General

  • Target

    929b6a4a5544cda2148fd8a8e10f3082_JaffaCakes118

  • Size

    9.8MB

  • Sample

    240603-v19s2sdf31

  • MD5

    929b6a4a5544cda2148fd8a8e10f3082

  • SHA1

    d005d79f6178c2350f6b6caaa2c07c98dec7f2d1

  • SHA256

    bb93a0924261a65cbf16d02f6bee33df6d8413a0722ae91cbf4347ad0c1a70f4

  • SHA512

    f814258769750a4ddeedd5c19a4e77b3131e88ae33f036384d3575db5ecfffd9dfb016c0658f1011e0b680d537808e23c6eacefb5fa2121245da39f5f3e090e2

  • SSDEEP

    196608:MYQbxhMlGAIDzpvUdUcp7nblQbWWOIFi/PmlqPyjuQpoBna4jaWT/Ge:MfhX9vUdUwnxQi5IpIPYoo42WT/Ge

Malware Config

Targets

    • Target

      929b6a4a5544cda2148fd8a8e10f3082_JaffaCakes118

    • Size

      9.8MB

    • MD5

      929b6a4a5544cda2148fd8a8e10f3082

    • SHA1

      d005d79f6178c2350f6b6caaa2c07c98dec7f2d1

    • SHA256

      bb93a0924261a65cbf16d02f6bee33df6d8413a0722ae91cbf4347ad0c1a70f4

    • SHA512

      f814258769750a4ddeedd5c19a4e77b3131e88ae33f036384d3575db5ecfffd9dfb016c0658f1011e0b680d537808e23c6eacefb5fa2121245da39f5f3e090e2

    • SSDEEP

      196608:MYQbxhMlGAIDzpvUdUcp7nblQbWWOIFi/PmlqPyjuQpoBna4jaWT/Ge:MfhX9vUdUwnxQi5IpIPYoo42WT/Ge

    Score
    8/10
    • Checks if the Android device is rooted.

    • Checks CPU information

      Checks CPU information which indicate if the system is an emulator.

    • Checks memory information

      Checks memory information which indicate if the system is an emulator.

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Checks if the internet connection is available

    • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

    • Reads information about phone network operator.

    • Target

      alipay-msp-3.5.4-pro-1000089-baihe-201306191624.apk

    • Size

      353KB

    • MD5

      b609f3311efd7fdad2d91bf031371bb9

    • SHA1

      452957785ed9cc60c5eb53c1221f12b0f3cb378d

    • SHA256

      a29d3f4204593e407d449a1b24ac5a2bac1ed5c6f629aee08fca9edbe82d8a0e

    • SHA512

      860b33b2dde1e86002c5474d2a522181f3b5cceb64b6adbeccad26790b3181bf80018e92f1437baaea67ff1f73d97b0c01359737fcca5f8fb7a06a625cd58b22

    • SSDEEP

      6144:6kRbu+WYzK1ci+WdWN42xJNuTS3Ju3d273Rp5tPVKt9m8rpvCpCFJIm:6kpWYz0ci+OWxx7ro0htduNrpvCArD

    • Requests cell location

      Uses Android APIs to to get current cell location.

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Checks if the internet connection is available

    • Target

      mtll.apk

    • Size

      998KB

    • MD5

      c5b9eb69bec41ec105e17cb1d8325a16

    • SHA1

      dbdc26167db479519f21b3ec7d3ec8ea719fc2bc

    • SHA256

      659c7359f8527eacd4efcc57afaf97368ead255ef1beab4f861f740bdd655a98

    • SHA512

      744c245ddf94c3a92243ac801948cb75b5962604c28b3cf726af57cbe24f9af786fdc8bdeca3ad2995f231c08321e0ee15fde3bee4d71b6e9b365299ff9f9b42

    • SSDEEP

      24576:6635eywLnowen6nBM6/XebjrjqLKONRQyfes:66wTnRe6naYe/3qL5tfes

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Registers a broadcast receiver at runtime (usually for listening for system events)

MITRE ATT&CK Mobile v15

Tasks