General

  • Target

    4b6a78e4a1f19d9574305de4efb7fdc0_JaffaCakes118

  • Size

    6.8MB

  • Sample

    241016-e7ecqaxbmj

  • MD5

    4b6a78e4a1f19d9574305de4efb7fdc0

  • SHA1

    b1e083ba41fc05b1bf4c7d5405f604a43fa56f01

  • SHA256

    f6b7a5bd7150c1515bda3807036c6d4ca7838e1ad58d71624b85c53ff1a3cb3b

  • SHA512

    5f3c18dd9c36e5e57aeb575e274f5d720d3312f14e9d375ee1b6eb16a74e526f1306e1b60b26f98113b2a754fdc30f3b516dd4edff584cc5d537db6c07ed7c5a

  • SSDEEP

    98304:mOD+KvLXmAxvjAkVrPGFFHU+DV2qt1d/AYs/I09XfbC9XruTcECHD+/OxN566D6I:mODxjFIjHVDJwJC9FZ+/jqaKvr

Malware Config

Targets

    • Target

      4b6a78e4a1f19d9574305de4efb7fdc0_JaffaCakes118

    • Size

      6.8MB

    • MD5

      4b6a78e4a1f19d9574305de4efb7fdc0

    • SHA1

      b1e083ba41fc05b1bf4c7d5405f604a43fa56f01

    • SHA256

      f6b7a5bd7150c1515bda3807036c6d4ca7838e1ad58d71624b85c53ff1a3cb3b

    • SHA512

      5f3c18dd9c36e5e57aeb575e274f5d720d3312f14e9d375ee1b6eb16a74e526f1306e1b60b26f98113b2a754fdc30f3b516dd4edff584cc5d537db6c07ed7c5a

    • SSDEEP

      98304:mOD+KvLXmAxvjAkVrPGFFHU+DV2qt1d/AYs/I09XfbC9XruTcECHD+/OxN566D6I:mODxjFIjHVDJwJC9FZ+/jqaKvr

    • Checks if the Android device is rooted.

    • Checks known Qemu files.

      Checks for known Qemu files that exist on Android virtual device images.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Queries account information for other applications stored on the device

      Application may abuse the framework's APIs to collect account information stored on the device.

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

    • Queries information about the current nearby Wi-Fi networks

      Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

    • Requests cell location

      Uses Android APIs to to get current cell location.

    • Acquires the wake lock

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

    • Queries information about active data network

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Queries the unique device ID (IMEI, MEID, IMSI)

    • Reads information about phone network operator.

    • Target

      dump.jar

    • Size

      67KB

    • MD5

      1ed63aae654ec48412cc6c368401f747

    • SHA1

      9b8369c379d79f4a140787461da3d99945db9251

    • SHA256

      a4746ce98e7bf8ae964dbfac4df074234eae99a95f7757666861914f23544415

    • SHA512

      e59f80e94f7bdcad55c450eea30fdb6f5b16e8256b697f745236aa5f4a29d173d6c0569adac770fe9f7e47d7fbf48decd196d4927940190ce17b080dc39a06a8

    • SSDEEP

      1536:Uux2jGD/j3xsYOCnjGS6VXAuVu1UB2h1/eMo6Xy4qxHkIKiu:Xx2jy31eVXAuVumCpesy4qdtu

    Score
    1/10

MITRE ATT&CK Mobile v15

Tasks