General
-
Target
584db5ea89c525e99f1d9c8a732e96a4_JaffaCakes118
-
Size
20.9MB
-
Sample
241018-telnnavgre
-
MD5
584db5ea89c525e99f1d9c8a732e96a4
-
SHA1
ef67b2df4e90aec2188dba394c7c82dbee091e5d
-
SHA256
bf406c3359cc30008885d4230b9fa620fe2132fbca49573bc803531cbdb3124e
-
SHA512
a402b5ec51952982aa44aa81b1ab2e381ed092258ff281b02e72704abf370743473ae8b1a0d6ae2dc23f73a8cc23c998519fd9581602337798d99da3ebd536a3
-
SSDEEP
393216:8QFaizc2Y9PcDhTKD+Co+8r2Cze4PlD+vAJDByIjbJQQvCn9UoEWXZ:3nQ2Y9PcDhmSCdnQe4Plivikk1QQW5XJ
Behavioral task
behavioral1
Sample
584db5ea89c525e99f1d9c8a732e96a4_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
MidasEmptyRes1.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral3
Sample
MidasEmptyRes1.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral4
Sample
MidasEmptyRes1.apk
Resource
android-x64-arm64-20240624-en
Behavioral task
behavioral5
Sample
MidasEmptyRes2.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral6
Sample
MidasEmptyRes2.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral7
Sample
MidasEmptyRes2.apk
Resource
android-x64-arm64-20240910-en
Malware Config
Targets
-
-
Target
584db5ea89c525e99f1d9c8a732e96a4_JaffaCakes118
-
Size
20.9MB
-
MD5
584db5ea89c525e99f1d9c8a732e96a4
-
SHA1
ef67b2df4e90aec2188dba394c7c82dbee091e5d
-
SHA256
bf406c3359cc30008885d4230b9fa620fe2132fbca49573bc803531cbdb3124e
-
SHA512
a402b5ec51952982aa44aa81b1ab2e381ed092258ff281b02e72704abf370743473ae8b1a0d6ae2dc23f73a8cc23c998519fd9581602337798d99da3ebd536a3
-
SSDEEP
393216:8QFaizc2Y9PcDhTKD+Co+8r2Cze4PlD+vAJDByIjbJQQvCn9UoEWXZ:3nQ2Y9PcDhmSCdnQe4Plivikk1QQW5XJ
-
Checks if the Android device is rooted.
-
Patched UPX-packed file
Sample is packed with UPX but required header fields are zeroed out to prevent unpacking with the default UPX tool.
-
Checks Android system properties for emulator presence.
-
Queries information about running processes on the device
Application may abuse the framework's APIs to collect information about running processes on the device.
-
Queries information about active data network
-
Queries information about the current Wi-Fi connection
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries the mobile country code (MCC)
-
Reads information about phone network operator.
-
Requests dangerous framework permissions
-
-
-
Target
MidasEmptyRes1.apk
-
Size
5KB
-
MD5
ea61a6cf8e8833e6181fe290d3255bb9
-
SHA1
d1fc64d826b85c9cfbcc06fdeb7a01fc5437d873
-
SHA256
a3c9e0815200dd3393499989525b95eace42f75c2be9f06c4b48a0d649d783ec
-
SHA512
690c52c6ab0c8dce871ff23bde14723815a4bc607893f8ff5c5172228a1d955cddf6f8d12d3dde0104d1c92e3f9a0432707d322f8132b36c3827561b388f8896
-
SSDEEP
96:dPG7WMxInKy+0E8AGtFvrPdOdAf56PgIDdy0QCGOf:JG6MxWtERGtFZfIDdQCxf
Score1/10 -
-
-
Target
MidasEmptyRes2.apk
-
Size
5KB
-
MD5
29c6ab67b0572e394966650ef75418f6
-
SHA1
563dcba764e7106e5a36a1fea5535100a0ea8332
-
SHA256
c23dd26a9322a795f589be767b9422d41b109a5bd1e570e6423344612fb8c58e
-
SHA512
8bad8ea18caa86d1eec4b8f63527d0f32a39224fe27876a9e1a1e23f50d2dae0135db6ec7e4bdadcec1a4c8dbb0055234ccd0f5fbe96e31f18baa9318bab81de
-
SSDEEP
96:pfDdxInKy+0EQ41uB9+6RJokQoKnXsUUgI+Ri/h:pf5xWtEmBrJoPHn/I+Rip
Score1/10 -
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Virtualization/Sandbox Evasion
3System Checks
3