General

  • Target

    b4ae1913693cce0ae835a53bf53f3cbd_JaffaCakes118

  • Size

    20.9MB

  • Sample

    240616-xkk6vswhpl

  • MD5

    b4ae1913693cce0ae835a53bf53f3cbd

  • SHA1

    a7fdd263dfe046371d5ea5402551059463cbea40

  • SHA256

    17408aa9ad3aadefdacceb3879d00eb235b1f04789beec752a1ea290e1934fd2

  • SHA512

    56e3268a73aba833e0b7781694c14127fbe064aba2609476ef8a7922037edbc2cefbd9a5d05bfc001d52444dc62d425c82217b3176a98ac5337e6c365ca97278

  • SSDEEP

    393216:1QKriYcYgCpc6hZ0N+XecCATuST54lCKNaYhI0QwauMtzsdTZJAaRK994oEghD:R+nYgCpc6hOIXtTTuSF4lFNIYt8INLAD

Malware Config

Targets

    • Target

      b4ae1913693cce0ae835a53bf53f3cbd_JaffaCakes118

    • Size

      20.9MB

    • MD5

      b4ae1913693cce0ae835a53bf53f3cbd

    • SHA1

      a7fdd263dfe046371d5ea5402551059463cbea40

    • SHA256

      17408aa9ad3aadefdacceb3879d00eb235b1f04789beec752a1ea290e1934fd2

    • SHA512

      56e3268a73aba833e0b7781694c14127fbe064aba2609476ef8a7922037edbc2cefbd9a5d05bfc001d52444dc62d425c82217b3176a98ac5337e6c365ca97278

    • SSDEEP

      393216:1QKriYcYgCpc6hZ0N+XecCATuST54lCKNaYhI0QwauMtzsdTZJAaRK994oEghD:R+nYgCpc6hOIXtTTuSF4lFNIYt8INLAD

    • Checks if the Android device is rooted.

    • Patched UPX-packed file

      Sample is packed with UPX but required header fields are zeroed out to prevent unpacking with the default UPX tool.

    • Checks Android system properties for emulator presence.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Queries information about active data network

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Queries the mobile country code (MCC)

    • Reads information about phone network operator.

    • Requests dangerous framework permissions

    • Target

      MidasEmptyRes1.apk

    • Size

      5KB

    • MD5

      ea61a6cf8e8833e6181fe290d3255bb9

    • SHA1

      d1fc64d826b85c9cfbcc06fdeb7a01fc5437d873

    • SHA256

      a3c9e0815200dd3393499989525b95eace42f75c2be9f06c4b48a0d649d783ec

    • SHA512

      690c52c6ab0c8dce871ff23bde14723815a4bc607893f8ff5c5172228a1d955cddf6f8d12d3dde0104d1c92e3f9a0432707d322f8132b36c3827561b388f8896

    • SSDEEP

      96:dPG7WMxInKy+0E8AGtFvrPdOdAf56PgIDdy0QCGOf:JG6MxWtERGtFZfIDdQCxf

    Score
    1/10
    • Target

      MidasEmptyRes2.apk

    • Size

      5KB

    • MD5

      29c6ab67b0572e394966650ef75418f6

    • SHA1

      563dcba764e7106e5a36a1fea5535100a0ea8332

    • SHA256

      c23dd26a9322a795f589be767b9422d41b109a5bd1e570e6423344612fb8c58e

    • SHA512

      8bad8ea18caa86d1eec4b8f63527d0f32a39224fe27876a9e1a1e23f50d2dae0135db6ec7e4bdadcec1a4c8dbb0055234ccd0f5fbe96e31f18baa9318bab81de

    • SSDEEP

      96:pfDdxInKy+0EQ41uB9+6RJokQoKnXsUUgI+Ri/h:pf5xWtEmBrJoPHn/I+Rip

    Score
    1/10
    • Target

      verify.jar

    • Size

      557B

    • MD5

      a2de393d397dee188d6b0c16c39aaeb8

    • SHA1

      4d5b10b8fbb706bfc17efc4fe628a635136c7ad9

    • SHA256

      d6996db327958cb63a88092837d02a8c1f796348c00d4c88209aa5ea7ee076be

    • SHA512

      7e15992c5d8e4bcae03f10355f3fe2b3b72d1bd3f153ffc00e11a8efc80cfdb680061274fff1e11e2ee4377a96d78cfbf80c92ed48376fb19cd7158f9b5f92b8

    Score
    1/10

MITRE ATT&CK Mobile v15

Tasks