General

  • Target

    ba7f7f013a817bf77253370452514d05_JaffaCakes118

  • Size

    27.8MB

  • Sample

    240618-jgdqqatcpd

  • MD5

    ba7f7f013a817bf77253370452514d05

  • SHA1

    89e5c5012294649d21ededbc1a881e1e2a92f84d

  • SHA256

    a1b9eae661910cffe5e55ee407e69bb64c93eb26352bfb29e66c2632e080c1b4

  • SHA512

    550fb08fb7b3347b8bfef685f3a12b0a0c65d6ec43aacdad98721ba020f5c606fdca5959339666cbd66c7026543605443f2374aa2ef42e0ba8685dc7f6c8e6d3

  • SSDEEP

    786432:f/YXs7ebDShH3N5VoNKGmf9UIJ4SmYliOxcM+eW1M9OEaRx:o872DSdVmwJi9E4Ssx

Malware Config

Targets

    • Target

      ba7f7f013a817bf77253370452514d05_JaffaCakes118

    • Size

      27.8MB

    • MD5

      ba7f7f013a817bf77253370452514d05

    • SHA1

      89e5c5012294649d21ededbc1a881e1e2a92f84d

    • SHA256

      a1b9eae661910cffe5e55ee407e69bb64c93eb26352bfb29e66c2632e080c1b4

    • SHA512

      550fb08fb7b3347b8bfef685f3a12b0a0c65d6ec43aacdad98721ba020f5c606fdca5959339666cbd66c7026543605443f2374aa2ef42e0ba8685dc7f6c8e6d3

    • SSDEEP

      786432:f/YXs7ebDShH3N5VoNKGmf9UIJ4SmYliOxcM+eW1M9OEaRx:o872DSdVmwJi9E4Ssx

    • Checks if the Android device is rooted.

    • Checks known Qemu files.

      Checks for known Qemu files that exist on Android virtual device images.

    • Checks known Qemu pipes.

      Checks for known pipes used by the Android emulator to communicate with the host.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

    • Queries information about the current nearby Wi-Fi networks

      Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

    • Queries the phone number (MSISDN for GSM devices)

    • Reads the content of photos stored on the user's device.

    • Requests cell location

      Uses Android APIs to to get current cell information.

    • Queries information about active data network

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Queries the unique device ID (IMEI, MEID, IMSI)

    • Reads information about phone network operator.

    • Listens for changes in the sensor environment (might be used to detect emulation)

    • Target

      bdxadsdk.jar

    • Size

      266KB

    • MD5

      170ce354f12852de7852a2cd8bfd6826

    • SHA1

      6068e357aa412ab67c263f20ebfcecfa55a27151

    • SHA256

      65a60000cbfd0dd36eefae21eb736eb3bb27c3acc7f0e87368896e6d9a756322

    • SHA512

      b04399dc7b7edfba26c3d055c434a221910d9916b3caca8d1768a8ffdcef2f6ddaf4e28187f23528a9209cac133586c050806de36848b3f7345434a088155835

    • SSDEEP

      6144:Ld666666666Pm7mJpNzlVtztmWlCshtenRJdzhiOZCFYcgGGcRnaNjjUiS:B666666666Pm7EzlVJtnl5EnRJiOZ/Gl

    Score
    1/10
    • Target

      gdtadv2.jar

    • Size

      468KB

    • MD5

      6bfe094580c89ba696ef8772de47a552

    • SHA1

      210bc4afce84b6e6bb36f97f68f9d3d9d3432643

    • SHA256

      a884e386bf4ec066c9a82518c354be513182add87107552b1f4cf33dc80bddd4

    • SHA512

      7ae8c9210957f06eb177fa0472ac1fcf80f0e6b1f308ec1906fe059c38623e404b37c34d9e8702cab66efc7ebfdc5400f1506db89b75a5fd1dd915ec2c2086a5

    • SSDEEP

      6144:Nz015KiQP/B4tKQ3OTNgdJHqn+9ZMsH5EK9JKp0KMNd4IoCJlv0gxWky9+T2k57:N/Z/B/NgdliEZMs9JhZ4kykTlJ

    Score
    1/10

MITRE ATT&CK Mobile v15

Tasks