General

  • Target

    04740989c14ab33a2ff2696db96d0c1f_JaffaCakes118

  • Size

    4.6MB

  • Sample

    240728-bg171ssckf

  • MD5

    04740989c14ab33a2ff2696db96d0c1f

  • SHA1

    997b7fa513c2c6ecce1247f129da6680e8a4c97b

  • SHA256

    5cb252c70a223901b3005816ddd87a0e7e67f32bb44af63cb6dc1482f9bcd577

  • SHA512

    fa1a714626215f057007bc5759b5ba6b0108da6c08f331643322ff05195ffa0929c1be2377e612c06fe427e9c643611eb6805251ef29fe3fbacd18cdcf117a28

  • SSDEEP

    98304:21EqttcTPcM640/AB+b7n7Vg7W3vuPbqwTKCvqeMKXDDLYEfKr9:UsT0MbhB+v7p32PewTKaTzDVfKr9

Malware Config

Targets

    • Target

      04740989c14ab33a2ff2696db96d0c1f_JaffaCakes118

    • Size

      4.6MB

    • MD5

      04740989c14ab33a2ff2696db96d0c1f

    • SHA1

      997b7fa513c2c6ecce1247f129da6680e8a4c97b

    • SHA256

      5cb252c70a223901b3005816ddd87a0e7e67f32bb44af63cb6dc1482f9bcd577

    • SHA512

      fa1a714626215f057007bc5759b5ba6b0108da6c08f331643322ff05195ffa0929c1be2377e612c06fe427e9c643611eb6805251ef29fe3fbacd18cdcf117a28

    • SSDEEP

      98304:21EqttcTPcM640/AB+b7n7Vg7W3vuPbqwTKCvqeMKXDDLYEfKr9:UsT0MbhB+v7p32PewTKaTzDVfKr9

    • Hydra

      Android banker and info stealer.

    • Hydra payload

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Queries information about active data network

    • Queries the mobile country code (MCC)

    • Reads information about phone network operator.

MITRE ATT&CK Mobile v15

Tasks