General

  • Target

    a14cbc8ceed5b2eaa47b541914876445_JaffaCakes118

  • Size

    31.4MB

  • Sample

    240612-tsmg4s1epe

  • MD5

    a14cbc8ceed5b2eaa47b541914876445

  • SHA1

    e6af0dfdc3a96a304ebd256fafd0e0386c52f70f

  • SHA256

    0c73ef92c5bc536b59ea94f22533a97a8b27262b5fa1bf7ac19dda7e47c6fc9c

  • SHA512

    dd1cf08c59f21d6a9612a748b0bfa4c17b289510b325a6644be2de30280ee23cd1782dc182b9d66618a7bda2cf9157ca1f9e1fc0e7d8998151624d91e9f8bc3c

  • SSDEEP

    786432:XFvDrQ7MF1dy6mPk51uCxxeXLAv/3UFm2qEuzP52retv5EvrKvOKlstE:xDrNQ61TibAX3+m2qEYB2q30rKRT

Malware Config

Targets

    • Target

      a14cbc8ceed5b2eaa47b541914876445_JaffaCakes118

    • Size

      31.4MB

    • MD5

      a14cbc8ceed5b2eaa47b541914876445

    • SHA1

      e6af0dfdc3a96a304ebd256fafd0e0386c52f70f

    • SHA256

      0c73ef92c5bc536b59ea94f22533a97a8b27262b5fa1bf7ac19dda7e47c6fc9c

    • SHA512

      dd1cf08c59f21d6a9612a748b0bfa4c17b289510b325a6644be2de30280ee23cd1782dc182b9d66618a7bda2cf9157ca1f9e1fc0e7d8998151624d91e9f8bc3c

    • SSDEEP

      786432:XFvDrQ7MF1dy6mPk51uCxxeXLAv/3UFm2qEuzP52retv5EvrKvOKlstE:xDrNQ61TibAX3+m2qEYB2q30rKRT

    Score
    7/10
    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Queries the phone number (MSISDN for GSM devices)

    • Target

      bdxadsdk.jar

    • Size

      85KB

    • MD5

      3c850ffec5bdd850f123077ca210a411

    • SHA1

      1c1ae4678b8a3b65640f047cb1bd72bc70d66f97

    • SHA256

      516023ce55fff40074d3c3d9016c023b1fc7dfba2b59c172f89141f1484d418e

    • SHA512

      aa3611687b6140ee9214392a84bc1ef55a6425a84a4e413dfcb2e936a931b9015e1e4ec53ad73539d26622427f9e6da0eae5c58ffc18285de42fc15639d786dd

    • SSDEEP

      1536:E4A1vm52J1h/mgxeek9/Ckkf1THL8BNbM/DXO8Q/3yJ463v6hHA0UGcVrSj:e9mkJ1tmg/I/tkdP8sa80O42uXcVrE

    Score
    1/10
    • Target

      muzhiwanapp.apk

    • Size

      6.7MB

    • MD5

      f166fff17a539f053550965c87c42054

    • SHA1

      8be071793576b6e324db218f02a017439fe826a3

    • SHA256

      efa8e431c5d5b3bda3cfc0da4392d14ef447643412bbea22536a155c7aae82b4

    • SHA512

      26869689b5a58e52e63d95b07cf04f560c4580e9bd408a432a61acace492201ffe93cb7e4166a360530eff8fa3827ae0df83ee43e30daa7f670010d59a8bab8a

    • SSDEEP

      98304:thCSkJBDmTuhW+7eF0JUQ4KMB6NQP4WfxRENHpxPOJHMMC1dh4Zadvtvc8Y6dtR3:nru6wUQMBj4WfOHp+HPC1z4mkKdYIx

    • Checks if the Android device is rooted.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

    • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

    • Queries information about active data network

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Queries the unique device ID (IMEI, MEID, IMSI)

    • Reads information about phone network operator.

    • Requests dangerous framework permissions

    • Target

      mzw_d

    • Size

      59KB

    • MD5

      b2a8fd2dba92c8f75869f79c70d441da

    • SHA1

      faaf88b3c3653fc205a3a125ccb77fbc87b76215

    • SHA256

      2514431fe50d909ac1385e07341ed8878b5f2400df151df5a43a59b98a31ea02

    • SHA512

      a66893a5bb935dfefdc12ea32c2407cf9d8d040ff82852b415c599beb94d002ce77ec15bbac3f78ae6758a8c7f5e83c799ad84fb8ce2e6763da88a9bb20aa7b6

    • SSDEEP

      1536:zsgtqpcH/obgLKxe7wust6XTyLaFcBowg/pL2Nka2MXX3C:zsqqKH/BKxXMXTym/pyKiXnC

    Score
    1/10
    • Target

      mzw_g

    • Size

      42KB

    • MD5

      c04d422c5a4bf58a127bbf2bf014965c

    • SHA1

      3b1f3f4ad21fe0febe567e5a56996a7e61658cf9

    • SHA256

      7a28fd857e1283e351d37931cc6e23cd6de5ad2fd4d3d23337a6f162b07f3978

    • SHA512

      6cb2768a8344e3da470472ea906b5be2e33a24384efe35cdc3c0b0c24351c3b34444a4d2d6a9e21c48927b85554aaa3904fb0361071c0711841565222253e0a8

    • SSDEEP

      768:ccPeR+EU5maX9WkB/gUrXFWLKxe7X+Fu9hRv6Xf3QpD+X7aFkuzkjEC:ccPeRiNWkZbgLKxe7wuzt6XCyLaFm3

    Score
    1/10
    • Target

      stasdk_core

    • Size

      2.1MB

    • MD5

      e1dd5bacfa75b9cf6abf6eaa1635e3c7

    • SHA1

      96a86954d989f634798c91523712c34eab06da3d

    • SHA256

      8dc8a08cb4af889317d11fec26e2c1058f2af5056a4dbc25deaec8707073947f

    • SHA512

      e62c106f91d7a7202411a6938ed721fa695257f205e93772a87c59804a899a1bafd4887d48f2c9f33e5fe3ab6965227beb3fee007515ceb926e83d0e990fcc37

    • SSDEEP

      49152:V1anRWSRRAeAOHy5mWr7cZVsjFrcZzVCuSlH7WKYnRgIpLLw:naRW0AqyJ0vsjFGzoNK7nRgIpLw

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

    • Queries information about the current nearby Wi-Fi networks

      Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

    • Requests cell location

      Uses Android APIs to to get current cell location.

    • Requests cell location

      Uses Android APIs to to get current cell information.

    • Queries information about active data network

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Queries the unique device ID (IMEI, MEID, IMSI)

    • Reads information about phone network operator.

    • Target

      bdxadsdk.jar

    • Size

      85KB

    • MD5

      3c850ffec5bdd850f123077ca210a411

    • SHA1

      1c1ae4678b8a3b65640f047cb1bd72bc70d66f97

    • SHA256

      516023ce55fff40074d3c3d9016c023b1fc7dfba2b59c172f89141f1484d418e

    • SHA512

      aa3611687b6140ee9214392a84bc1ef55a6425a84a4e413dfcb2e936a931b9015e1e4ec53ad73539d26622427f9e6da0eae5c58ffc18285de42fc15639d786dd

    • SSDEEP

      1536:E4A1vm52J1h/mgxeek9/Ckkf1THL8BNbM/DXO8Q/3yJ463v6hHA0UGcVrSj:e9mkJ1tmg/I/tkdP8sa80O42uXcVrE

    Score
    1/10
    • Target

      gdtadv2.jar

    • Size

      142KB

    • MD5

      f0b930680aa93a62bb77d1916e64a3d7

    • SHA1

      fc30b5641b8d32e4efeaf409d07a4d520a95a6da

    • SHA256

      8f109682334d43d811c7d56620c5eb30c9bc1a89f3f36b91232aeb142a6f6ba7

    • SHA512

      2a503f3aefd5ed8634dbc85cd952d10625e4bc18badc0661c7cfcc3345cfb43ba1e153d9fb264703e4cf0d6c40ac601942e841b9537125072f884c283adb5b99

    • SSDEEP

      3072:mZmii8gAi97ZHbwRILfiNJkAzzBdtCQnm:m8B99TZA/3m

    Score
    1/10

MITRE ATT&CK Mobile v15

Tasks