317ad074062f1bdabedbcdc72f16116d3a5217ae616b0b278613fa6db4c16910

General

Target

279b4c1b4f7a763d94580637d484468e_JaffaCakes118.apk
Size

4.6MB
MD5

279b4c1b4f7a763d94580637d484468e
SHA1

7cf951ef7255b34a87024fe616c55f89b379ad8a
SHA256

317ad074062f1bdabedbcdc72f16116d3a5217ae616b0b278613fa6db4c16910
SHA512

0a17695ac077c621b682eac8e7fadd923a0df2593f068907a55558aca6eecafdb558c32f980c4b43e8278fec5230ddeca4676e062979674928d7054764f5e574
SSDEEP

98304:TUjmOIZORJSVqgjSkBIzobRVTMdFNeeMKvGe96kfBbfnY:gjV4ORzg+T8RVAdFNeewe3bfnY

Score

7^/10

collection discovery evasion execution persistence

Malware Config

Signatures

Requests cell location 2 TTPs 1 IoCs

Uses Android APIs to to get current cell location.

collection discovery evasion

Location Tracking

T1430

Geofencing

T1627.001

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	kartel.app.kartel

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	kartel.app.kartel

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	kartel.app.kartel

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	kartel.app.kartel

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	kartel.app.kartel

kartel.app.kartel
1⤵
- Requests cell location
- Acquires the wake lock
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
PID:4254

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

1

T1603

Persistence

Event Triggered Execution

1

T1624

Broadcast Receivers

Scheduled Task/Job

Privilege Escalation

Defense Evasion

Execution Guardrails

1

T1627

Geofencing

1

T1627.001

Credential Access

Discovery

Location Tracking

1

T1430

System Network Connections Discovery

1

T1421

Lateral Movement

Collection

Location Tracking

1

T1430

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/kartel.app.kartel/databases/__pushe_base_lib_db-journal

Filesize
512B

MD5
30a8dfd1334a7ec2ae6b41d1ec7e6b20

SHA1
5adc3fa2653a3dabf98d86a239033af3e5a02f0f

SHA256
c3d28c53b67f37a9b67288f82972ba5e105a1b0aaf6e6348933261eaa7c049d5

SHA512
764bdea351acce3090e7c5ec5c2ab053d86e822c68e334f955e048e62d98b8752f8f4340a81eeb408c2f3bcd334bfb8e687dc343407b001e1b1b5780aef762f3

Download Submit
/data/data/kartel.app.kartel/databases/__pushe_base_lib_db-wal

Filesize
60KB

MD5
543d5e28045b70b4db286835228d3b09

SHA1
9216206f24e219f7bf9b242f4fea98fcadcdc6b3

SHA256
df74eb2d28ad0ec133f7cadac0136d0462220ecebadb16330c60d267f91690d0

SHA512
58caf3f7d2c0ec0270438084a50b81e375127b0d39bd69790a233bd1c844654329a285dd7dad1fa20a47a6a784f8fb61c63c5fa9b3e57e6bdc062f74df8d3d53

Download Submit
/data/data/kartel.app.kartel/databases/evernote_jobs.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/kartel.app.kartel/databases/evernote_jobs.db-journal

Filesize
512B

MD5
4af0b33b52cb8056ec2de4201d0fb383

SHA1
403f540e6025dd9cbd299f636aa87736c87c01cf

SHA256
095e3900498ae002e68e4a12568daa82d13172279cadc20600764bb22c51b348

SHA512
dea9a092dcfe6af066594b0b6518a9b6f6da914a74ea57b658e14f1488e784f09e0949183989fafaca6f9a4150a51237ab8d4c2eb013acc4df3f5ca5f88555c2

Download Submit
/data/data/kartel.app.kartel/databases/evernote_jobs.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/kartel.app.kartel/databases/evernote_jobs.db-wal

Filesize
104KB

MD5
759447905d5786c692da2f113e5491e5

SHA1
b57555f9c3fff323f1b81c4f679f563e7c115527

SHA256
f3e9c8ba57b1b718330a3f227e9c7f0f268256b3069e9a55a630116b676e4021

SHA512
935ef468e9384ac466054f14a2fc6d9999fbf3c0c15ae140be626eb08f80439a93508420db8bdb80c251d9ed2e7b776b1ec13ea20eb39f2fe70a61864a48361a

Download Submit
/data/data/kartel.app.kartel/files/unsent_requests

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit
/data/data/kartel.app.kartel/no_backup/com.google.InstanceId.properties

Filesize
2KB

MD5
45743e4560910c1581ccc3206eb44d0e

SHA1
8dffdbc84ea04e43a2c5c7df243d469860db37a1

SHA256
d9dd5f8c50df72f0360d654265da91f5a51a7434bc3f1977ffb3832b68b85900

SHA512
d3c049926fce76b27faa8744ebe492518bf611e41703a5f41bb5782d29886afceee06a923b4cc96edf45bcef014433d5d6838eb84cd51cb1036a86f162c439ba

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads