General

  • Target

    afc2d424bb26b782dc7eaf658a7340bc_JaffaCakes118

  • Size

    12.7MB

  • Sample

    240615-w1j33atgrj

  • MD5

    afc2d424bb26b782dc7eaf658a7340bc

  • SHA1

    8e31cd91c6feb65fb3d42bc2c8743ca29bcb295a

  • SHA256

    04b536e55407046a9cf7e19c0ff95a322f2e508f961dfad73aaec027b8215c7b

  • SHA512

    171133e3180260a9b236ff5de1ed514c3ce22e88f4cf008a2a20c2967f0d1e606d9eff2865304daf63d8807131a62d544217ae8bd515ba1be95f19bad10b4436

  • SSDEEP

    196608:HsGKnnGIDR2fVDP+oNwJyGzNN6EBGVTE+6iTQ4VQ/xJ6Q1Kh0lUI1uy/sfhMgE6m:TLIE6jpK59NTQ4VQpJ7dSDn6g5JPq1

Malware Config

Targets

    • Target

      afc2d424bb26b782dc7eaf658a7340bc_JaffaCakes118

    • Size

      12.7MB

    • MD5

      afc2d424bb26b782dc7eaf658a7340bc

    • SHA1

      8e31cd91c6feb65fb3d42bc2c8743ca29bcb295a

    • SHA256

      04b536e55407046a9cf7e19c0ff95a322f2e508f961dfad73aaec027b8215c7b

    • SHA512

      171133e3180260a9b236ff5de1ed514c3ce22e88f4cf008a2a20c2967f0d1e606d9eff2865304daf63d8807131a62d544217ae8bd515ba1be95f19bad10b4436

    • SSDEEP

      196608:HsGKnnGIDR2fVDP+oNwJyGzNN6EBGVTE+6iTQ4VQ/xJ6Q1Kh0lUI1uy/sfhMgE6m:TLIE6jpK59NTQ4VQpJ7dSDn6g5JPq1

    • Checks if the Android device is rooted.

    • Obtains sensitive information copied to the device clipboard

      Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

    • Queries information about the current nearby Wi-Fi networks

      Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

    • Queries the phone number (MSISDN for GSM devices)

    • Requests cell location

      Uses Android APIs to to get current cell location.

    • Acquires the wake lock

    • Queries information about active data network

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Queries the mobile country code (MCC)

    • Queries the unique device ID (IMEI, MEID, IMSI)

    • Reads information about phone network operator.

    • Listens for changes in the sensor environment (might be used to detect emulation)

MITRE ATT&CK Matrix

Tasks