General
-
Target
e3b7840fa024f0568f612fdc9cc16291_JaffaCakes118
-
Size
9.9MB
-
Sample
240916-bd4hza1djc
-
MD5
e3b7840fa024f0568f612fdc9cc16291
-
SHA1
c3f10a79e41d0f2fe0401207ad408143388cffa9
-
SHA256
cd918a81a7dd88e05d4af6ba65603e52d1c8d9c7ff7e261b9602a93540c83284
-
SHA512
c480c20b1fc1371dd4cf91b5affea46e4dcf7e70021ce76792527886e012c9645390c78fd793e72bdfe469c3c2386a6561b672c9484b5a378535814ad047ad1f
-
SSDEEP
196608:zpmE9b8/MxWrChhW2H3HKR08jpAFW6w8aHmkioSf62ua/z4Q6RF/TO:1vF8/MxJ7Wq3KRFn63Umkiv0LF/TO
Malware Config
Targets
-
-
Target
e3b7840fa024f0568f612fdc9cc16291_JaffaCakes118
-
Size
9.9MB
-
MD5
e3b7840fa024f0568f612fdc9cc16291
-
SHA1
c3f10a79e41d0f2fe0401207ad408143388cffa9
-
SHA256
cd918a81a7dd88e05d4af6ba65603e52d1c8d9c7ff7e261b9602a93540c83284
-
SHA512
c480c20b1fc1371dd4cf91b5affea46e4dcf7e70021ce76792527886e012c9645390c78fd793e72bdfe469c3c2386a6561b672c9484b5a378535814ad047ad1f
-
SSDEEP
196608:zpmE9b8/MxWrChhW2H3HKR08jpAFW6w8aHmkioSf62ua/z4Q6RF/TO:1vF8/MxJ7Wq3KRFn63Umkiv0LF/TO
Score8/10-
Checks if the Android device is rooted.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
-
Queries information about running processes on the device
Application may abuse the framework's APIs to collect information about running processes on the device.
-
Queries the phone number (MSISDN for GSM devices)
-
Reads the content of the SMS messages.
-
Reads the content of the call log.
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries information about active data network
-
Queries information about the current Wi-Fi connection
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
-
-
Target
LenovoSafeBox.apk
-
Size
904KB
-
MD5
f8766f793e9f762ffef225a92a78b2d8
-
SHA1
cbdff0b9d9e26cde04acd12ce3c5ee34e306acc7
-
SHA256
4ed2eea5a3ef19bb16dd8d5fc2da58fa2c72144b2e53036b2895bdf59f0edb8e
-
SHA512
adb212572e6c6822ecb46326a706d1770f1aaaee6b6cbd23a3f75b3cf4091019c39974c217630a584acc466088cc7faac0d662364503b337b8264103faaeaa6b
-
SSDEEP
24576:xetMiI2b4apsiko9W8C/2KgNHnHjkAsV7kDn5c2trp:RiD5pUoW8e3gNHDkPVoDCMrp
Score7/10-
Queries information about running processes on the device
Application may abuse the framework's APIs to collect information about running processes on the device.
-
Queries the phone number (MSISDN for GSM devices)
-
Queries information about active data network
-
Queries information about the current Wi-Fi connection
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries the unique device ID (IMEI, MEID, IMSI)
-
-
-
Target
LenovoSafeWidget130.apk
-
Size
111KB
-
MD5
176d77dee1450436fd6934f789812b4a
-
SHA1
e5377fcdb8060c55ce06d6bfef69c65c902cb5df
-
SHA256
4e951be730b798e08abe50ae8e9ed54e610c1307c7b1174193622d1500abf091
-
SHA512
e6324c42dfcb272ae468e2f659b00d39b0286baffb3356d4b059b030b38baafa953b40bc9ab27504cc0eb556f65a4e673e4cb5b93b7e069efbf444bdd3688f47
-
SSDEEP
1536:lb7+/wIh+9dRONyFNWNsVDL0/1U/i/w1kp7xbfZfWJG6WI/k5x5NuVps5fygfu4:4/QRpbbDLlowofZfWJ1/k3Es5f44
Score7/10-
Queries the phone number (MSISDN for GSM devices)
-
Queries information about active data network
-
Queries information about the current Wi-Fi connection
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries the unique device ID (IMEI, MEID, IMSI)
-
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Defense Evasion
Foreground Persistence
1Virtualization/Sandbox Evasion
2System Checks
2