Resubmissions

14-06-2024 16:03

240614-thb9dsxena 7

14-06-2024 13:19

240614-qknhnawcqj 7

General

  • Target

    a9e039643a685fae0b5acf93d2eb9396_JaffaCakes118

  • Size

    9.8MB

  • Sample

    240614-qknhnawcqj

  • MD5

    a9e039643a685fae0b5acf93d2eb9396

  • SHA1

    b471bca4adec36a2c66d1f27e298cccb910a828c

  • SHA256

    3049525acfd4b5bb9935392923aa71c21aa77fd271029b1b298470da12c7ad6f

  • SHA512

    55a8b6068a5b7444edf5e40d1a5911f245f07d8c966916ac8450d0d00f9b1254ccdf0cd0ecc908922a90a54e1824c3bbdc451b6c2d0679aee4207e7712d6ccce

  • SSDEEP

    196608:zPUozgEEDZppYD8rZaaukyOykB1yWj/1pxvwUn6bJzsNaB/9izzknbbg:r9zgHDtZazVU1pxvAbpxB1bbg

Malware Config

Targets

    • Target

      a9e039643a685fae0b5acf93d2eb9396_JaffaCakes118

    • Size

      9.8MB

    • MD5

      a9e039643a685fae0b5acf93d2eb9396

    • SHA1

      b471bca4adec36a2c66d1f27e298cccb910a828c

    • SHA256

      3049525acfd4b5bb9935392923aa71c21aa77fd271029b1b298470da12c7ad6f

    • SHA512

      55a8b6068a5b7444edf5e40d1a5911f245f07d8c966916ac8450d0d00f9b1254ccdf0cd0ecc908922a90a54e1824c3bbdc451b6c2d0679aee4207e7712d6ccce

    • SSDEEP

      196608:zPUozgEEDZppYD8rZaaukyOykB1yWj/1pxvwUn6bJzsNaB/9izzknbbg:r9zgHDtZazVU1pxvAbpxB1bbg

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

    • Requests cell location

      Uses Android APIs to to get current cell location.

    • Queries information about active data network

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Queries the mobile country code (MCC)

    • Reads information about phone network operator.

    • Requests dangerous framework permissions

    • Listens for changes in the sensor environment (might be used to detect emulation)

    • Target

      tghool

    • Size

      1.2MB

    • MD5

      f50cc84c221f9b8f642e3d1292dfa3c5

    • SHA1

      ee96149dd682f034c28222f2c66dfe37e2fb40d5

    • SHA256

      40a3fe315e7ce41de6a5ae226fba1bd7b37e8eb3c18611f3c6694eb84c597a7d

    • SHA512

      66a86af872fa117b40a4a38c88c33e27200863cb618620eda6dd303cac48f2bbaa3ad161710661d3f0ddd1961efd5e116acde3930897036592b95344cf917beb

    • SSDEEP

      24576:TmPCLhk6dro+9jkCsCOZ7+sk5/9jnd5kv1SzJ+Mi3Hby9xazTzRqNmPgLPXU3:TmPC9k6drTk97+skHZyG+zTzgNmqvU3

    Score
    7/10
    • Checks Android system properties for emulator presence.

    • Queries the phone number (MSISDN for GSM devices)

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Reads information about phone network operator.

    • Target

      gleac.jar

    • Size

      34KB

    • MD5

      cdf5f6107facc1e64e61ec0f870a97f4

    • SHA1

      9b0a1598bc8ec5279c31dbd29ffa61a9210c37c3

    • SHA256

      86eb7b458dd96584a6ace91a13f52a65694a37f8fb70df3f7dd9749dfac5980d

    • SHA512

      225db7881f1db19146e4ec6c6d305cf629ae420c6bd1e8d429ffbf9695b863dcc079c6728337661f3d3e4baf0d9220e211c41d9b0c6258632ca69fae00fbaccf

    • SSDEEP

      768:uymJYcpSnWP4rN90nv2xU0u60DHHFwbPuVJJfqZRJlz5N:aQWuN9sv2xU0u60bHFwIJmRJJ5N

    Score
    1/10

MITRE ATT&CK Matrix

Tasks