General

  • Target

    6b1527e8faac12a1d1633d82d2a618d2_JaffaCakes118

  • Size

    263KB

  • Sample

    240524-z3qv6sbc3z

  • MD5

    6b1527e8faac12a1d1633d82d2a618d2

  • SHA1

    68c36b4ed4f9afb168d3fc69e840b14e44853826

  • SHA256

    d3dfa26905108cb7239d74c17ad7b326cd9c603febb512deca55435bea7dc88d

  • SHA512

    b9e8ff0ddcb5bed5b1ef8c376205c7264e89612ccb6884f34b7d3d7bf1962e0f9f7c1164fa4d0d7d5fab1af078a99a6b1dca543ac792b869ec7565863d3a9e35

  • SSDEEP

    6144:XPNvivXSCeVvnD2IJOsBFaw4IzEsS/ZXBc2Y4MT5fN7:Ni6tQIwsBFa/IvcR9U7

Malware Config

Targets

    • Target

      6b1527e8faac12a1d1633d82d2a618d2_JaffaCakes118

    • Size

      263KB

    • MD5

      6b1527e8faac12a1d1633d82d2a618d2

    • SHA1

      68c36b4ed4f9afb168d3fc69e840b14e44853826

    • SHA256

      d3dfa26905108cb7239d74c17ad7b326cd9c603febb512deca55435bea7dc88d

    • SHA512

      b9e8ff0ddcb5bed5b1ef8c376205c7264e89612ccb6884f34b7d3d7bf1962e0f9f7c1164fa4d0d7d5fab1af078a99a6b1dca543ac792b869ec7565863d3a9e35

    • SSDEEP

      6144:XPNvivXSCeVvnD2IJOsBFaw4IzEsS/ZXBc2Y4MT5fN7:Ni6tQIwsBFa/IvcR9U7

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Removes its main activity from the application launcher

    • Checks memory information

      Checks memory information which indicate if the system is an emulator.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Obtains sensitive information copied to the device clipboard

      Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    • Queries account information for other applications stored on the device

      Application may abuse the framework's APIs to collect account information stored on the device.

    • Queries the mobile country code (MCC)

    • Registers a broadcast receiver at runtime (usually for listening for system events)

    • Checks if the internet connection is available

    • Queries the unique device ID (IMEI, MEID, IMSI)

    • Reads information about phone network operator.

    • Schedules tasks to execute at a specified time

      Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

MITRE ATT&CK Mobile v15

Tasks