General

  • Target

    997d5b33bbff9c5d88f8133efaae9a60_JaffaCakes118

  • Size

    21.8MB

  • Sample

    240605-28s9lacd77

  • MD5

    997d5b33bbff9c5d88f8133efaae9a60

  • SHA1

    48462016a993631b776006f7d5750b77facac60c

  • SHA256

    8ff6b52bd2e5731791d8554dc24fdb73acee87c6a3ded8065a338af5215d1130

  • SHA512

    ac25817863f8335581156844476c510a611f166014f2560ebcd6b1a9522c65e1d26799913fd8903fbde05232f787a934c94b8cac4e5e4db0c8261cb14c86e63f

  • SSDEEP

    393216:Rpmd7WCRGc2GS/I/j7rgUNMiD3YT9cgDMsWRb65XxBnhVGxXIURdAaqGB7E5BGJH:/mr52f/ej7cU/D3YTG129uxYUrAOBCPo

Malware Config

Targets

    • Target

      997d5b33bbff9c5d88f8133efaae9a60_JaffaCakes118

    • Size

      21.8MB

    • MD5

      997d5b33bbff9c5d88f8133efaae9a60

    • SHA1

      48462016a993631b776006f7d5750b77facac60c

    • SHA256

      8ff6b52bd2e5731791d8554dc24fdb73acee87c6a3ded8065a338af5215d1130

    • SHA512

      ac25817863f8335581156844476c510a611f166014f2560ebcd6b1a9522c65e1d26799913fd8903fbde05232f787a934c94b8cac4e5e4db0c8261cb14c86e63f

    • SSDEEP

      393216:Rpmd7WCRGc2GS/I/j7rgUNMiD3YT9cgDMsWRb65XxBnhVGxXIURdAaqGB7E5BGJH:/mr52f/ej7cU/D3YTG129uxYUrAOBCPo

    • Checks if the Android device is rooted.

    • Checks known Qemu files.

      Checks for known Qemu files that exist on Android virtual device images.

    • Checks known Qemu pipes.

      Checks for known pipes used by the Android emulator to communicate with the host.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

    • Queries information about the current nearby Wi-Fi networks

      Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

    • Queries information about active data network

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Reads information about phone network operator.

MITRE ATT&CK Mobile v15

Tasks