General
-
Target
a11f11dc54bb83b6d5cebdd9504f16f8_JaffaCakes118
-
Size
23.4MB
-
Sample
240612-sns9eszcmf
-
MD5
a11f11dc54bb83b6d5cebdd9504f16f8
-
SHA1
da8a464bf5c3c4d44c34652545e084dd2f0f0956
-
SHA256
2f5c0f10462ccc774e0a95c79523c76c5dbf33de529f6b691be82844c5826f5a
-
SHA512
7d2add4069c570651424d26dff63bd3333be1a4017bf643a47ebfa4c75f13fa83da32731c4e220ddf4963d681439ef17521a0fc8d576387873a26195d60d569c
-
SSDEEP
393216:dQHQI9y28fmGAJAdwa1D+RbehxAmmoZqKIFBdF7PS9yqAGNBdczuJNJCQKo6h:y9CzAJwbAehl/q1dRPSyYzazOii6h
Static task
static1
Behavioral task
behavioral1
Sample
a11f11dc54bb83b6d5cebdd9504f16f8_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral2
Sample
bdxadsdk.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral3
Sample
bdxadsdk.apk
Resource
android-x64-20240611.1-en
Behavioral task
behavioral4
Sample
bdxadsdk.apk
Resource
android-x64-arm64-20240611.1-en
Behavioral task
behavioral5
Sample
gdtadv2.apk
Resource
android-x86-arm-20240611.1-en
Malware Config
Targets
-
-
Target
a11f11dc54bb83b6d5cebdd9504f16f8_JaffaCakes118
-
Size
23.4MB
-
MD5
a11f11dc54bb83b6d5cebdd9504f16f8
-
SHA1
da8a464bf5c3c4d44c34652545e084dd2f0f0956
-
SHA256
2f5c0f10462ccc774e0a95c79523c76c5dbf33de529f6b691be82844c5826f5a
-
SHA512
7d2add4069c570651424d26dff63bd3333be1a4017bf643a47ebfa4c75f13fa83da32731c4e220ddf4963d681439ef17521a0fc8d576387873a26195d60d569c
-
SSDEEP
393216:dQHQI9y28fmGAJAdwa1D+RbehxAmmoZqKIFBdF7PS9yqAGNBdczuJNJCQKo6h:y9CzAJwbAehl/q1dRPSyYzazOii6h
-
Checks if the Android device is rooted.
-
Checks known Qemu files.
Checks for known Qemu files that exist on Android virtual device images.
-
Checks known Qemu pipes.
Checks for known pipes used by the Android emulator to communicate with the host.
-
Queries information about running processes on the device
Application may abuse the framework's APIs to collect information about running processes on the device.
-
Queries the phone number (MSISDN for GSM devices)
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries information about active data network
-
Queries information about the current Wi-Fi connection
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Reads information about phone network operator.
-
-
-
Target
bdxadsdk.jar
-
Size
266KB
-
MD5
170ce354f12852de7852a2cd8bfd6826
-
SHA1
6068e357aa412ab67c263f20ebfcecfa55a27151
-
SHA256
65a60000cbfd0dd36eefae21eb736eb3bb27c3acc7f0e87368896e6d9a756322
-
SHA512
b04399dc7b7edfba26c3d055c434a221910d9916b3caca8d1768a8ffdcef2f6ddaf4e28187f23528a9209cac133586c050806de36848b3f7345434a088155835
-
SSDEEP
6144:Ld666666666Pm7mJpNzlVtztmWlCshtenRJdzhiOZCFYcgGGcRnaNjjUiS:B666666666Pm7EzlVJtnl5EnRJiOZ/Gl
Score1/10 -
-
-
Target
gdtadv2.jar
-
Size
650KB
-
MD5
a2545eb7348a80f175df63c661546c67
-
SHA1
7bfcf1ba98eea991e83017a9b623585b454ec913
-
SHA256
156a506987fc2478b67cdcbc489e9dee6d6899c85ec3f528e49aaa38c429f930
-
SHA512
564195e10c49dcde78db18b7610e969e129224231bf367013587a925eb302618bbfecccc06c9e35193b02ddf142f75213ecd0c302e71e7e883d406a39238ddb7
-
SSDEEP
12288:6A/eAqlTYNTbHulJeTcMZH2rNp8OwazS5skPAZl9xHrUzE3OdKUwdUSsielx6:6A/ea32e4MZH2rNpHwsbkPAppgZw6SsO
Score1/10 -
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Scheduled Task/Job
1Defense Evasion
Foreground Persistence
1Virtualization/Sandbox Evasion
4System Checks
4