General

  • Target

    af522761f8ea861e6757beec92ac6695_JaffaCakes118

  • Size

    5.5MB

  • Sample

    240615-txqqbsxbjg

  • MD5

    af522761f8ea861e6757beec92ac6695

  • SHA1

    bada80795243c4fa85ec3f591e7cee7de5992d6d

  • SHA256

    74e82d97b889754a7f8c6ec7d929c5369864fbd9d1ddf57d3bf7c455840e4462

  • SHA512

    0651235686b85d627254caada9288f68ff3ae2f7e6ae1bcada5efcf6f469d15fa9818145037009995b4a4c00344be8cfa5be543d8c9816f1506d0a9461ac5929

  • SSDEEP

    98304:e9x79BnXefIpqV3+hbSCg8VF6mzxJNZ4UXZP32DZkStPEbDb/Vo1Mi1pdcGvk:G79BOfIpqVQmC3z6mzxegUZB8rNGMn

Malware Config

Targets

    • Target

      af522761f8ea861e6757beec92ac6695_JaffaCakes118

    • Size

      5.5MB

    • MD5

      af522761f8ea861e6757beec92ac6695

    • SHA1

      bada80795243c4fa85ec3f591e7cee7de5992d6d

    • SHA256

      74e82d97b889754a7f8c6ec7d929c5369864fbd9d1ddf57d3bf7c455840e4462

    • SHA512

      0651235686b85d627254caada9288f68ff3ae2f7e6ae1bcada5efcf6f469d15fa9818145037009995b4a4c00344be8cfa5be543d8c9816f1506d0a9461ac5929

    • SSDEEP

      98304:e9x79BnXefIpqV3+hbSCg8VF6mzxJNZ4UXZP32DZkStPEbDb/Vo1Mi1pdcGvk:G79BOfIpqVQmC3z6mzxegUZB8rNGMn

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Obtains sensitive information copied to the device clipboard

      Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

    • Queries information about the current nearby Wi-Fi networks

      Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

    • Requests cell location

      Uses Android APIs to to get current cell location.

    • Acquires the wake lock

    • Queries information about active data network

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Queries the mobile country code (MCC)

    • Queries the unique device ID (IMEI, MEID, IMSI)

    • Reads information about phone network operator.

    • Listens for changes in the sensor environment (might be used to detect emulation)

    • Target

      __pasys_remote_banner.jar

    • Size

      108KB

    • MD5

      63ba17ca047dc71aa659c7ed8bb60de5

    • SHA1

      675bd0556bce8d43cd29a6d9b3d996d41f3e0b2b

    • SHA256

      2750f3af62f5b9d1d21f6a8215f529e472e7098ac16295b976a29115e8520a52

    • SHA512

      5b70f6bc391276d2034a97e371adad0a635caafdfc33d32791db1432d4cca3f0364e1af6b10b574df5c8f3345bd5539a4d70455aa521f10b239e68216f5ddc39

    • SSDEEP

      1536:JsIZFap4+HLANZ5+01fFI5iWBrANsLIHmd1C4i6L/AvuWD7i3z7Y6mrfrJvIC8O:JPZEpHrA3x1i53hxLOQ4I4mD3zk6mlI2

    Score
    1/10
    • Target

      __xadsdk__remote__final__.jar

    • Size

      65KB

    • MD5

      c83d02f3a965454b9d106beb5a111125

    • SHA1

      820f68024d29e40902a2ef041293b72de6f21202

    • SHA256

      39c93a5a72961e4664686f7a7ee10b82af182d1ea00ab188d99479f9b3d1a063

    • SHA512

      b9db74d0a9ecee9d70c9dad171199397d795836e0adc890c2ea37649274a42a56e67c8c901328f7c1d234e831f4d2e943d2c6e5c47043cda7f360a27a6b30442

    • SSDEEP

      1536:e/hsDoPAjTjYtsCO8MtccgEoH0KikQ4Mm1Zs:NjNn8+ol0KXTMm1q

    Score
    1/10

MITRE ATT&CK Matrix

Tasks