General

  • Target

    bcbb97c44674c0fa9ee662d2faa83e96_JaffaCakes118

  • Size

    11.1MB

  • Sample

    240618-s7aw7azeja

  • MD5

    bcbb97c44674c0fa9ee662d2faa83e96

  • SHA1

    b339c5a821cf8129b29bdc86d5a8cdde8a25490e

  • SHA256

    a84fcb8cecea4ada83ad0725925e121e9c56ceadd54c1dcb6566ccd2eea0abdb

  • SHA512

    9601026ca128430b465920e09502dfae2efe13e5c7816dcf638b7ca2fb5508ab78205c8637b3ab5d9d20419e98343b66fd0fee2ca70a1c83bffc87f65ff8b834

  • SSDEEP

    196608:Y2+mbMGvTPg+T2eebq1HKmYKziFbJfi9XyN3yeJ4H2mid76ZrXYCidv4l3VW:GGE+T2KEQzVOE2xMYCiypVW

Malware Config

Targets

    • Target

      bcbb97c44674c0fa9ee662d2faa83e96_JaffaCakes118

    • Size

      11.1MB

    • MD5

      bcbb97c44674c0fa9ee662d2faa83e96

    • SHA1

      b339c5a821cf8129b29bdc86d5a8cdde8a25490e

    • SHA256

      a84fcb8cecea4ada83ad0725925e121e9c56ceadd54c1dcb6566ccd2eea0abdb

    • SHA512

      9601026ca128430b465920e09502dfae2efe13e5c7816dcf638b7ca2fb5508ab78205c8637b3ab5d9d20419e98343b66fd0fee2ca70a1c83bffc87f65ff8b834

    • SSDEEP

      196608:Y2+mbMGvTPg+T2eebq1HKmYKziFbJfi9XyN3yeJ4H2mid76ZrXYCidv4l3VW:GGE+T2KEQzVOE2xMYCiypVW

    • Checks if the Android device is rooted.

    • Checks known Qemu files.

      Checks for known Qemu files that exist on Android virtual device images.

    • Checks known Qemu pipes.

      Checks for known pipes used by the Android emulator to communicate with the host.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

    • Queries information about the current nearby Wi-Fi networks

      Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

    • Requests cell location

      Uses Android APIs to to get current cell location.

    • Queries information about active data network

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Queries the unique device ID (IMEI, MEID, IMSI)

    • Reads information about phone network operator.

    • Listens for changes in the sensor environment (might be used to detect emulation)

    • Target

      gdtadv2.jar

    • Size

      636KB

    • MD5

      cf57d4f9f2ccd86816c4f02989252423

    • SHA1

      6978f24478ba9baa004bf4d21db251fe67957ec2

    • SHA256

      e6df28c535e661d33a134407674c32555fb985a6a8f3bf8ec743150db61fa7ec

    • SHA512

      f759aea4c4fb91ce69f8238bd0e7c0f99b826cad04fc9c5f47c5afde2eceaf71d515d00f0e08b73c169e1a8bd21a17ddd3971bae27ddeb6960daaf5c5d719d4b

    • SSDEEP

      12288:lsocNwAPog24tsNbfevYHzN953QZlo5M0f+DMpP7x07S232vjUG:MNvPA9oYHzN953QEM0npDx0nm

    Score
    1/10

MITRE ATT&CK Mobile v15

Tasks