General

  • Target

    53508c5a2149f12a5881142f5235d95b_JaffaCakes118

  • Size

    704KB

  • Sample

    241017-x5zjzs1hnd

  • MD5

    53508c5a2149f12a5881142f5235d95b

  • SHA1

    182592f65469bddb991d2df07d0a7b753f42f789

  • SHA256

    3130371c1e4bceebc143554ea99113ac0fadc9a18ae0048e11ce7a21d87e87e3

  • SHA512

    c53f2e56e674d665029242ea39824b1d2f14485c724fbc6e6372c49f88f91da998d7249390849e2ad18adc310bd1906fbeeeb3aa2266dbeea1459b16caa3eece

  • SSDEEP

    12288:F+pg1Cw/gtfYUv0A2iSjgYh4Q7zqZGBCzxKf5omyLwGkLSLJkiphUDyolt:F+pYCCumiS2Q7zELzQCwGkLSLa/Dyw

Malware Config

Targets

    • Target

      53508c5a2149f12a5881142f5235d95b_JaffaCakes118

    • Size

      704KB

    • MD5

      53508c5a2149f12a5881142f5235d95b

    • SHA1

      182592f65469bddb991d2df07d0a7b753f42f789

    • SHA256

      3130371c1e4bceebc143554ea99113ac0fadc9a18ae0048e11ce7a21d87e87e3

    • SHA512

      c53f2e56e674d665029242ea39824b1d2f14485c724fbc6e6372c49f88f91da998d7249390849e2ad18adc310bd1906fbeeeb3aa2266dbeea1459b16caa3eece

    • SSDEEP

      12288:F+pg1Cw/gtfYUv0A2iSjgYh4Q7zqZGBCzxKf5omyLwGkLSLJkiphUDyolt:F+pYCCumiS2Q7zELzQCwGkLSLa/Dyw

    Score
    7/10
    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Queries information about active data network

    • Reads information about phone network operator.

    • Requests dangerous framework permissions

    • Target

      qixiazi.apk

    • Size

      408KB

    • MD5

      0e61004508b142c277077f86e6e36fac

    • SHA1

      be3a9fa15554c961a96e9550010dd0ff0ec441d3

    • SHA256

      e1aa259b137652190117d1085b03f0b36d665b009b0c925af8a73fc9d8d1dab7

    • SHA512

      a6697a34acbacbe79f806163e7d4a8c8537f5a1a7cd20dbf9e46e1679b154bd84d133aff8774112f4a4f4adf0ebe06c4088f0fb3317e37cbac9f11183b559e74

    • SSDEEP

      12288:RsQtcA4DKaIAOR+KLq+2SgS5vRxA2i4js25SnqsxMiV:Rnv4Dsxpu+2Opxi4wnpxM4

    Score
    6/10
    • Queries information about active data network

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Queries the unique device ID (IMEI, MEID, IMSI)

    • Reads information about phone network operator.

MITRE ATT&CK Mobile v15

Tasks