General

  • Target

    bb0bc84746876b6fe85d2020570d002c_JaffaCakes118

  • Size

    263KB

  • Sample

    240618-lcyw7s1flj

  • MD5

    bb0bc84746876b6fe85d2020570d002c

  • SHA1

    bef44f07009a81c949c6b978e02fbcf168a9d751

  • SHA256

    ac13113ceb4091d4e776cc387aebe24b2cad0c81fda555842bf5d5be9c125968

  • SHA512

    8979a128762bfe9fa96d2d766f6dcaf4e625d0284ecbf418396da97dc33ea2999890fec77c64ecf7cddb2fd1350455134ea10c7c0159a35994c0a76612904966

  • SSDEEP

    6144:XHKPNvivXSCeVvnD2IJOsBFaw4IzEsS/ZXBc2Y4MT5fNA:ki6tQIwsBFa/IvcR9UA

Malware Config

Targets

    • Target

      bb0bc84746876b6fe85d2020570d002c_JaffaCakes118

    • Size

      263KB

    • MD5

      bb0bc84746876b6fe85d2020570d002c

    • SHA1

      bef44f07009a81c949c6b978e02fbcf168a9d751

    • SHA256

      ac13113ceb4091d4e776cc387aebe24b2cad0c81fda555842bf5d5be9c125968

    • SHA512

      8979a128762bfe9fa96d2d766f6dcaf4e625d0284ecbf418396da97dc33ea2999890fec77c64ecf7cddb2fd1350455134ea10c7c0159a35994c0a76612904966

    • SSDEEP

      6144:XHKPNvivXSCeVvnD2IJOsBFaw4IzEsS/ZXBc2Y4MT5fNA:ki6tQIwsBFa/IvcR9UA

    • Removes its main activity from the application launcher

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Obtains sensitive information copied to the device clipboard

      Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Queries account information for other applications stored on the device

      Application may abuse the framework's APIs to collect account information stored on the device.

    • Queries information about active data network

    • Queries the mobile country code (MCC)

    • Queries the unique device ID (IMEI, MEID, IMSI)

    • Reads information about phone network operator.

MITRE ATT&CK Matrix

Tasks