6921fc19ad98fc

  • SHA512

    a7b9c63e6acd7c983aebb111890d4c648ad4452d551b12c4e8a53450fbbc0a95b68d75516b97edaede4a0acf9c7c91bd47f950573230baf942e8592f47a80108

  • SSDEEP

    786432:e99WT2BhtlANLzRGMHnS2a6oczh1Bvhsfs75JV:e99WT2sJtHvHockfslJV

Malware Config

Targets

    • Target

      6d1090475dfafb583e9906e39e2bdac1_JaffaCakes118

    • Size

      31.2MB

    • MD5

      6d1090475dfafb583e9906e39e2bdac1

    • SHA1

      e7653db3659220ae12faf35d9787ba42b23ff2ca

    • SHA256

      816aa0e670012ff7a9e91fbdd65c56754c32ca54ea1793b9bb6921fc19ad98fc

    • SHA512

      a7b9c63e6acd7c983aebb111890d4c648ad4452d551b12c4e8a53450fbbc0a95b68d75516b97edaede4a0acf9c7c91bd47f950573230baf942e8592f47a80108

    • SSDEEP

      786432:e99WT2BhtlANLzRGMHnS2a6oczh1Bvhsfs75JV:e99WT2sJtHvHockfslJV

    • Checks if the Android device is rooted.

    • Requests cell location

      Uses Android APIs to to get current cell location.

    • Checks Android system properties for emulator presence.

    • Checks CPU information

      Checks CPU information which indicate if the system is an emulator.

    • Checks memory information

      Checks memory information which indicate if the system is an emulator.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Registers a broadcast receiver at runtime (usually for listening for system events)

    • Checks if the internet connection is available

    • Queries the unique device ID (IMEI, MEID, IMSI)

    • Reads information about phone network operator.

    • Schedules tasks to execute at a specified time

      Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    • Listens for changes in the sensor environment (might be used to detect emulation)

    • Target

      lbmust.jar

    • Size

      69KB

    • MD5

      993b627501769474ddf9105ce850fd27

    • SHA1

      1a99da904131ae38cc30230bd7a6b775e9f3de90

    • SHA256

      bc5a1168b0ff68c224878929d0c552900597980c36352bb095afa17af25ff687

    • SHA512

      1906c545ec165fc99d980bec54ea172499a0994ed6deea6454a19b3151ed162b914dd3d61a24e216f67454d0e3f7cd51020a646cc0f1a0988bd7d1690d2fd4d3

    • SSDEEP

      768:l6Z+QyixHFL/C+MbGDPkpC/JqEf2UMoFqcLCyzlx1Ow3/RVd0A9nRYHFZAXQiyJ7:l69FHEGQpdQxzlx7VukAKXQl7LHJT

    Score
    1/10
    • Target

      lbsdk.jar

    • Size

      729KB

    • MD5

      435029cc1bec498d4030400cde2bbcaf

    • SHA1

      8b2967c9ebb1d803f03358e34fb1502bd6327616

    • SHA256

      19b220d1c69ea670ddbf624ee29fb7392288c265913fa3f2b6e2d1528975b060

    • SHA512

      56bdc9caa65d6789d9e281dcb7d4f06a07a3830332d44c499f123386cded43f61ff8b642a4b78b638a57906dfc362b63db9349cc23366ce8367775392e5e009f

    • SSDEEP

      12288:TO9/T4/K+ygs1MmnpQEe2RAI/n70qNSfpG+Brzng2jKA7o8QMbbjhLaDZR0WUHr4:TO9/T4/sfxQARAI/wqNOBPg2W2PQMb/4

    Score
    1/10
    • Target

      lbui.jar

    • Size

      218KB

    • MD5

      fc73bbf7389b46bd39d7e3c17526fc0f

    • SHA1

      85a09b5f89f28f880c54a6c2647cab8a6183dd25

    • SHA256

      48a52a5e9db4691d9e2168e0c05a41d34e0cff117ba3c5d482776204695f2b60

    • SHA512

      8ab4fd027944e8a4af32c843048b4d74bce02d664fbc36a9771631281bc40064551e00c8d02d75142d821eae284a229eaa4fa52e098d62b7966c30d74ae0ed02

    • SSDEEP

      3072:0upJH92XedxmdxZSNI715vetsVkIlKcrDad0VQeStwsvSRK/Uq:uUxmdxEU/hVkIlVDad0V0twsvqK/Uq

    Score
    1/10
    • Target

      lbvmrt.jar

    • Size

      1.4MB

    • MD5

      e2c0819fb259b76665058d1e9a647e24

    • SHA1

      4f8ef969456a0eb7b53bad8e09ca05dc4529e479

    • SHA256

      a80e8411e6e7fce31b5ba9305cf6db1ca84c59f4941fa141939a325327e925cb

    • SHA512

      38d9567c698d6af50286b398045c487a9d413fc30ebfbe3faaddaf50c73e1a11e6b60f284626dc5afb1cff9977f3790b54c737d376cd74087d0763e40f63ab22

    • SSDEEP

      24576:KQqVEIzr8ai1/Jszc6i2wnzDjkte4QndGjWAsIK/F2Q3gFPj7EdOW3k4gskAgF:KQuzrzYJg9szDjkte4oGjWDF2Q3yjoFU

    Score
    1/10
    • Target

      vivounionapk_v4.2.4.0_d74cb3a_201808271150_signed_aligned.vua

    • Size

      4.2MB

    • MD5

      3200674229ed57cf762fc3d8c5137b55

    • SHA1

      0896d5f138545dc9ddbf0003518880d745c8fe0e

    • SHA256

      333ee74803ab4b114d6217250623869c751a00f4748c826c19ffcd7b29476195

    • SHA512

      31c96314a2b0d80ef3d6c04c0a6894b6a8ebff7e501fd48499ea0e12969ba4ac00cdd844caf839a16cdcffa5b51ee2f33af36a578dfd450c79c7e2bbc0c521ff

    • SSDEEP

      98304:aQn4W5hESDzkY18DTTcDPPIKGPBhFI+sqFkSOO:aQ4W5hEIkg8DTTcDPPIK+HFknO

    Score
    7/10
    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

    • Queries the unique device ID (IMEI, MEID, IMSI)

    • Target

      vivounionsdk.res

    • Size

      29KB

    • MD5

      7a92466708fa1ae45c5585a5b986f5aa

    • SHA1

      e9e8e0dc60208b7a8b64a65550442a73f1166c30

    • SHA256

      cc8416f87003538f2c8ea5280a7eaebfb40597b6ebdcc33c4fa64b0cf08d3b73

    • SHA512

      026dec17ed60d89257c8cb7873a0ccc0de910aad6706f1bbb7936229d7074b9542b7b80a2040f466c64e6cf8896e8531ee01ed7acbfa6a7ed90637a5fe2d477d

    • SSDEEP

      384:RAhiLwh2JKStCYi7PSSDq41bVjDIcRy3ftLYHiLaBsKFj+C:RAV2wYnSDqojDIcsfiHiG3l

    Score
    1/10

MITRE ATT&CK Matrix

Tasks