General

  • Target

    a9c537335aacaf94c51c2a82b31c9f7a_JaffaCakes118

  • Size

    14.2MB

  • Sample

    240614-p3xzdavepn

  • MD5

    a9c537335aacaf94c51c2a82b31c9f7a

  • SHA1

    d2bb7cd8dc748f5d2ad299a247a352db3674761f

  • SHA256

    6191c156a448d559f8a0089cbbab9631fa6147e5391620193505b79589747da6

  • SHA512

    df9159009f089a516a9d5f5494d70a0b5f47bf9bd2e9bbf57461841dba487d9dea1f80428bc5e3b21606702d51699eefed9ef62648079b6047bf647154cbdc89

  • SSDEEP

    393216:PBgNE1c/Ms2WXHF+hzhBiQ1xKy+Og+Ov9bi4xb2I53:PBgNE1m9BIzviaxwVvRln3

Malware Config

Targets

    • Target

      a9c537335aacaf94c51c2a82b31c9f7a_JaffaCakes118

    • Size

      14.2MB

    • MD5

      a9c537335aacaf94c51c2a82b31c9f7a

    • SHA1

      d2bb7cd8dc748f5d2ad299a247a352db3674761f

    • SHA256

      6191c156a448d559f8a0089cbbab9631fa6147e5391620193505b79589747da6

    • SHA512

      df9159009f089a516a9d5f5494d70a0b5f47bf9bd2e9bbf57461841dba487d9dea1f80428bc5e3b21606702d51699eefed9ef62648079b6047bf647154cbdc89

    • SSDEEP

      393216:PBgNE1c/Ms2WXHF+hzhBiQ1xKy+Og+Ov9bi4xb2I53:PBgNE1m9BIzviaxwVvRln3

    • Checks if the Android device is rooted.

    • Checks Android system properties for emulator presence.

    • Checks known Qemu files.

      Checks for known Qemu files that exist on Android virtual device images.

    • Checks known Qemu pipes.

      Checks for known pipes used by the Android emulator to communicate with the host.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

    • Queries information about the current nearby Wi-Fi networks

      Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

    • Queries the phone number (MSISDN for GSM devices)

    • Requests cell location

      Uses Android APIs to to get current cell information.

    • Requests cell location

      Uses Android APIs to to get current cell location.

    • Queries information about active data network

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Queries the mobile country code (MCC)

    • Queries the unique device ID (IMEI, MEID, IMSI)

    • Reads device software version

      Uses Android APIs to read software version number for the device (IMEI/SV for GSM devices).

    • Reads information about phone network operator.

    • Checks the presence of a debugger

MITRE ATT&CK Matrix

Tasks