General

  • Target

    9295262a0e02d3a15d15094d07068267_JaffaCakes118

  • Size

    2.9MB

  • Sample

    240603-vvxarsef65

  • MD5

    9295262a0e02d3a15d15094d07068267

  • SHA1

    b6a97dfb2a9b1b6f5cf299e9bff17764cebe0976

  • SHA256

    12923114112d716d97b4f607022b1a2583fd05887675574d36c35cf601daa42a

  • SHA512

    36f671312b77cc41d509bc34a06182667be280d2759a9a1695b3e35a29fe45ff7303084f854c082eac3d4d483e4018a9dd0161d78dd5e6ddc1832ea560593d94

  • SSDEEP

    49152:znDwJhAJCFdGeTIl39fC23YmpNSnQTqbi3YpGP3/Pn4piSoWNxLhlUvApHL3pJXb:znDabjG9tfCeknfiwWXn4piSoW7LhlRF

Malware Config

Targets

    • Target

      9295262a0e02d3a15d15094d07068267_JaffaCakes118

    • Size

      2.9MB

    • MD5

      9295262a0e02d3a15d15094d07068267

    • SHA1

      b6a97dfb2a9b1b6f5cf299e9bff17764cebe0976

    • SHA256

      12923114112d716d97b4f607022b1a2583fd05887675574d36c35cf601daa42a

    • SHA512

      36f671312b77cc41d509bc34a06182667be280d2759a9a1695b3e35a29fe45ff7303084f854c082eac3d4d483e4018a9dd0161d78dd5e6ddc1832ea560593d94

    • SSDEEP

      49152:znDwJhAJCFdGeTIl39fC23YmpNSnQTqbi3YpGP3/Pn4piSoWNxLhlUvApHL3pJXb:znDabjG9tfCeknfiwWXn4piSoW7LhlRF

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Requests cell location

      Uses Android APIs to to get current cell location.

    • Checks CPU information

      Checks CPU information which indicate if the system is an emulator.

    • Checks memory information

      Checks memory information which indicate if the system is an emulator.

    • Obtains sensitive information copied to the device clipboard

      Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Queries information about the current nearby Wi-Fi networks

      Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

    • Queries the mobile country code (MCC)

    • Registers a broadcast receiver at runtime (usually for listening for system events)

    • Checks if the internet connection is available

    • Reads information about phone network operator.

MITRE ATT&CK Mobile v15

Tasks