General

  • Target

    a9b2c260d1d89ba703317afcc592e6ac_JaffaCakes118

  • Size

    9.5MB

  • Sample

    240614-pr7pfavbpk

  • MD5

    a9b2c260d1d89ba703317afcc592e6ac

  • SHA1

    ed8ea75087c386bc2563cb054be322af050e21af

  • SHA256

    5ce8d16497a2e813bae229f26f00088fcc1cf149540f9f9cc4f1b2304e523dbb

  • SHA512

    c9f0720cdb327911e24d4d6116fe696adadae94b6299521c74af72f5e8479f8617d68cab22511a8de1efb4a7a60e75f0edb2bc301332b41926ef9a0b1945d242

  • SSDEEP

    196608:FD8JnZv+pBmD6OMj0tSVthtpeHdb7oo/m5mSCq+8M1lcXo8gDvb43e+spDLYt0P:FDIZvEB46OlSzh/8AdvM1lcX1gDD4YpR

Malware Config

Targets

    • Target

      a9b2c260d1d89ba703317afcc592e6ac_JaffaCakes118

    • Size

      9.5MB

    • MD5

      a9b2c260d1d89ba703317afcc592e6ac

    • SHA1

      ed8ea75087c386bc2563cb054be322af050e21af

    • SHA256

      5ce8d16497a2e813bae229f26f00088fcc1cf149540f9f9cc4f1b2304e523dbb

    • SHA512

      c9f0720cdb327911e24d4d6116fe696adadae94b6299521c74af72f5e8479f8617d68cab22511a8de1efb4a7a60e75f0edb2bc301332b41926ef9a0b1945d242

    • SSDEEP

      196608:FD8JnZv+pBmD6OMj0tSVthtpeHdb7oo/m5mSCq+8M1lcXo8gDvb43e+spDLYt0P:FDIZvEB46OlSzh/8AdvM1lcX1gDD4YpR

    • Checks if the Android device is rooted.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

    • Queries the phone number (MSISDN for GSM devices)

    • Reads the content of SMS inbox messages.

    • Requests cell location

      Uses Android APIs to to get current cell location.

    • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

    • Queries information about active data network

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Target

      com.skymobi.pay.plugin.main_v10007.pl

    • Size

      48KB

    • MD5

      dca3021ed01128f364b7f7fb0f9bd8c6

    • SHA1

      84283a351203a413a3ef81c528990f6cd9fed6e3

    • SHA256

      a211b3523f07c7f94741a1e21939e56394f14f48393b4c21de4e9af62846142f

    • SHA512

      e7615669e78a2ac1a06086b0a4f2611da40764d2104555a541f4e8dcec79ddcdbdff35db3847c0b6560a99a021f64a7ebba6d71cbd6d1c06800f5710a3ec0a8a

    • SSDEEP

      1536:iLDtaGi/ddEfRFQvhFuKHmuwtu4d7wvANX:Qx7ZFQnuumTl7YANX

    Score
    1/10
    • Target

      com.skymobi.pay.plugin.recordupload_v10007.pl

    • Size

      39KB

    • MD5

      5da0bc37cf83ba99e9c21567a1aeb1e6

    • SHA1

      1d1016d7ec6b5091d02184e275f44766aa7001fe

    • SHA256

      ef4d124f1473a2522d3b87eb8fccf2dd5befd44077270e7ed50fdd7dbea17741

    • SHA512

      f03815b87bb36b965c694d4864afaaa9773c11de195114951a9afe60dd05b32868d2ec07bcabd865f4d9754f9da0f4f8418cc6f9205f7b10ced8685202d63193

    • SSDEEP

      768:Mr0xodh9LCbCIbV/WiN4jnmzlLZQJcdOCraoTN5f++RbM+n1vQ:MoWdTiVZNmuZ6PGaoTN5mOnvQ

    Score
    1/10
    • Target

      com.skymobi.pay.plugin.smspay_v10007.pl

    • Size

      174KB

    • MD5

      3b44c6d366327c895ad1be7a384fab7d

    • SHA1

      2952db619d4cb5c4e44a0e78a866ab53b1e5c578

    • SHA256

      dc238778e37fde3b8f5224f6d1dd8f4576e412cbe9cb0bf785a7c5d6e055644e

    • SHA512

      437aa29c1a731016d9226a3bf4aa2aa7f730b2e34b78d99c9e103c02c746c6aace74970cfbd0543d0fd6c902f229874833de896737aaddb534cb4a38ecca1091

    • SSDEEP

      3072:6iYs6cIbEcwMmDD1NM3IWOgUU+k5+Mmu5hCdmFv1kPJKDGgQkibQl8+18aaXfAYT:65NcNM36O5hCBPJaniQ18aGAYM1lcXr

    Score
    1/10

MITRE ATT&CK Matrix

Tasks