General

  • Target

    b04db9afd00c9379030e85121eddb0f4_JaffaCakes118

  • Size

    30.2MB

  • Sample

    240615-1wf8tswdkd

  • MD5

    b04db9afd00c9379030e85121eddb0f4

  • SHA1

    ca1b60d781083419f5a5b7506792fc081302e5a3

  • SHA256

    6cb5af2267eaadf2af30147bb3c59c992949936d906060bfc0dfab8903e16d18

  • SHA512

    40d5d555c9175aebc769cdfaa9f510143bd044eefcd85086b7307233d0e29bb8cce718b91fce6827f565ffe3068931542d01048fd1959b77f7dda701562d57df

  • SSDEEP

    786432:GeWzy+aPUOP3kOKlV2ZW9PrrGINNX6UKGsy/mvneX7PD8drtJJsjnkfEm0dw:YMkOKl0ZsHGITX6UKGsSIneX7LewkJr

Malware Config

Targets

    • Target

      b04db9afd00c9379030e85121eddb0f4_JaffaCakes118

    • Size

      30.2MB

    • MD5

      b04db9afd00c9379030e85121eddb0f4

    • SHA1

      ca1b60d781083419f5a5b7506792fc081302e5a3

    • SHA256

      6cb5af2267eaadf2af30147bb3c59c992949936d906060bfc0dfab8903e16d18

    • SHA512

      40d5d555c9175aebc769cdfaa9f510143bd044eefcd85086b7307233d0e29bb8cce718b91fce6827f565ffe3068931542d01048fd1959b77f7dda701562d57df

    • SSDEEP

      786432:GeWzy+aPUOP3kOKlV2ZW9PrrGINNX6UKGsy/mvneX7PD8drtJJsjnkfEm0dw:YMkOKl0ZsHGITX6UKGsSIneX7LewkJr

    • Checks if the Android device is rooted.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

    • Queries information about the current nearby Wi-Fi networks

      Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

    • Acquires the wake lock

    • Queries information about active data network

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Reads information about phone network operator.

    • Target

      AdHack.jar

    • Size

      616B

    • MD5

      aba337fad9e968aa4ecd74e7c24fa897

    • SHA1

      a23d1da61f2b7ce6c6f00182478e229b5ed6fda0

    • SHA256

      b57d5c326f31f872c5746848223ca5a7451edcdae7f6944e9b725a77447d69b9

    • SHA512

      9d84e6ae2214f91ac5e9c69a99d54e8335cd4005b372d0f13bd05ad31eacd231f3b40539ceff8e636ef50b5b89325c735144bd956815a86b33f2bd4913a6efed

    Score
    1/10

MITRE ATT&CK Matrix

Tasks