General

  • Target

    584db5ea89c525e99f1d9c8a732e96a4_JaffaCakes118

  • Size

    20.9MB

  • Sample

    241018-telnnavgre

  • MD5

    584db5ea89c525e99f1d9c8a732e96a4

  • SHA1

    ef67b2df4e90aec2188dba394c7c82dbee091e5d

  • SHA256

    bf406c3359cc30008885d4230b9fa620fe2132fbca49573bc803531cbdb3124e

  • SHA512

    a402b5ec51952982aa44aa81b1ab2e381ed092258ff281b02e72704abf370743473ae8b1a0d6ae2dc23f73a8cc23c998519fd9581602337798d99da3ebd536a3

  • SSDEEP

    393216:8QFaizc2Y9PcDhTKD+Co+8r2Cze4PlD+vAJDByIjbJQQvCn9UoEWXZ:3nQ2Y9PcDhmSCdnQe4Plivikk1QQW5XJ

Malware Config

Targets

    • Target

      584db5ea89c525e99f1d9c8a732e96a4_JaffaCakes118

    • Size

      20.9MB

    • MD5

      584db5ea89c525e99f1d9c8a732e96a4

    • SHA1

      ef67b2df4e90aec2188dba394c7c82dbee091e5d

    • SHA256

      bf406c3359cc30008885d4230b9fa620fe2132fbca49573bc803531cbdb3124e

    • SHA512

      a402b5ec51952982aa44aa81b1ab2e381ed092258ff281b02e72704abf370743473ae8b1a0d6ae2dc23f73a8cc23c998519fd9581602337798d99da3ebd536a3

    • SSDEEP

      393216:8QFaizc2Y9PcDhTKD+Co+8r2Cze4PlD+vAJDByIjbJQQvCn9UoEWXZ:3nQ2Y9PcDhmSCdnQe4Plivikk1QQW5XJ

    • Checks if the Android device is rooted.

    • Patched UPX-packed file

      Sample is packed with UPX but required header fields are zeroed out to prevent unpacking with the default UPX tool.

    • Checks Android system properties for emulator presence.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

    • Queries information about active data network

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Queries the mobile country code (MCC)

    • Reads information about phone network operator.

    • Requests dangerous framework permissions

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      MidasEmptyRes1.apk

    • Size

      5KB

    • MD5

      ea61a6cf8e8833e6181fe290d3255bb9

    • SHA1

      d1fc64d826b85c9cfbcc06fdeb7a01fc5437d873

    • SHA256

      a3c9e0815200dd3393499989525b95eace42f75c2be9f06c4b48a0d649d783ec

    • SHA512

      690c52c6ab0c8dce871ff23bde14723815a4bc607893f8ff5c5172228a1d955cddf6f8d12d3dde0104d1c92e3f9a0432707d322f8132b36c3827561b388f8896

    • SSDEEP

      96:dPG7WMxInKy+0E8AGtFvrPdOdAf56PgIDdy0QCGOf:JG6MxWtERGtFZfIDdQCxf

    Score
    1/10
    • Target

      MidasEmptyRes2.apk

    • Size

      5KB

    • MD5

      29c6ab67b0572e394966650ef75418f6

    • SHA1

      563dcba764e7106e5a36a1fea5535100a0ea8332

    • SHA256

      c23dd26a9322a795f589be767b9422d41b109a5bd1e570e6423344612fb8c58e

    • SHA512

      8bad8ea18caa86d1eec4b8f63527d0f32a39224fe27876a9e1a1e23f50d2dae0135db6ec7e4bdadcec1a4c8dbb0055234ccd0f5fbe96e31f18baa9318bab81de

    • SSDEEP

      96:pfDdxInKy+0EQ41uB9+6RJokQoKnXsUUgI+Ri/h:pf5xWtEmBrJoPHn/I+Rip

    Score
    1/10

MITRE ATT&CK Mobile v15

Tasks