7164b77bb97e96b5900dc8468c70dedd5e3ce4957f9e2356cb4e58461f005808 | Triage

Sharing

General

Target

7a1fd6a1963e284dfe2a5ac72c20f3da_JaffaCakes118
Size

827KB
Sample

240527-xbfj1sdf31
MD5

7a1fd6a1963e284dfe2a5ac72c20f3da
SHA1

8efdfd37fadfda4a840ea0f3068fbcb8a844b672
SHA256

7164b77bb97e96b5900dc8468c70dedd5e3ce4957f9e2356cb4e58461f005808
SHA512

a580a6db0c1ae1d2b043ed68fe4bea059d4163a15b03518e592070628e1510587383f3b7fcef10e0e607699a0836afa85369d20722207d9aa8c4b2428c83f5a2
SSDEEP

24576:6kQlRHrE4n4mJlzG7nRHe/E0W5rD2hWbzC2:BQHQiTl4HesT5X2haO2

Score

8^/10

android discovery evasion impact persistence privilege_escalation stealth trojan

Malware Config

Targets

- Target
  
  7a1fd6a1963e284dfe2a5ac72c20f3da_JaffaCakes118
- Size
  
  827KB
- MD5
  
  7a1fd6a1963e284dfe2a5ac72c20f3da
- SHA1
  
  8efdfd37fadfda4a840ea0f3068fbcb8a844b672
- SHA256
  
  7164b77bb97e96b5900dc8468c70dedd5e3ce4957f9e2356cb4e58461f005808
- SHA512
  
  a580a6db0c1ae1d2b043ed68fe4bea059d4163a15b03518e592070628e1510587383f3b7fcef10e0e607699a0836afa85369d20722207d9aa8c4b2428c83f5a2
- SSDEEP
  
  24576:6kQlRHrE4n4mJlzG7nRHe/E0W5rD2hWbzC2:BQHQiTl4HesT5X2haO2
Score

8^/10

discovery evasion impact persistence privilege_escalation stealth trojan
- Removes its main activity from the application launcher
  stealth trojan evasion
- Queries the phone number (MSISDN for GSM devices)
  discovery
- Registers a broadcast receiver at runtime (usually for listening for system events)
  persistence
- Tries to add a device administrator.
  privilege_escalation impact
- Acquires the wake lock
- Queries the unique device ID (IMEI, MEID, IMSI)
  discovery
- Reads information about phone network operator.
  discovery
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Privilege Escalation

Abuse Elevation Control Mechanism

Device Administrator Permissions

Defense Evasion

Hide Artifacts

Suppress Application Icon

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Account Access Removal

Tasks

static1

behavioral1

discoveryevasionimpactpersistenceprivilege_escalationstealthtrojan

behavioral2

discoveryevasionpersistencestealthtrojan

behavioral3

discoveryevasionimpactprivilege_escalationstealthtrojan