General

  • Target

    9321fa5d72164691ce5d36f15fd159c1_JaffaCakes118

  • Size

    30.4MB

  • Sample

    240604-as231sfe63

  • MD5

    9321fa5d72164691ce5d36f15fd159c1

  • SHA1

    efd116957ad1822c75c3bbc0af7094e0ef3d3d4f

  • SHA256

    4f56ff8997dc4d1b89f33be5676cd06ada9590152cba07d6224efb73a98652fc

  • SHA512

    974762283d6e3b9ab3bc1401b02210f3a5aac57de8d351684cdef3b908fa6d70edb8d1d824bcf99ac21af3b8b072eef2ac53daf9da096b1d5c91f270940ac550

  • SSDEEP

    786432:wv3+LhsfskiVA4nG6UZVYHIIIhYp7cZa8E5:83+ifskiVA4GpZVYHXrp8re

Malware Config

Targets

    • Target

      9321fa5d72164691ce5d36f15fd159c1_JaffaCakes118

    • Size

      30.4MB

    • MD5

      9321fa5d72164691ce5d36f15fd159c1

    • SHA1

      efd116957ad1822c75c3bbc0af7094e0ef3d3d4f

    • SHA256

      4f56ff8997dc4d1b89f33be5676cd06ada9590152cba07d6224efb73a98652fc

    • SHA512

      974762283d6e3b9ab3bc1401b02210f3a5aac57de8d351684cdef3b908fa6d70edb8d1d824bcf99ac21af3b8b072eef2ac53daf9da096b1d5c91f270940ac550

    • SSDEEP

      786432:wv3+LhsfskiVA4nG6UZVYHIIIhYp7cZa8E5:83+ifskiVA4GpZVYHXrp8re

    • Checks if the Android device is rooted.

    • Checks known Qemu files.

      Checks for known Qemu files that exist on Android virtual device images.

    • Checks known Qemu pipes.

      Checks for known pipes used by the Android emulator to communicate with the host.

    • Checks memory information

      Checks memory information which indicate if the system is an emulator.

    • Registers a broadcast receiver at runtime (usually for listening for system events)

    • Checks if the internet connection is available

    • Target

      bdxadsdk.jar

    • Size

      192KB

    • MD5

      f133300f181ba96519a48b7b782bde53

    • SHA1

      a5aca3b45716c21677b8f1a004d67050007f1ebe

    • SHA256

      9e95a294e6e4bde6403e5e86502b844668959222c619ee690baf7eb47e06df10

    • SHA512

      18bdeb36dd08c0912fc827f60c6e3e7252d6ebfde61f476e593736df5cb744713298f714e595b5482fb02b0b5e04c02a521b9e72c728a7a609fd7cb1f581106c

    • SSDEEP

      6144:DbkCy3w2eZZKZLRrPWU6lWsx8gmFzetbP+WsXp:EVA2zLRCTAIrL9PRs5

    Score
    1/10
    • Target

      gdtadv2.jar

    • Size

      230KB

    • MD5

      33aeb27eefc5ae7838f01186e27d8816

    • SHA1

      2a7ef64266577916f05cc841c9f977ca8a34568f

    • SHA256

      c6a8f2838c910a50b56bddad227ebed00b8b32a6869a432c83964b1150ad2c59

    • SHA512

      ebd8ccc5750aa1c2a28e849149d0ef3d1c997479008a803a931ea10c82bd99d90797a99329690cbea6cbc18d45bbe481a5576abfe3ca8afc96dbb3974a0e00c5

    • SSDEEP

      6144:B8Obhi9RAdTKqZVGee8QXMLzKb/n4BQk+m:BbhiTAEQeVsWrn4BUm

    Score
    1/10
    • Target

      vivounionapk_v4.2.4.0_d74cb3a_201808271150_signed_aligned.vua

    • Size

      4.2MB

    • MD5

      3200674229ed57cf762fc3d8c5137b55

    • SHA1

      0896d5f138545dc9ddbf0003518880d745c8fe0e

    • SHA256

      333ee74803ab4b114d6217250623869c751a00f4748c826c19ffcd7b29476195

    • SHA512

      31c96314a2b0d80ef3d6c04c0a6894b6a8ebff7e501fd48499ea0e12969ba4ac00cdd844caf839a16cdcffa5b51ee2f33af36a578dfd450c79c7e2bbc0c521ff

    • SSDEEP

      98304:aQn4W5hESDzkY18DTTcDPPIKGPBhFI+sqFkSOO:aQ4W5hEIkg8DTTcDPPIK+HFknO

    Score
    7/10
    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

    • Queries the unique device ID (IMEI, MEID, IMSI)

    • Target

      vivounionsdk.res

    • Size

      29KB

    • MD5

      7a92466708fa1ae45c5585a5b986f5aa

    • SHA1

      e9e8e0dc60208b7a8b64a65550442a73f1166c30

    • SHA256

      cc8416f87003538f2c8ea5280a7eaebfb40597b6ebdcc33c4fa64b0cf08d3b73

    • SHA512

      026dec17ed60d89257c8cb7873a0ccc0de910aad6706f1bbb7936229d7074b9542b7b80a2040f466c64e6cf8896e8531ee01ed7acbfa6a7ed90637a5fe2d477d

    • SSDEEP

      384:RAhiLwh2JKStCYi7PSSDq41bVjDIcRy3ftLYHiLaBsKFj+C:RAV2wYnSDqojDIcsfiHiG3l

    Score
    1/10

MITRE ATT&CK Mobile v15

Tasks