General

  • Target

    b6bb5798a60ef996c26c8b1cfed0e612_JaffaCakes118

  • Size

    31.3MB

  • Sample

    240617-ezzzfstgnc

  • MD5

    b6bb5798a60ef996c26c8b1cfed0e612

  • SHA1

    55a466f202a967f7ece322071429e4b853be869b

  • SHA256

    1b5875710a524b9447af6d8f398ba733fdb09d15d99844e24fca8736b92fa899

  • SHA512

    d5565b461175dc5e625400145555db075d997e3c2db923840516381bcd5f55b40c7e85c8d09454a15dd3926735d6747a83d6041fc57bf0f5452345a8977e0bbe

  • SSDEEP

    786432:qQfOL64Tn+IDLfGb2zaKDGJ7uk3pZa7SF/ClJL4toMY6W+hOMVQX3C8iguR:Rkrn+wGb22KCJt5sWF/kLOEOh5qHCOuR

Malware Config

Targets

    • Target

      b6bb5798a60ef996c26c8b1cfed0e612_JaffaCakes118

    • Size

      31.3MB

    • MD5

      b6bb5798a60ef996c26c8b1cfed0e612

    • SHA1

      55a466f202a967f7ece322071429e4b853be869b

    • SHA256

      1b5875710a524b9447af6d8f398ba733fdb09d15d99844e24fca8736b92fa899

    • SHA512

      d5565b461175dc5e625400145555db075d997e3c2db923840516381bcd5f55b40c7e85c8d09454a15dd3926735d6747a83d6041fc57bf0f5452345a8977e0bbe

    • SSDEEP

      786432:qQfOL64Tn+IDLfGb2zaKDGJ7uk3pZa7SF/ClJL4toMY6W+hOMVQX3C8iguR:Rkrn+wGb22KCJt5sWF/kLOEOh5qHCOuR

    Score
    7/10
    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Queries the phone number (MSISDN for GSM devices)

    • Target

      bdxadsdk.jar

    • Size

      85KB

    • MD5

      3c850ffec5bdd850f123077ca210a411

    • SHA1

      1c1ae4678b8a3b65640f047cb1bd72bc70d66f97

    • SHA256

      516023ce55fff40074d3c3d9016c023b1fc7dfba2b59c172f89141f1484d418e

    • SHA512

      aa3611687b6140ee9214392a84bc1ef55a6425a84a4e413dfcb2e936a931b9015e1e4ec53ad73539d26622427f9e6da0eae5c58ffc18285de42fc15639d786dd

    • SSDEEP

      1536:E4A1vm52J1h/mgxeek9/Ckkf1THL8BNbM/DXO8Q/3yJ463v6hHA0UGcVrSj:e9mkJ1tmg/I/tkdP8sa80O42uXcVrE

    Score
    1/10
    • Target

      muzhiwanapp.apk

    • Size

      6.8MB

    • MD5

      25a12b3e3d69b621f16d6809d57e37ee

    • SHA1

      7c3026ac9bef20aa6c274a0ae0b2894ed27a39c6

    • SHA256

      63a4443e53422abf80dffa60c088c72921a4d839d4070613427d9165909ea7e6

    • SHA512

      d04d3fd4fa2d0911f1831b29c5b3031cd45349f8b916a1400a1789751c341272edcdb37b20ba468f759962f1aa7da174a58ced8cfaab1ccefa27dba19b445b47

    • SSDEEP

      196608:udfDsgl7Fo3HcMg5+knzUsd3wIm1vM4MY2oNs:eAKm3lO+kz7dg3oGs

    • Checks if the Android device is rooted.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Obtains sensitive information copied to the device clipboard

      Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

    • Acquires the wake lock

    • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

    • Queries information about active data network

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Queries the unique device ID (IMEI, MEID, IMSI)

    • Reads information about phone network operator.

    • Target

      mzw_d

    • Size

      59KB

    • MD5

      b2a8fd2dba92c8f75869f79c70d441da

    • SHA1

      faaf88b3c3653fc205a3a125ccb77fbc87b76215

    • SHA256

      2514431fe50d909ac1385e07341ed8878b5f2400df151df5a43a59b98a31ea02

    • SHA512

      a66893a5bb935dfefdc12ea32c2407cf9d8d040ff82852b415c599beb94d002ce77ec15bbac3f78ae6758a8c7f5e83c799ad84fb8ce2e6763da88a9bb20aa7b6

    • SSDEEP

      1536:zsgtqpcH/obgLKxe7wust6XTyLaFcBowg/pL2Nka2MXX3C:zsqqKH/BKxXMXTym/pyKiXnC

    Score
    1/10
    • Target

      mzw_g

    • Size

      42KB

    • MD5

      c04d422c5a4bf58a127bbf2bf014965c

    • SHA1

      3b1f3f4ad21fe0febe567e5a56996a7e61658cf9

    • SHA256

      7a28fd857e1283e351d37931cc6e23cd6de5ad2fd4d3d23337a6f162b07f3978

    • SHA512

      6cb2768a8344e3da470472ea906b5be2e33a24384efe35cdc3c0b0c24351c3b34444a4d2d6a9e21c48927b85554aaa3904fb0361071c0711841565222253e0a8

    • SSDEEP

      768:ccPeR+EU5maX9WkB/gUrXFWLKxe7X+Fu9hRv6Xf3QpD+X7aFkuzkjEC:ccPeRiNWkZbgLKxe7wuzt6XCyLaFm3

    Score
    1/10
    • Target

      stasdk_core

    • Size

      2.1MB

    • MD5

      6bacfe7c44e9f86700711fb051cceea4

    • SHA1

      6727cffa12d2f6a870f99cc3b3443a4f552f4513

    • SHA256

      50b417f6a0b261458a858d152adf728914eddcbab1bd83ec25dd5fbad416c77e

    • SHA512

      4ceb590c6a9f7ec2c6959fe5cdd0b4a1ea3720134761aad47d6046d646af5a040510cf738ce540569ab25b83a4e79d1dff24376a78855641cbc01511b4a0ecd8

    • SSDEEP

      49152:gLrcZzVCuSfl9L1RoYfIpVWoTqK9cW8sQtwSmhM7+WRSdlc:gLGzoN9L1RBfIuoThKswmhHQS7c

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Target

      bdxadsdk.jar

    • Size

      85KB

    • MD5

      3c850ffec5bdd850f123077ca210a411

    • SHA1

      1c1ae4678b8a3b65640f047cb1bd72bc70d66f97

    • SHA256

      516023ce55fff40074d3c3d9016c023b1fc7dfba2b59c172f89141f1484d418e

    • SHA512

      aa3611687b6140ee9214392a84bc1ef55a6425a84a4e413dfcb2e936a931b9015e1e4ec53ad73539d26622427f9e6da0eae5c58ffc18285de42fc15639d786dd

    • SSDEEP

      1536:E4A1vm52J1h/mgxeek9/Ckkf1THL8BNbM/DXO8Q/3yJ463v6hHA0UGcVrSj:e9mkJ1tmg/I/tkdP8sa80O42uXcVrE

    Score
    1/10
    • Target

      gdtadv2.jar

    • Size

      142KB

    • MD5

      f0b930680aa93a62bb77d1916e64a3d7

    • SHA1

      fc30b5641b8d32e4efeaf409d07a4d520a95a6da

    • SHA256

      8f109682334d43d811c7d56620c5eb30c9bc1a89f3f36b91232aeb142a6f6ba7

    • SHA512

      2a503f3aefd5ed8634dbc85cd952d10625e4bc18badc0661c7cfcc3345cfb43ba1e153d9fb264703e4cf0d6c40ac601942e841b9537125072f884c283adb5b99

    • SSDEEP

      3072:mZmii8gAi97ZHbwRILfiNJkAzzBdtCQnm:m8B99TZA/3m

    Score
    1/10

MITRE ATT&CK Mobile v15

Tasks