Resubmissions

14-10-2024 23:16

241014-28974svgjl 10

02-06-2024 00:34

240602-awqt6acd8w 10

General

  • Target

    8c543bfa2f35df239b307fc3694bf9f1_JaffaCakes118

  • Size

    8.0MB

  • Sample

    241014-28974svgjl

  • MD5

    8c543bfa2f35df239b307fc3694bf9f1

  • SHA1

    f00112f980c6d8925ca7a31257f20185fff4f5e8

  • SHA256

    52dc47b0a8dbfd8517d5f7b58def83d386b10e49e6fd95a32cb79fc0127e0e4b

  • SHA512

    a7ef7de2f5efcc2d9bf12af48ced4eb83b52c98f233e9dbcea6bfc1c7c43ffa19343b6bd8ab99d6bce74e320fb747cf8cd7bcaba1daf3ecd7137c67929622ac4

  • SSDEEP

    196608:NhHvDIhu0Shvlaew0f9gGcbz3fLVH02dICDI/EIT6aJ:HrIhchNae3fUHjV0c1DI/EhaJ

Malware Config

Targets

    • Target

      8c543bfa2f35df239b307fc3694bf9f1_JaffaCakes118

    • Size

      8.0MB

    • MD5

      8c543bfa2f35df239b307fc3694bf9f1

    • SHA1

      f00112f980c6d8925ca7a31257f20185fff4f5e8

    • SHA256

      52dc47b0a8dbfd8517d5f7b58def83d386b10e49e6fd95a32cb79fc0127e0e4b

    • SHA512

      a7ef7de2f5efcc2d9bf12af48ced4eb83b52c98f233e9dbcea6bfc1c7c43ffa19343b6bd8ab99d6bce74e320fb747cf8cd7bcaba1daf3ecd7137c67929622ac4

    • SSDEEP

      196608:NhHvDIhu0Shvlaew0f9gGcbz3fLVH02dICDI/EIT6aJ:HrIhchNae3fUHjV0c1DI/EhaJ

    • 888RAT

      888RAT is an Android remote administration tool.

    • Android SMSWorm payload

    • SMSWorm

      SMSWorm is an Android malware that can spread itself to a victim's contact list via SMS first seen in May 2021.

    • Removes its main activity from the application launcher

    • Acquires the wake lock

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

    • Queries information about active data network

    • Requests dangerous framework permissions

MITRE ATT&CK Mobile v15

Tasks