General

  • Target

    a824999fa9590acc208288b65df0b345_JaffaCakes118

  • Size

    25.1MB

  • Sample

    240614-f3gsqazhkj

  • MD5

    a824999fa9590acc208288b65df0b345

  • SHA1

    091d4cfc06bfca77d17e52cea561a3f1f3d3b0d4

  • SHA256

    c4818f2ef9109617ad7900f5a2664c47740547f92d9bc6b5474a95d25515311f

  • SHA512

    edac3b691fd6ae5279875711bfb3af00809770383cb30879ba839570fbf93ee303aa8e57a63b90eb709e7de7f69251fd83af8bb6f2ebd6486c211a33bb2fc41e

  • SSDEEP

    786432:Y1XdsMfi/AtWB1gUu/JdAeXq8nHv4k3VfeTT1F71tUgIb:Y1tnfnKgNrfq8nHvlWTT1FZQb

Malware Config

Targets

    • Target

      a824999fa9590acc208288b65df0b345_JaffaCakes118

    • Size

      25.1MB

    • MD5

      a824999fa9590acc208288b65df0b345

    • SHA1

      091d4cfc06bfca77d17e52cea561a3f1f3d3b0d4

    • SHA256

      c4818f2ef9109617ad7900f5a2664c47740547f92d9bc6b5474a95d25515311f

    • SHA512

      edac3b691fd6ae5279875711bfb3af00809770383cb30879ba839570fbf93ee303aa8e57a63b90eb709e7de7f69251fd83af8bb6f2ebd6486c211a33bb2fc41e

    • SSDEEP

      786432:Y1XdsMfi/AtWB1gUu/JdAeXq8nHv4k3VfeTT1F71tUgIb:Y1tnfnKgNrfq8nHvlWTT1FZQb

    • Checks if the Android device is rooted.

    • Checks known Qemu files.

      Checks for known Qemu files that exist on Android virtual device images.

    • Checks known Qemu pipes.

      Checks for known pipes used by the Android emulator to communicate with the host.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

    • Queries information about the current nearby Wi-Fi networks

      Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

    • Queries information about active data network

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Queries the mobile country code (MCC)

    • Queries the unique device ID (IMEI, MEID, IMSI)

    • Reads information about phone network operator.

    • Requests cell location

      Uses Android APIs to to get current cell information.

    • Listens for changes in the sensor environment (might be used to detect emulation)

MITRE ATT&CK Matrix

Tasks