General

  • Target

    9925140caf24b2f547bbec2099f2bfe1_JaffaCakes118

  • Size

    6.8MB

  • Sample

    240605-y4ct9sge5x

  • MD5

    9925140caf24b2f547bbec2099f2bfe1

  • SHA1

    4dbf2171cca5f599bffb52583c0ea7f168f26d62

  • SHA256

    b5f9e8d83f024167f73c2672757d3c03989a6ff96010d5295ed812189fa3dfb1

  • SHA512

    83894e60521e2b9f1bb1bd9e0fc55b029c6694d5833e0b3c0d61dabf5b6e756d084715974721a3c536282314ab3326944ad7c2dd5fd2d58347b49d34dd51f7ba

  • SSDEEP

    98304:Gr761NF7mPgOA0bzmrxQuB7MmNnt1d/AYs/I09XfbCFXruTcECHD+/OxN566D6bY:GrsOtM2uxMGwJCFFZ+/jqguPR

Malware Config

Targets

    • Target

      9925140caf24b2f547bbec2099f2bfe1_JaffaCakes118

    • Size

      6.8MB

    • MD5

      9925140caf24b2f547bbec2099f2bfe1

    • SHA1

      4dbf2171cca5f599bffb52583c0ea7f168f26d62

    • SHA256

      b5f9e8d83f024167f73c2672757d3c03989a6ff96010d5295ed812189fa3dfb1

    • SHA512

      83894e60521e2b9f1bb1bd9e0fc55b029c6694d5833e0b3c0d61dabf5b6e756d084715974721a3c536282314ab3326944ad7c2dd5fd2d58347b49d34dd51f7ba

    • SSDEEP

      98304:Gr761NF7mPgOA0bzmrxQuB7MmNnt1d/AYs/I09XfbCFXruTcECHD+/OxN566D6bY:GrsOtM2uxMGwJCFFZ+/jqguPR

    • Checks if the Android device is rooted.

    • Checks known Qemu files.

      Checks for known Qemu files that exist on Android virtual device images.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

    • Acquires the wake lock

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

    • Queries information about active data network

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Reads information about phone network operator.

    • Target

      dmss_v2.jar

    • Size

      126KB

    • MD5

      aa64c54de3204df266353f78f8f92743

    • SHA1

      f30391c3c576f3ad05cae309d4b3ed63759f140f

    • SHA256

      a9d07897e42c42c15f27ac1e3a907072bce90aeed7cf70ad3c52ea020a2bb1ac

    • SHA512

      a3be909d084d88dc1da4c0b0fd8dfbcc63d3149308f622b094fb1b9b4a47c2e5fe9633fd7354e2ce281d222fffcfdfd3896708cb398c81f12437aa8f0720690c

    • SSDEEP

      3072:QWDEMmwiLvzgsHGEIqTriwmelZLoALvFchukchKC+8G/ee:pDpmwiJ2Ur7mhAL+kkcPG1

    Score
    1/10
    • Target

      dump.jar

    • Size

      67KB

    • MD5

      1ed63aae654ec48412cc6c368401f747

    • SHA1

      9b8369c379d79f4a140787461da3d99945db9251

    • SHA256

      a4746ce98e7bf8ae964dbfac4df074234eae99a95f7757666861914f23544415

    • SHA512

      e59f80e94f7bdcad55c450eea30fdb6f5b16e8256b697f745236aa5f4a29d173d6c0569adac770fe9f7e47d7fbf48decd196d4927940190ce17b080dc39a06a8

    • SSDEEP

      1536:Uux2jGD/j3xsYOCnjGS6VXAuVu1UB2h1/eMo6Xy4qxHkIKiu:Xx2jy31eVXAuVumCpesy4qdtu

    Score
    1/10
    • Target

      dynamic.jar

    • Size

      77KB

    • MD5

      c14c8a2f5d3a7c47eb2ca8c1b6e69adb

    • SHA1

      4e57b3c0f34427aba8a5be40c2e9b627172a89c8

    • SHA256

      7d7ada76ea057847b5c47ed0f16a6d0e52cdbebbbdb08c1a9519acf70a1a4107

    • SHA512

      2be420b849c0fa84d3c594ab6bc85255eb54915e05aac5fd3d711e8dc93f484c5a2add2c662a858d4c2ce316a716c9e930122e9cb1047be7482c495242d766e4

    • SSDEEP

      1536:fLAphepUaQbf6B7Xpy0lL8laR5pSbz1yBjwUP6SrL4z:cuXYm7XpywIoSb8scFL4z

    Score
    1/10

MITRE ATT&CK Mobile v15

Tasks