General

  • Target

    b6ce7d4d35d5cd390b1d71b6585de8db_JaffaCakes118

  • Size

    12.1MB

  • Sample

    240617-fa28ysvdla

  • MD5

    b6ce7d4d35d5cd390b1d71b6585de8db

  • SHA1

    9887f7a1f4f5a291564b820c907a90290f2f6246

  • SHA256

    6da84996845fde20db45391351da159855ea071641b079eec3ff8b9b5f396e61

  • SHA512

    e9ccf5942d3c57ab5ecc172fcf6675e6cb1b5be51fee43c1b9f820471a9196eee910a8c223ad08c28217342e1f398e207f32f3e77ac4602f514c14624edcafa8

  • SSDEEP

    196608:b3pV2CSLaRgD2gfHoSYPRidWLJClArucbPUOHZanYHsgl+/HLo:b3pE7LN2gfscaReOoYHAM

Malware Config

Targets

    • Target

      b6ce7d4d35d5cd390b1d71b6585de8db_JaffaCakes118

    • Size

      12.1MB

    • MD5

      b6ce7d4d35d5cd390b1d71b6585de8db

    • SHA1

      9887f7a1f4f5a291564b820c907a90290f2f6246

    • SHA256

      6da84996845fde20db45391351da159855ea071641b079eec3ff8b9b5f396e61

    • SHA512

      e9ccf5942d3c57ab5ecc172fcf6675e6cb1b5be51fee43c1b9f820471a9196eee910a8c223ad08c28217342e1f398e207f32f3e77ac4602f514c14624edcafa8

    • SSDEEP

      196608:b3pV2CSLaRgD2gfHoSYPRidWLJClArucbPUOHZanYHsgl+/HLo:b3pE7LN2gfscaReOoYHAM

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Obtains sensitive information copied to the device clipboard

      Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

    • Queries information about the current nearby Wi-Fi networks

      Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

    • Queries the phone number (MSISDN for GSM devices)

    • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

    • Queries information about active data network

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Queries the mobile country code (MCC)

    • Queries the unique device ID (IMEI, MEID, IMSI)

    • Reads information about phone network operator.

    • Requests dangerous framework permissions

    • Target

      alipay_msp.apk

    • Size

      748KB

    • MD5

      d06ea38e4210a87d6b96f8b0491df677

    • SHA1

      3ba573396398757088e559a9d372049a377eb05a

    • SHA256

      76a24f83ad15586ff9a2081e420a707be9ddb0b5047e5b6de5974c41624ff2c1

    • SHA512

      3d43e5bfad2b703a804a53048b6a88228a11fb80ac641d6594f774cc07f6c7367e0ee80b29966d02c9206542f467f55b0f1ddbbfef0ec372256314a7d1071f30

    • SSDEEP

      12288:IjRAsoln+WMB1EgrGERh4xWgtSM7vXrRCn4I5p2Cnfv:IjRApZ+WM7yER61P7jw4IGSfv

    Score
    1/10
    • Target

      epayx.jar

    • Size

      175KB

    • MD5

      e70d3c3ff87401690af6a24542304a6c

    • SHA1

      4ed2a412969626fb6f7cba98338c29160f9b99c2

    • SHA256

      6a752a41d365e98a27cdad043a69d688b320df708227deb182b276ef14e87351

    • SHA512

      15b102a0397becccaf1780df053290e4569b4fe3c28cf722922df7dca3cb72b8ebf89ab33cea62354038eaf3d1dbad39f3696ced47ceeb0365b84a5716b57548

    • SSDEEP

      3072:Zaau3uCBHk77yuepqPs7R35NON2UUuE2oFFN9aDDMVEnYdY+HUbfGer:Za7dHl0MR35NOUUqRFFN0v8EnYdYmU7B

    Score
    1/10

MITRE ATT&CK Mobile v15

Tasks