General

  • Target

    0463719b17d6d11d364aefe067669468_JaffaCakes118

  • Size

    4.7MB

  • Sample

    240728-beqcqssane

  • MD5

    0463719b17d6d11d364aefe067669468

  • SHA1

    e7dc170ecb885081a95c9ca6940bbb2b8c6d2ae9

  • SHA256

    afe9d5ea1d5b43b83c35ec40464a1dbe05ffeb563c059cba0b8e153a90d87e08

  • SHA512

    b97a43174028b3ded889f0f3c77947b847da2a45d81a8fd03b4057c7e1f3c3de91488c3c85beb99ecdca55ed55669e6418d05cc1b653676cd4a1afd1660aa8f7

  • SSDEEP

    98304:38iFw0+DXKG6sgZOkLQphj3vmw+v+wzQNqttVbvqZKfGgp4JI:3B+7KG6Z4hrRe+wzhFbS4f4O

Malware Config

Targets

    • Target

      0463719b17d6d11d364aefe067669468_JaffaCakes118

    • Size

      4.7MB

    • MD5

      0463719b17d6d11d364aefe067669468

    • SHA1

      e7dc170ecb885081a95c9ca6940bbb2b8c6d2ae9

    • SHA256

      afe9d5ea1d5b43b83c35ec40464a1dbe05ffeb563c059cba0b8e153a90d87e08

    • SHA512

      b97a43174028b3ded889f0f3c77947b847da2a45d81a8fd03b4057c7e1f3c3de91488c3c85beb99ecdca55ed55669e6418d05cc1b653676cd4a1afd1660aa8f7

    • SSDEEP

      98304:38iFw0+DXKG6sgZOkLQphj3vmw+v+wzQNqttVbvqZKfGgp4JI:3B+7KG6Z4hrRe+wzhFbS4f4O

    • Hydra

      Android banker and info stealer.

    • Hydra payload

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Queries information about active data network

    • Queries the mobile country code (MCC)

    • Reads information about phone network operator.

MITRE ATT&CK Mobile v15

Tasks