General

  • Target

    8a171a9769b90f50702fe1df66830a5e_JaffaCakes118

  • Size

    22.9MB

  • Sample

    240601-lsvvgsaa65

  • MD5

    8a171a9769b90f50702fe1df66830a5e

  • SHA1

    b2cba33782139d7885dc3ae0d592290c4a1cba48

  • SHA256

    a6615a718675158da1cc1943cb3604b3e20c3d7f15d6989ec83364f1d2c59d2f

  • SHA512

    a6872915138825842e8154a1855e9a8dc03c06eeb88d97ef41e6eda2c9e951b7810fdd3d8bb11bdff233804783ce8b001114deb345a6ae40089fcc27f48ee917

  • SSDEEP

    393216:tYSgeJ/O9yaZaKkgelGfb6YSokixzr6lD4t/lgovN9B7SehsFTYwm7GiuBBvrOAM:tBgs/OUCeI69okszrus/N91SeMTYFEBI

Malware Config

Targets

    • Target

      8a171a9769b90f50702fe1df66830a5e_JaffaCakes118

    • Size

      22.9MB

    • MD5

      8a171a9769b90f50702fe1df66830a5e

    • SHA1

      b2cba33782139d7885dc3ae0d592290c4a1cba48

    • SHA256

      a6615a718675158da1cc1943cb3604b3e20c3d7f15d6989ec83364f1d2c59d2f

    • SHA512

      a6872915138825842e8154a1855e9a8dc03c06eeb88d97ef41e6eda2c9e951b7810fdd3d8bb11bdff233804783ce8b001114deb345a6ae40089fcc27f48ee917

    • SSDEEP

      393216:tYSgeJ/O9yaZaKkgelGfb6YSokixzr6lD4t/lgovN9B7SehsFTYwm7GiuBBvrOAM:tBgs/OUCeI69okszrus/N91SeMTYFEBI

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Queries the unique device ID (IMEI, MEID, IMSI)

    • Reads information about phone network operator.

    • Target

      HwAllBackup.apk

    • Size

      5.9MB

    • MD5

      80b1e9c1017a1d7a0509497dd690ddd2

    • SHA1

      e36d3ff93441bcd0128311e1e5368fefd71d8c7b

    • SHA256

      0eed6f2ab6c648e78d04e549119f8b539235c3eff2d78eee62da43be57aff692

    • SHA512

      2cfa30d92148e97a3cf19593aafc4ad961bf853297c24fcf4aa2958576577bcd7bc2db4bb740c697a8abf9822a0985b9814df4e43ced5d54cc11f57bd8f1c85d

    • SSDEEP

      98304:UL6UOpzSRZMUYGoxO0BJjfGXdXKyFfbIOmLIp8doTcY+g:UL6UOpiZMUYvxO0rjfskOmLIp3cY+g

    Score
    1/10
    • Target

      HwCloudDrive.apk

    • Size

      3.3MB

    • MD5

      6d4ae231088bb8f6e525668852f6507c

    • SHA1

      99fff1099d0b6ab14e715f5d5bf9c7640c9b88c6

    • SHA256

      2fb119257ca01b4baf3ac324e9bc1072f2203003d0ec835087e0220010d560e5

    • SHA512

      b10f4b9c4bb4d28ede61dec9a447a3e2cba380468516fd7bc6bf39232b099d4bdd9b68fb72fba5646fd204a180ab09a431bb22a0244e052128d6cecbc85e362d

    • SSDEEP

      49152:hULCThZyZwNpeR/IiGkFXRRADUyVYO7yKSH7wvWtScKqaT:CvIpKXRR6YO7gbXQlb

    Score
    1/10
    • Target

      HwFansClub.apk

    • Size

      1.0MB

    • MD5

      f035bf87bd472dff1bb9806b6b9d148f

    • SHA1

      d251df936c8378aa9b5f5c5f2beaeb26d2bb40b7

    • SHA256

      9dc7c05f3b7680377bbacc7720e1c94505fc83c6c2ede9b1f3f5f7de5af9d149

    • SHA512

      8810aa1d894106f1a82e8e44fb705bfcff4fb7a1a07766c9a5bd83b10e9090ce407d585c6463f53995770dbe011e9dc55887e8c85592d607d9dd3b2afffe2465

    • SSDEEP

      24576:JM95cK3jtrRVIeyl/ceC4g+kpwdsgjOFYAsi:JMD9trRVPyisdsQO8i

    • Checks CPU information

      Checks CPU information which indicate if the system is an emulator.

    • Checks memory information

      Checks memory information which indicate if the system is an emulator.

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Queries the mobile country code (MCC)

    • Registers a broadcast receiver at runtime (usually for listening for system events)

    • Checks if the internet connection is available

    • Queries the unique device ID (IMEI, MEID, IMSI)

    • Reads information about phone network operator.

    • Target

      HwHiSync.apk

    • Size

      1.8MB

    • MD5

      93ee74f4265091eb97e5bead3f8eca50

    • SHA1

      dec464facef4fe3587de47ed31e7700d9b87c823

    • SHA256

      8cb056272637ea62c5392c4ab25ffdcd5dacca1ceca96c780464234fcc34dd33

    • SHA512

      2d77e7af8e89de8d96641e6d6ba370cd63ced6512da9b34e84f2c687fffdad61783c6929a9694e6e0ff054fc41647062388df24e6a043f6bc8eb41906dffe285

    • SSDEEP

      24576:Dl9JXr0IyPqaRI/eat/sInvyBYVgZI2geW/RU+HIFEEIjXOCAxwlnEf5EBpzBw:3R0DabiagZI2gspXvu1Ef5OBBw

    • Reads the contacts stored on the device.

    • Reads the content of photos stored on the user's device.

    • Reads the content of the call log.

    • Registers a broadcast receiver at runtime (usually for listening for system events)

    • Checks if the internet connection is available

    • Queries the unique device ID (IMEI, MEID, IMSI)

    • Target

      HwIDh.apk

    • Size

      1.2MB

    • MD5

      3aecfeb34dd4f2990e11dc0d0ce3e7db

    • SHA1

      6e1f8bfebb87df7048f5c29abf82d99ea1363321

    • SHA256

      2eff537f3192415a66907e677b8b4eb0b546d62d1c8285b535ca10bcd9be2e1a

    • SHA512

      13dac73bab3cfbfccbd6b639e3423d132d6e591be0169d84f089f1621d9e6abc6d3d8867e82a00901c92aee41c0ffbfbf51c1fa8d8c71117cc4f720ed5566ac0

    • SSDEEP

      12288:+VcN91UbulJvGPT27xq2J09UGr22pLWZK2tuRZO5f01vb3LY8zRUmRo6m7Hpf5MR:DN91bZGPS7Yx9o0KtUcu1vnY8l5qD5MR

    Score
    6/10
    • Checks if the internet connection is available

    • Reads information about phone network operator.

    • Target

      HwIDl.apk

    • Size

      1.3MB

    • MD5

      d66ef9f75520a845666ed591dacad688

    • SHA1

      4dc383c2b93d3557425c1e35278e6ad0f943d95e

    • SHA256

      a0415bfdb49cfbbc236f0ed057c913014d5e910d6e8bf916aa4e614aa32237fa

    • SHA512

      06a057d642f8af8efc7df0cd14dbc652a76986942c150d42412669bd577b205793a3235b1459d03e6d26173f55a3969611bad29ea0a11b6f52d9f8bfe59e76b2

    • SSDEEP

      12288:i3+2rytVuO7ywdoFy1sXxoA6YJCyEfTUXRW22pbW552J09UjGAabdG9XuiVb:Nmytj7yfFy1SStpTUXNsqx9jAasVuiJ

    Score
    6/10
    • Checks if the internet connection is available

    • Reads information about phone network operator.

    • Target

      HwMediaCenter.apk

    • Size

      4.2MB

    • MD5

      42da620b436262f1ce6e6c60646abc9c

    • SHA1

      674bcc0210fa7925f8cd03a0b7a183f509a0a1d3

    • SHA256

      b05a34112059b0996c8e0dbd8af92d9495f6eaf04f34754e0778adaa162838c9

    • SHA512

      cb91f9430e5f011e77842dd6164a9bd19c1a5bf5c185afda93bd1161df48485978df9b907772e5fd39f214bdbb529380cacf80e32fb1977de60fe0ec2eff84dc

    • SSDEEP

      98304:LXXxus+Bs9Z2ZJEbv5sO5ZaYXN4rsURSBjhTXsqf2s5oYR8qPaI70:bxvN9+0vVZhXioUGhTsu2s5oYJQ

    Score
    1/10
    • Target

      HwOUC.apk

    • Size

      1.1MB

    • MD5

      6bb9afecdf6ae8d40235c38045d9c4e3

    • SHA1

      ced70f6aafb2f4dbe393c46f4b1dff20a26a54bd

    • SHA256

      1a0a710701aa2b8940037d24d2e081ea7389bb56ee920497fa0136984e53c63b

    • SHA512

      af10381eb8a75266b4ae40a5c4ccaf1b1ba9f962fb8741029c67b441f4becf4d91de318e28ccc62ba202714272074fb054c26a32e1943f997112eaee3b91de7a

    • SSDEEP

      12288:kMhHPuUd/dEJKzUs42AhXwO92m4wx9N998dgbXLEqh4YYhs13iirPHVzvJplNtZY:1GglEBsBAgO92m4wx9NzFSNnhhA3gNPR

    Score
    7/10
    • Checks Android system properties for emulator presence.

    • Registers a broadcast receiver at runtime (usually for listening for system events)

    • Target

      HwPhoneFinder.apk

    • Size

      433KB

    • MD5

      3f8947d16928360581e05e2a440328c2

    • SHA1

      95da7aa7c43b8d0587403c572a39fc3f32efa560

    • SHA256

      5008d833a78de63a84bf3959ccc079a0961c5ecac90e8a0fd7f2df2ec73ea017

    • SHA512

      3e0fe9454d4ef4c9dbe501af3784b34cfc4aac212c72f0282470d4fc477f2b1611816d14189275615ed200088b18c7da736bafe0702f485da6765e79d2ae6f56

    • SSDEEP

      6144:pHfkp05DdlcLxAbds/0JuEndHc5dKBZf8Khdzx72NwbiVGLLdVHDf+glFDYXhQrP:p/aV6hymu+HcQzFpLzDf+08gVtC+

    Score
    1/10
    • Target

      HwPhoneService.apk

    • Size

      2.7MB

    • MD5

      0d3e87ebecdcb6f0d97481f4c588d31e

    • SHA1

      c3c3658e8a460bfc456b3f3da7af5ba908bb20e8

    • SHA256

      13a0a1eb68392bcf0bfc918323f95f77c036e359a121bdf60d6a3b4229248e09

    • SHA512

      71ce1a77665ed4a154521caa8431fd52c9476aad67facdd282c3381f98a0ccf52627613c6bb352def7a20badd38380d865c4cbd87fe53fe4b954ad09c61ec6ed

    • SSDEEP

      49152:T4jjmYooA2ah0VuiOockMFTZO1KeXcZ1gtqe0ULmUlZagd3ANLezM/u:TGjmY2QMJBfewULmUja1Ny4u

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Registers a broadcast receiver at runtime (usually for listening for system events)

    • Acquires the wake lock

    • Checks if the internet connection is available

    • Reads information about phone network operator.

    • Target

      HwPushService.apk

    • Size

      245KB

    • MD5

      9a99d377254df0298b8ebff4862c3b2a

    • SHA1

      6d704e1e5ddd37d3a44fe1279680e75a45445d18

    • SHA256

      3f35aacf59fdb138864fc7e6c94526acecd2366b59bd2a56a6ff80f00ae7ee7e

    • SHA512

      f48af9e4892c7aad2cc06d18919b36b081149df19bf3193f1fe3fa46caaa236da20438890dd6fc732e56859e226769d4af2b92aac7e1baf0fa5cc5435fde43e3

    • SSDEEP

      6144:uKDyADFeiKzJp0AxNIriPyUK+PLnDyqZu02PvS:uY78iCjIWKx+v

    • Registers a broadcast receiver at runtime (usually for listening for system events)

    • Acquires the wake lock

    • Queries the unique device ID (IMEI, MEID, IMSI)

    • Reads information about phone network operator.

    • Target

      HwVmall.apk

    • Size

      502KB

    • MD5

      497e31092b635d35f9b551a4079bcd29

    • SHA1

      dcc8fa8ddd6eadda690c09453d496615bb8d4e2b

    • SHA256

      fde38fdba9c1ff03a4dd4e4bba97b76b22ed2c0d3dab7031015b35ec0a2ff374

    • SHA512

      eb191f14cc20e7940543a82a3ed5da42da8d212e825c25bc314e428b399bca28c436c3ded83dc4bd9f3eb39e47af068e20e03b040e6896686b80ef04d7f1d828

    • SSDEEP

      12288:snhKWYp/KbAB1g/0ucuirDbM8wSIQvl5BWUu+c058:Y2K8B1HbdrDbMhSogc0a

    • Checks CPU information

      Checks CPU information which indicate if the system is an emulator.

    • Checks memory information

      Checks memory information which indicate if the system is an emulator.

    • Obtains sensitive information copied to the device clipboard

      Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    • Queries the mobile country code (MCC)

    • Registers a broadcast receiver at runtime (usually for listening for system events)

    • Checks if the internet connection is available

MITRE ATT&CK Mobile v15

Tasks

static1

Score
6/10

behavioral1

bankerdiscoveryimpact
Score
8/10

behavioral2

bankerdiscoveryimpact
Score
8/10

behavioral3

Score
1/10

behavioral4

Score
1/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

discoveryevasionpersistence
Score
7/10

behavioral11

discovery
Score
7/10

behavioral12

discovery
Score
7/10

behavioral13

collectiondiscoverypersistence
Score
7/10

behavioral14

collectiondiscoverypersistence
Score
7/10

behavioral15

collectiondiscovery
Score
7/10

behavioral16

discovery
Score
6/10

behavioral17

discovery
Score
6/10

behavioral18

discovery
Score
6/10

behavioral19

discovery
Score
6/10

behavioral20

discovery
Score
6/10

behavioral21

discovery
Score
6/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

evasionpersistence
Score
7/10

behavioral26

Score
1/10

behavioral27

bankerdiscoveryimpactpersistence
Score
8/10

behavioral28

discoverypersistence
Score
7/10

behavioral29

discoverypersistence
Score
7/10

behavioral30

discovery
Score
6/10

behavioral31

discoveryevasionpersistence
Score
7/10

behavioral32

collectioncredential_accessdiscoveryevasionimpactpersistence
Score
7/10