General

  • Target

    9550813382357bce9964ce74d844be16_JaffaCakes118

  • Size

    22.0MB

  • Sample

    240604-sk15vsbb8s

  • MD5

    9550813382357bce9964ce74d844be16

  • SHA1

    8225760f7c58a679646160adac1c1cc82e9a8f73

  • SHA256

    33f4f11a952f4562673ef184bc30fb2a37fa56b873beecbed7637e978377ec34

  • SHA512

    8964e264aeef629ab9b4a4dd5479eb70cb3e7cd699b898b5c52625e8cedccb58f2955660eeacfc78e745ff4842d4935e265841ac836cb9a27c39352f76d4c0bd

  • SSDEEP

    393216:aXF4IKzJUIFYSuYHbCjtxZj+n+/9jyBf3Zum0TqFdd/AliN6nkDybViJy8:IF7IN4jtHjOyYZ3b7dRN6z0

Malware Config

Targets

    • Target

      9550813382357bce9964ce74d844be16_JaffaCakes118

    • Size

      22.0MB

    • MD5

      9550813382357bce9964ce74d844be16

    • SHA1

      8225760f7c58a679646160adac1c1cc82e9a8f73

    • SHA256

      33f4f11a952f4562673ef184bc30fb2a37fa56b873beecbed7637e978377ec34

    • SHA512

      8964e264aeef629ab9b4a4dd5479eb70cb3e7cd699b898b5c52625e8cedccb58f2955660eeacfc78e745ff4842d4935e265841ac836cb9a27c39352f76d4c0bd

    • SSDEEP

      393216:aXF4IKzJUIFYSuYHbCjtxZj+n+/9jyBf3Zum0TqFdd/AliN6nkDybViJy8:IF7IN4jtHjOyYZ3b7dRN6z0

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

    • Queries information about the current nearby Wi-Fi networks

      Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

    • Queries the phone number (MSISDN for GSM devices)

    • Requests cell location

      Uses Android APIs to to get current cell information.

    • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

    • Queries information about active data network

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Queries the mobile country code (MCC)

    • Reads information about phone network operator.

    • Listens for changes in the sensor environment (might be used to detect emulation)

    • Target

      unicom_channel_resource.dat

    • Size

      28KB

    • MD5

      af566108ab40330c1c97f8c54fae3c83

    • SHA1

      6754244194eeed6aa426105563797b93852d5406

    • SHA256

      3e1b5149777df0b31e00c53e3d0a7bc7b8041299ff44ae28e14a843e3ba24c6c

    • SHA512

      115c32bc47c49e94bd9ce28ed579ba461dfe29aa3b6fc869d1810b61de84eff399f53570fadad08dc95316b82446e3e4b696913db71edf4c133e62e323b8c359

    • SSDEEP

      768:vgmYNoDKahCyhzLEXiFWAkEsDVop56mTCZbOnih:vCNCKafhf8gih

    Score
    1/10
    • Target

      unicom_resource.dat

    • Size

      110KB

    • MD5

      31fbb28feeef6aecc7fd4c74374bb71b

    • SHA1

      c3d83ea4e6f9e490efac6ca73db3ba314da1b6c5

    • SHA256

      5d60f1abd1dd0ee3761dffcb27c36e6a538bf7e28f5c208e8d74d2394dc42b67

    • SHA512

      e7e9563840836973153fba6f11c7d1a5b7066680d4f23194328b8ebae64924bc510d5a604adb62584824d5b6e528bd207a785f52be75395587d6a3341329a7b3

    • SSDEEP

      1536:7amaCvrgOZgdG2az4LnyH25aU3/k27yluevqIJwzqvl2PSZ63:7jrgGSGIjM25a2/luAIJJFk

    Score
    1/10

MITRE ATT&CK Mobile v15

Tasks