General

  • Target

    4ae5620eabc6aec3f8a0ed38e75cf32d_JaffaCakes118

  • Size

    2.3MB

  • Sample

    241016-b9qxrawhrg

  • MD5

    4ae5620eabc6aec3f8a0ed38e75cf32d

  • SHA1

    1b1ecab8ff543584851681ca05213bc70be82741

  • SHA256

    e7cb6501f711199d114af7ebb4419d7038ce7baf2d44e9fc1e59a0695b669490

  • SHA512

    86b34c26697d200af9210ac87d739c83c4487c5cbd727a901f993242b1056d90e3c9373bc08c8e9fa0cc3edc0fd521afccc016b0604d46365114964c167a1768

  • SSDEEP

    49152:eDa6+rtlY6bbmDma0mPy1XiRHmcTnBLybSh36D/4rwbKRzKIeyiZciMz:8a6kbbmDmi6hoBqa3U/oMOzFeyMjMz

Malware Config

Targets

    • Target

      4ae5620eabc6aec3f8a0ed38e75cf32d_JaffaCakes118

    • Size

      2.3MB

    • MD5

      4ae5620eabc6aec3f8a0ed38e75cf32d

    • SHA1

      1b1ecab8ff543584851681ca05213bc70be82741

    • SHA256

      e7cb6501f711199d114af7ebb4419d7038ce7baf2d44e9fc1e59a0695b669490

    • SHA512

      86b34c26697d200af9210ac87d739c83c4487c5cbd727a901f993242b1056d90e3c9373bc08c8e9fa0cc3edc0fd521afccc016b0604d46365114964c167a1768

    • SSDEEP

      49152:eDa6+rtlY6bbmDma0mPy1XiRHmcTnBLybSh36D/4rwbKRzKIeyiZciMz:8a6kbbmDmi6hoBqa3U/oMOzFeyMjMz

    • Checks if the Android device is rooted.

    • Checks Android system properties for emulator presence.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Obtains sensitive information copied to the device clipboard

      Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

    • Queries the phone number (MSISDN for GSM devices)

    • Reads the content of SMS inbox messages.

    • Requests cell location

      Uses Android APIs to to get current cell location.

    • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

    • Queries information about active data network

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Queries the mobile country code (MCC)

    • Reads information about phone network operator.

    • Target

      com.newpay.spsdk.smspay.zfmgsdk.apk

    • Size

      95KB

    • MD5

      25cdc4eb758d0a793c61da97a2c02a9f

    • SHA1

      dcaf1d357c8dd5e131b65d0eecfc509a93efdc1e

    • SHA256

      0d1300ee97decedb4a6dc4a0304779ba475153fc1185f39d92d2df4865416866

    • SHA512

      94bd124255b13fab7a20c14994666a4ddddc5c83890a01220db562225dadf7589377d01365840802dd5cc36b89a77a3dc8f9bd15067abed721f1b36b1cf89927

    • SSDEEP

      1536:uOioreFZ+v4Dx0XUvVBqCqG9UnLEFrzZF00AEOHlveECCNwl4iu+G8aAWDKsF9kQ:uPoreT+wDx0QAyrzZWA3CfRnjKckxuGQ

    Score
    1/10
    • Target

      com.skymobi.pay.plugin.main_v10017.pl

    • Size

      59KB

    • MD5

      4fe57f0dbc1364a52f9616aca9623ee8

    • SHA1

      d3fbaaafd79ff09ec88ad343e46258cfbda4139b

    • SHA256

      c4a8a02e900f4fb066a0e8d4c9e2976c9a0f252729058b2915fdc93eae65af49

    • SHA512

      e08aec2c36ccddc5b16409bf2d62ed6aa5e2ef468025779b400997f86c0b0943fbe16012e21be8e99685e743b3ef77adfa74b4c7bc03d30f6a506520c0edf17d

    • SSDEEP

      1536:8ZWPMIYcGLcXagIirfjDYvR76G86bHT01LVj:8Ze/KpTiXMN6LSHT05Vj

    Score
    1/10
    • Target

      com.skymobi.pay.plugin.recordupload_v10011.pl

    • Size

      42KB

    • MD5

      95f7902d7442815283d4473ed23f3cca

    • SHA1

      d2576ae331a71fc43968ed53eb73623c966aa7a3

    • SHA256

      40952f4694ea1ad807aaffb579f146287bda52a15db2fa631571eb59efb3666b

    • SHA512

      e6ed8ccab7245ac352af3dab4eb866a7fe69c9374c8e3568630ba40a8ebcf1aee36ef2d3ff99941b3a900a1b7c60ab05fecc5b9fcc6a0754ece2feba4210bb06

    • SSDEEP

      768:J8zZxl2ezpx6l9tgZO5Ea2Ahe5B9M2t78xC8cJOzibemqfM9+lsA:Juxl1zpQgZOt2z978WnemDA

    Score
    1/10
    • Target

      com.skymobi.pay.plugin.smspay_v10039.pl

    • Size

      248KB

    • MD5

      f7b9113f2220d0c9bafb01c3c1864e5e

    • SHA1

      40e8abb05c69f87a9e4e723885e6855d177c44e5

    • SHA256

      229dc2c46231d85e6b4298f7e6a067df9840c754d4b1440e2e9594f92d000040

    • SHA512

      7342091212a23843a2d5d4d9ef18d3aeff8d3c27657f4ece882f0a90844c00ee6b6179de9c750c3050468ed3aaaff46c37f6b966110b65b22c59330d2f614756

    • SSDEEP

      6144:M5djDaCE+IKyOhmkHkj0cCTfT/YPoUt75p3KV8zaqqD1:AzE+aOfTOZtFxaDD1

    Score
    1/10
    • Target

      skymobi_pay_wxplugin.apk

    • Size

      33KB

    • MD5

      73d8a99bf9de4eb876f1739627197190

    • SHA1

      135f99fe90f129274c74f5c9b032294bfae3d05a

    • SHA256

      6d6f22a6688689b35a723620794bc03e958a69e1770073bd921d3c6129733f26

    • SHA512

      d5d9068f5fbf3c85bafb8edf084c40e4411814f02542cde120815951c6a2cfae78a0b08f930ef7143f10145ce0abcbd942c44f54afbb0d963ba47c653a162049

    • SSDEEP

      768:iwFX6Lei59coj/94ML6plol/S54bLhWQeJ:iwF0t5jj1/LMcaivhWQC

    Score
    4/10

MITRE ATT&CK Mobile v15

Tasks