General
-
Target
70259b128faa91bbf8da935f4158ece8_JaffaCakes118
-
Size
5.3MB
-
Sample
241023-wjr3casgnb
-
MD5
70259b128faa91bbf8da935f4158ece8
-
SHA1
340f698dedf86d491297097b77f9a390d91bd115
-
SHA256
8749f3c2068d333c72c926a6cab5220fdf384ea5545ee772ddbe3a1c9718ff34
-
SHA512
c678e33bc41ecb7f5cf8f5b02507148aa4867126455f78154e912a26b5673863d55142d06aced539d11281cdce2e64ac5332fffd6c209c0558fe4459a46e0d23
-
SSDEEP
98304:4WANnHx/+RymhCsE205Y/9gnmJo2SSWa0gtHyrHr34egmIPNgJu:JAdR/NXZnm1SSVveLLlIP2g
Static task
static1
Behavioral task
behavioral1
Sample
70259b128faa91bbf8da935f4158ece8_JaffaCakes118.apk
Resource
android-x86-arm-20240910-en
Behavioral task
behavioral2
Sample
70259b128faa91bbf8da935f4158ece8_JaffaCakes118.apk
Resource
android-x64-arm64-20240624-en
Behavioral task
behavioral3
Sample
com.hermes.superb.booster.apk
Resource
android-x86-arm-20240910-en
Behavioral task
behavioral4
Sample
com.hermes.superb.booster.apk
Resource
android-x64-20240624-en
Malware Config
Targets
-
-
Target
70259b128faa91bbf8da935f4158ece8_JaffaCakes118
-
Size
5.3MB
-
MD5
70259b128faa91bbf8da935f4158ece8
-
SHA1
340f698dedf86d491297097b77f9a390d91bd115
-
SHA256
8749f3c2068d333c72c926a6cab5220fdf384ea5545ee772ddbe3a1c9718ff34
-
SHA512
c678e33bc41ecb7f5cf8f5b02507148aa4867126455f78154e912a26b5673863d55142d06aced539d11281cdce2e64ac5332fffd6c209c0558fe4459a46e0d23
-
SSDEEP
98304:4WANnHx/+RymhCsE205Y/9gnmJo2SSWa0gtHyrHr34egmIPNgJu:JAdR/NXZnm1SSVveLLlIP2g
-
Queries information about running processes on the device
Application may abuse the framework's APIs to collect information about running processes on the device.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Queries the mobile country code (MCC)
-
Reads information about phone network operator.
-
-
-
Target
com.hermes.superb.booster.tmp
-
Size
2.5MB
-
MD5
bb818155f8c88a2883d52a1b1dd78e81
-
SHA1
d21ddf05ee1ebdd4972f24759448bf890b0364f7
-
SHA256
fbd1f055d71e7de66e09e83deba4c33ba61c91ab096c0939a157123309a9c49a
-
SHA512
ffde8074ce8db61b04bba996addaa7647be7d0a5074719ecb0712784b48b20f792274aa4c72141cfe7a46345b3cc8889fe009a626de606a951eca3ef5cf3e0b5
-
SSDEEP
49152:5d8DY7ANnHx+7g+vKVJwyAnhCf3YtE2RRwLuix1FVFkiMj94pnmJoHP:4WANnHx/+RymhCsE205Y/9gnmJov
-
Checks if the Android device is rooted.
-
Obtains sensitive information copied to the device clipboard
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Queries account information for other applications stored on the device
Application may abuse the framework's APIs to collect account information stored on the device.
-
Queries information about active data network
-
Queries information about the current Wi-Fi connection
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries the mobile country code (MCC)
-
Queries the unique device ID (IMEI, MEID, IMSI)
-
Reads information about phone network operator.
-
MITRE ATT&CK Mobile v15
Defense Evasion
Hide Artifacts
1Suppress Application Icon
1Virtualization/Sandbox Evasion
2System Checks
2