General

  • Target

    88c7185322363841d6ec47d1a8fb6b78_JaffaCakes118

  • Size

    6.1MB

  • Sample

    240531-3w8desah49

  • MD5

    88c7185322363841d6ec47d1a8fb6b78

  • SHA1

    f2a689b47829daf7aa793ab06eb8b8e06ffd7959

  • SHA256

    9e2e4567898d2ab820c2bcba06ae832a04c498e6b3771f8800b08b809eaa8e98

  • SHA512

    1c68f876523bc268233676eea66e75ea2c4a6d69e9124b521764aefe0da868bfed236cef6e533eaaa73afa06341ac7f4166a12f080640fe361596786dda59d47

  • SSDEEP

    98304:hz2ldrTLhIpUcxh7EMEjzeECBpU5bn4ULu/9Rx0REXPlr17z1CVJ64Opa6tl73x2:hzZhozeVBpUqUL2Rx0a1vkkay9Ff0KE

Malware Config

Targets

    • Target

      88c7185322363841d6ec47d1a8fb6b78_JaffaCakes118

    • Size

      6.1MB

    • MD5

      88c7185322363841d6ec47d1a8fb6b78

    • SHA1

      f2a689b47829daf7aa793ab06eb8b8e06ffd7959

    • SHA256

      9e2e4567898d2ab820c2bcba06ae832a04c498e6b3771f8800b08b809eaa8e98

    • SHA512

      1c68f876523bc268233676eea66e75ea2c4a6d69e9124b521764aefe0da868bfed236cef6e533eaaa73afa06341ac7f4166a12f080640fe361596786dda59d47

    • SSDEEP

      98304:hz2ldrTLhIpUcxh7EMEjzeECBpU5bn4ULu/9Rx0REXPlr17z1CVJ64Opa6tl73x2:hzZhozeVBpUqUL2Rx0a1vkkay9Ff0KE

    • Checks if the Android device is rooted.

    • Removes its main activity from the application launcher

    • Checks CPU information

      Checks CPU information which indicate if the system is an emulator.

    • Checks memory information

      Checks memory information which indicate if the system is an emulator.

    • Obtains sensitive information copied to the device clipboard

      Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

    • Queries the mobile country code (MCC)

    • Registers a broadcast receiver at runtime (usually for listening for system events)

    • Acquires the wake lock

    • Checks if the internet connection is available

    • Reads information about phone network operator.

    • Schedules tasks to execute at a specified time

      Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

MITRE ATT&CK Matrix

Tasks