General

  • Target

    4b9890349ecbf121658f163fc3a5d2d5_JaffaCakes118

  • Size

    8.1MB

  • Sample

    241016-f7fq8avdqe

  • MD5

    4b9890349ecbf121658f163fc3a5d2d5

  • SHA1

    b751fce733b97c123539160b0c964334b16c8a0b

  • SHA256

    f2d56bebf153ac998707ecc09bd6900aa3a4d13342fd2f1a9020b1971aba9c6f

  • SHA512

    71bebfdf8dc7e8547e5789bc39a2be1212b2304e074a0210a584ad422d3d6dd262dff761bbcaf9e3dc73dce408549e6daaf55d062a9c908e8da61419459cfe71

  • SSDEEP

    196608:v9ciUJRFKGWNfIs0+G/4D941HFYm7hIal1k2yFkCqw7clp:v9EYGWP0+G/4h41lRyg1k2yFk2I

Malware Config

Targets

    • Target

      4b9890349ecbf121658f163fc3a5d2d5_JaffaCakes118

    • Size

      8.1MB

    • MD5

      4b9890349ecbf121658f163fc3a5d2d5

    • SHA1

      b751fce733b97c123539160b0c964334b16c8a0b

    • SHA256

      f2d56bebf153ac998707ecc09bd6900aa3a4d13342fd2f1a9020b1971aba9c6f

    • SHA512

      71bebfdf8dc7e8547e5789bc39a2be1212b2304e074a0210a584ad422d3d6dd262dff761bbcaf9e3dc73dce408549e6daaf55d062a9c908e8da61419459cfe71

    • SSDEEP

      196608:v9ciUJRFKGWNfIs0+G/4D941HFYm7hIal1k2yFkCqw7clp:v9EYGWP0+G/4h41lRyg1k2yFk2I

    • Checks if the Android device is rooted.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

    • Queries information about the current nearby Wi-Fi networks

      Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

    • Queries the phone number (MSISDN for GSM devices)

    • Reads the content of SMS inbox messages.

    • Requests cell location

      Uses Android APIs to to get current cell location.

    • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

    • Queries information about active data network

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Queries the mobile country code (MCC)

    • Reads information about phone network operator.

    • Target

      Plugin2.apk

    • Size

      108KB

    • MD5

      62a5d44b8fd012b1d59db62d63d09572

    • SHA1

      75bc2cfe30b52be53ae9dad12509e33a0305dc61

    • SHA256

      951f289c1ce2422da28a336896943053f1f6821c04546d14f728ef433e30d710

    • SHA512

      a3f561a790eddeeda4116535091415e84d15855d6fe919cf288fa442e4baa1173bdd1bd3873daffb95c780b2dffe4ecbb67ab64ac8e2d7f64c86d01a2f7ddd19

    • SSDEEP

      1536:SKZq8eokppVqIbH8EvT9WYXy42kq65O6ys9+k/+MxbYb8aCyB32Bz51kDf:SKgokD9TL9y42kP5O6yqv+MxbYnCpOf

    Score
    1/10
    • Target

      com.skymobi.pay.plugin.main_v10010.pl

    • Size

      56KB

    • MD5

      f7ac8045aed15eb38ffad345cf33389e

    • SHA1

      c07acd8c9b82d029669e4befa08830df804f0d3e

    • SHA256

      e6c51d15ade2eaff2ce08fc9b7826c97cf4b47db05054b22b3a8e775f21cb8a0

    • SHA512

      267a0036597282cd1dbaaf8204aa5eadf82543fb0af449b9ae0a4d9eb878e29514f2332725c8ef35b74fe5e7fd23c20924b9bf53c4cdb29fa7bde53d02753c83

    • SSDEEP

      1536:/0dSymllAt4YjEIbDZT8OT7m3WNlSN2rpcSPqNF5oa:vK4YYInZT5Hm3wFldPqNFya

    Score
    1/10
    • Target

      com.skymobi.pay.plugin.recordupload_v10009.pl

    • Size

      38KB

    • MD5

      55c24dc00f667f62ee0cc0dfca41fc28

    • SHA1

      1811dd0ba5f5bdfeef743332b7ef1b8e4097a23c

    • SHA256

      8199c84eb1412ac9f13edc3bff4cd66e788847143bd0c8497ce7f699a0d68e77

    • SHA512

      b5a5269065f4bcf05c560315255c49dc7eafc015458eca425f6b44eec0ee74c3e1d481e06df70deca25056a8fd070efb5adcf364061a8e5c1e26fb8e102caf69

    • SSDEEP

      768:Tf5Ui0Wh/Ndv7j7LF12NADhHl2ASeCYuD:+WNNdDJ0NahHMAS3D

    Score
    1/10
    • Target

      com.skymobi.pay.plugin.smspay_v10016.pl

    • Size

      206KB

    • MD5

      83b792271086adb731914b20d8630311

    • SHA1

      afff7087052dd941f15550948506aeb19889c54a

    • SHA256

      0819622a958aedab8d825bf9341d9a8190e56d92d5b47fc9bf0841e90fd680c4

    • SHA512

      6c9dd1e108aa5d3fe36060bcdbab08dcb74fcb771a891f37687a98dd5b0e09c08e580314bfb4219cba8047fa349986b934f563c084ca8623173ca8b6b306fd13

    • SSDEEP

      6144:M5duUYxwXhgUVXbydoBiYVLbJRNy8NXEc1k2yFp:AlYx2hTXbGoBRbJRNycEc1k2yFp

    Score
    1/10
    • Target

      skymobi_pay_wxplugin.apk

    • Size

      33KB

    • MD5

      73d8a99bf9de4eb876f1739627197190

    • SHA1

      135f99fe90f129274c74f5c9b032294bfae3d05a

    • SHA256

      6d6f22a6688689b35a723620794bc03e958a69e1770073bd921d3c6129733f26

    • SHA512

      d5d9068f5fbf3c85bafb8edf084c40e4411814f02542cde120815951c6a2cfae78a0b08f930ef7143f10145ce0abcbd942c44f54afbb0d963ba47c653a162049

    • SSDEEP

      768:iwFX6Lei59coj/94ML6plol/S54bLhWQeJ:iwF0t5jj1/LMcaivhWQC

    Score
    4/10
    • Target

      lyhtgh.mn.ltplugin_v1023.pl

    • Size

      145KB

    • MD5

      278e8100ea1ee2c466d55451e87cef73

    • SHA1

      8347d2b269f74841ca92cef51d450ed953d73aaa

    • SHA256

      06d08532287fc6a934aba8d5a361eb83e4d7a1c8cde4f6663ab2746e4fc09a38

    • SHA512

      3e7fcf245a07ce8e03a78f75835c30e0b0f270e68987f85b92aa97f7b0894d73702ebdd80372cddea310a52624db1ccf65125399b6bf218dbd717ad053dec088

    • SSDEEP

      3072:oxUD4XoHRfdDehWRT3ZI2c9CvcLUswbaTqM2r1vjKIjCB94PXZ:h4oBda8TXc8v0UsjTQJjtCu

    Score
    1/10
    • Target

      unicom_resource.dat

    • Size

      41KB

    • MD5

      1099cc55782e9dfbea4df0cc9c42e8af

    • SHA1

      c398368af914bbc35187b15201ab9b10de3f0592

    • SHA256

      7ae180774a4f784d4ebc21650295cea6269d0c4a1884a5af815930ee47553279

    • SHA512

      e6dcdac4c51042db8a91f25cf9d1461c0b4284a5138086fb3264e7090840aa6ca144f18e7bc498d0ecd1d131804193d94bdf471e8ada15f7b30b2bb8359adef8

    • SSDEEP

      768:R8gYCYCpONOKIfwiFWAkEsDVop56mAOvuGMC21q0dkHj:9PRpO4KsOOvuG3+dkD

    Score
    1/10

MITRE ATT&CK Mobile v15

Tasks