General

  • Target

    9fef1d03be1c51e0477bf177fa5abd24_JaffaCakes118

  • Size

    18.1MB

  • Sample

    240612-jj9aeavdkp

  • MD5

    9fef1d03be1c51e0477bf177fa5abd24

  • SHA1

    e926a0c5872292b4003870e51de40a765a4737b4

  • SHA256

    c42787eb1e43d9440351d06eee2b727d629eb046919f54dfdaa5e2447c5e03c2

  • SHA512

    1b89944ff2d477306f61f6ff9d1a3c8293046641dcfe51119f7318ae8ca43396277044125df245413a3f487c8cdae4bd8257d5bf58f147c6e1ce57f882b0102a

  • SSDEEP

    393216:la4inGLp3JcAE9QehDDq5wH3bkEPShi7Bsv9zE+mhJk7uuv5qdoSFr:la7GLbpE9DqM4OShi7kihq7Fv5IVFr

Malware Config

Targets

    • Target

      9fef1d03be1c51e0477bf177fa5abd24_JaffaCakes118

    • Size

      18.1MB

    • MD5

      9fef1d03be1c51e0477bf177fa5abd24

    • SHA1

      e926a0c5872292b4003870e51de40a765a4737b4

    • SHA256

      c42787eb1e43d9440351d06eee2b727d629eb046919f54dfdaa5e2447c5e03c2

    • SHA512

      1b89944ff2d477306f61f6ff9d1a3c8293046641dcfe51119f7318ae8ca43396277044125df245413a3f487c8cdae4bd8257d5bf58f147c6e1ce57f882b0102a

    • SSDEEP

      393216:la4inGLp3JcAE9QehDDq5wH3bkEPShi7Bsv9zE+mhJk7uuv5qdoSFr:la7GLbpE9DqM4OShi7kihq7Fv5IVFr

    • Checks if the Android device is rooted.

    • Checks known Qemu files.

      Checks for known Qemu files that exist on Android virtual device images.

    • Checks known Qemu pipes.

      Checks for known pipes used by the Android emulator to communicate with the host.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

    • Requests cell location

      Uses Android APIs to to get current cell location.

    • Queries information about active data network

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Queries the mobile country code (MCC)

    • Queries the unique device ID (IMEI, MEID, IMSI)

    • Reads information about phone network operator.

    • Listens for changes in the sensor environment (might be used to detect emulation)

MITRE ATT&CK Mobile v15

Tasks