General

  • Target

    a11f11dc54bb83b6d5cebdd9504f16f8_JaffaCakes118

  • Size

    23.4MB

  • Sample

    240612-sns9eszcmf

  • MD5

    a11f11dc54bb83b6d5cebdd9504f16f8

  • SHA1

    da8a464bf5c3c4d44c34652545e084dd2f0f0956

  • SHA256

    2f5c0f10462ccc774e0a95c79523c76c5dbf33de529f6b691be82844c5826f5a

  • SHA512

    7d2add4069c570651424d26dff63bd3333be1a4017bf643a47ebfa4c75f13fa83da32731c4e220ddf4963d681439ef17521a0fc8d576387873a26195d60d569c

  • SSDEEP

    393216:dQHQI9y28fmGAJAdwa1D+RbehxAmmoZqKIFBdF7PS9yqAGNBdczuJNJCQKo6h:y9CzAJwbAehl/q1dRPSyYzazOii6h

Malware Config

Targets

    • Target

      a11f11dc54bb83b6d5cebdd9504f16f8_JaffaCakes118

    • Size

      23.4MB

    • MD5

      a11f11dc54bb83b6d5cebdd9504f16f8

    • SHA1

      da8a464bf5c3c4d44c34652545e084dd2f0f0956

    • SHA256

      2f5c0f10462ccc774e0a95c79523c76c5dbf33de529f6b691be82844c5826f5a

    • SHA512

      7d2add4069c570651424d26dff63bd3333be1a4017bf643a47ebfa4c75f13fa83da32731c4e220ddf4963d681439ef17521a0fc8d576387873a26195d60d569c

    • SSDEEP

      393216:dQHQI9y28fmGAJAdwa1D+RbehxAmmoZqKIFBdF7PS9yqAGNBdczuJNJCQKo6h:y9CzAJwbAehl/q1dRPSyYzazOii6h

    • Checks if the Android device is rooted.

    • Checks known Qemu files.

      Checks for known Qemu files that exist on Android virtual device images.

    • Checks known Qemu pipes.

      Checks for known pipes used by the Android emulator to communicate with the host.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

    • Queries the phone number (MSISDN for GSM devices)

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

    • Queries information about active data network

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Reads information about phone network operator.

    • Requests cell location

      Uses Android APIs to to get current cell information.

    • Target

      bdxadsdk.jar

    • Size

      266KB

    • MD5

      170ce354f12852de7852a2cd8bfd6826

    • SHA1

      6068e357aa412ab67c263f20ebfcecfa55a27151

    • SHA256

      65a60000cbfd0dd36eefae21eb736eb3bb27c3acc7f0e87368896e6d9a756322

    • SHA512

      b04399dc7b7edfba26c3d055c434a221910d9916b3caca8d1768a8ffdcef2f6ddaf4e28187f23528a9209cac133586c050806de36848b3f7345434a088155835

    • SSDEEP

      6144:Ld666666666Pm7mJpNzlVtztmWlCshtenRJdzhiOZCFYcgGGcRnaNjjUiS:B666666666Pm7EzlVJtnl5EnRJiOZ/Gl

    Score
    1/10
    • Target

      gdtadv2.jar

    • Size

      650KB

    • MD5

      a2545eb7348a80f175df63c661546c67

    • SHA1

      7bfcf1ba98eea991e83017a9b623585b454ec913

    • SHA256

      156a506987fc2478b67cdcbc489e9dee6d6899c85ec3f528e49aaa38c429f930

    • SHA512

      564195e10c49dcde78db18b7610e969e129224231bf367013587a925eb302618bbfecccc06c9e35193b02ddf142f75213ecd0c302e71e7e883d406a39238ddb7

    • SSDEEP

      12288:6A/eAqlTYNTbHulJeTcMZH2rNp8OwazS5skPAZl9xHrUzE3OdKUwdUSsielx6:6A/ea32e4MZH2rNpHwsbkPAppgZw6SsO

    Score
    1/10

MITRE ATT&CK Mobile v15

Tasks