General

  • Target

    990151a54b7c092a62d9878755300e22_JaffaCakes118

  • Size

    25.1MB

  • Sample

    240605-xwrssafa9z

  • MD5

    990151a54b7c092a62d9878755300e22

  • SHA1

    3a5b1a23dd8ad556242073ff21e55287af2b27c5

  • SHA256

    954d32c058053dd95bd7da6f16438bcee7a7daa257adeed6fcef0dbc961fc298

  • SHA512

    9bf2297910971597faf5900e6371e96bf4885df43a9cf3f986e135271aa4f5ec2fe5f1bc92ef3f4d927dc033db7070f1fcb3d733892b60e62acb069ac089d7f6

  • SSDEEP

    393216:D1slu3JlxnhOkwxYE5qU8GXRbs8Re4ebtAYuzR12QCwHlFY+rpd1T8XLgwDnUhlK:ZslOhB8X5jVhbMK1SvwHHddTOWvCL

Malware Config

Targets

    • Target

      990151a54b7c092a62d9878755300e22_JaffaCakes118

    • Size

      25.1MB

    • MD5

      990151a54b7c092a62d9878755300e22

    • SHA1

      3a5b1a23dd8ad556242073ff21e55287af2b27c5

    • SHA256

      954d32c058053dd95bd7da6f16438bcee7a7daa257adeed6fcef0dbc961fc298

    • SHA512

      9bf2297910971597faf5900e6371e96bf4885df43a9cf3f986e135271aa4f5ec2fe5f1bc92ef3f4d927dc033db7070f1fcb3d733892b60e62acb069ac089d7f6

    • SSDEEP

      393216:D1slu3JlxnhOkwxYE5qU8GXRbs8Re4ebtAYuzR12QCwHlFY+rpd1T8XLgwDnUhlK:ZslOhB8X5jVhbMK1SvwHHddTOWvCL

    Score
    1/10
    • Target

      ad_patch.jar

    • Size

      620KB

    • MD5

      2f4642c5020386f6633a3a7f7d7391a0

    • SHA1

      ff96dd7cb192d0e592f51cb7fa91efbdfa04e2a7

    • SHA256

      de35da24985817ef097731d8df8eaa800efbd10287ab27f318451409dc9985f1

    • SHA512

      a82754b0e6c70f8b713e51ae87dda3c2511cc7d9aba328d9942e60dbd714b2e93093b491b80e6b69295d764ee3cebffa6fc4bc3f43fb3f70ca6ef78017326a3e

    • SSDEEP

      12288:IRdF21PvWTkn7MK9EG1jE0XbKum8LjACnDu:IHI9wkb7jEEbKum8PAyK

    Score
    1/10
    • Target

      box.apk

    • Size

      7.9MB

    • MD5

      3b2552f1500c0350f5794498f0ae5f66

    • SHA1

      4ed58bb07c2daa319f4efd9de5197424aa61a087

    • SHA256

      ed7003c639937e219d7bd4b280f6bd169eaeef37ad0d5aca54fe54ac43091329

    • SHA512

      05e562e99df0dd8773114089f72bd2d086046ec8600e957470b74f26dee0b0ededff276079168a0af5c72d1ad4264598eb6b974fdf1f2be0c1f8af0f13b810b1

    • SSDEEP

      196608:Hq+oqfwgLSdjDNu3dxVKHO5gCa8Dg5jh9:foNWSdjpeTGCa8An

    • Checks if the Android device is rooted.

    • Checks known Qemu files.

      Checks for known Qemu files that exist on Android virtual device images.

    • Checks known Qemu pipes.

      Checks for known pipes used by the Android emulator to communicate with the host.

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

    • Queries the phone number (MSISDN for GSM devices)

    • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

    • Queries information about active data network

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Queries the unique device ID (IMEI, MEID, IMSI)

    • Reads information about phone network operator.

MITRE ATT&CK Mobile v15

Tasks