General

  • Target

    a99c3331971c06a04cbd57bf6f096f52_JaffaCakes118

  • Size

    15.0MB

  • Sample

    240614-pcs8haterr

  • MD5

    a99c3331971c06a04cbd57bf6f096f52

  • SHA1

    7cad09e151d7a764b194c5ec32249826bc990d38

  • SHA256

    4153144cb518590664a14ad5038676688c95b33947aebce938d51b74051e9b73

  • SHA512

    d500c803b85e41e181e0f038a9bfb82023138dc390b83576e3df57564bd7b9d2b00f7a08016f2469735c0a3f47a87ec0a9e238f3c4db45dad424a6874af7dfa4

  • SSDEEP

    393216:EWv7HgGQqHIDxPZYw9usZGiEAXxHA3AUdYQu3O:Hv0GQqHItPnfgAXx+AKFu3O

Malware Config

Targets

    • Target

      a99c3331971c06a04cbd57bf6f096f52_JaffaCakes118

    • Size

      15.0MB

    • MD5

      a99c3331971c06a04cbd57bf6f096f52

    • SHA1

      7cad09e151d7a764b194c5ec32249826bc990d38

    • SHA256

      4153144cb518590664a14ad5038676688c95b33947aebce938d51b74051e9b73

    • SHA512

      d500c803b85e41e181e0f038a9bfb82023138dc390b83576e3df57564bd7b9d2b00f7a08016f2469735c0a3f47a87ec0a9e238f3c4db45dad424a6874af7dfa4

    • SSDEEP

      393216:EWv7HgGQqHIDxPZYw9usZGiEAXxHA3AUdYQu3O:Hv0GQqHItPnfgAXx+AKFu3O

    • Checks if the Android device is rooted.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

    • Queries the phone number (MSISDN for GSM devices)

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

    • Queries information about active data network

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Queries the unique device ID (IMEI, MEID, IMSI)

    • Reads information about phone network operator.

    • Checks the presence of a debugger

    • Target

      a.b.c.d.e.cache.jar

    • Size

      31KB

    • MD5

      82e95643221bd49928a85d8960088e94

    • SHA1

      18aeb5282e46d3ca6b4280ef3f972c6c9d447256

    • SHA256

      e4fa449a63b98ba6e6b9b0801c727371fb3552232920a5b7ea91a37d32afe147

    • SHA512

      4da607f2ad08a33c2da3fa6784a2543169f5849999c89c0d33f448a9ffb177c35804569500ade9d08ca700a3e3a3b51aceb2fe6af8b4a64d9d1b4ee9ae40e6b4

    • SSDEEP

      768:vFBxNF66DSmzK82daaEkDNfi3C9ub7Jrn3S0YbmS4qJz2:vFnb/DDUEMaSm9n3S0YbmSn8

    Score
    1/10
    • Target

      a.b.c.d.e.jar

    • Size

      71KB

    • MD5

      5cc833906958f10ef78ba2899a97c4de

    • SHA1

      a72f1928f4ebc9e4a0a97b35d10f7f1faec2778c

    • SHA256

      d5b786917c192711903c500c023b96d457ed97646e024665b6e2bc9b31b8032f

    • SHA512

      9368a958d8a57de177c0fd717221ce2e781a8e2e0b16d2f044f954641d627dacd2fa0fe5eb20814150f760b5e5bc6fe4d968de8b2d6bca4519a139e21f754298

    • SSDEEP

      1536:5xMtb7Pi8MI8OeA2Bppn+R8TdKkV8yb7RycnN0qYEXHd6u:T4bj+ie9B7+RaOyTnuq0u

    Score
    1/10
    • Target

      gdtadv2.jar

    • Size

      385KB

    • MD5

      824cb780ec81bb7366121b103e9820c0

    • SHA1

      149a0a58257fc4d67722c0a218d4a9119cd9304f

    • SHA256

      6d37ca4a40fcbcde1d8aaa1bba643e349614b8600166c50b03e397083725ce90

    • SHA512

      658b65bd1b7c044ce4d497378dbdde5915b9e1e57d4911d00df4d694326c15410be7bae556c6ebd335e8f68b619a333856b20213f624874cd0ea1eef0c26672b

    • SSDEEP

      6144:oHieHgKECmWW/O4TsEcyFTGl812C9xSzmkoEPn5iXQ9leg6Ob8ggUdJTtUsqpz:kiXbCBW5T7trBxPWA1Ob8sdJTUz

    Score
    1/10

MITRE ATT&CK Matrix

Tasks