General

  • Target

    82ebc53c72b9c2f05ce70cca84ccd8e3_JaffaCakes118

  • Size

    2.8MB

  • Sample

    241031-n2q9rsxgqa

  • MD5

    82ebc53c72b9c2f05ce70cca84ccd8e3

  • SHA1

    8190b30a8d7d30954fbfd655d3ee6709dce97b3f

  • SHA256

    f28be8fc5d0e19df790db806bcd272c83ceb4459e2bdcc9d455823d66c3dc4b2

  • SHA512

    8c474eb09e93d2255dcedc47f9003dff6e78eb8d57fb8772f501c4ab671face9a03db5e7d8d56f2e4fc3654622d8732416de1057234b316b339d60e35beb7757

  • SSDEEP

    49152:HuGnCfvzAIJ1Nx8zKJjt+xjkYXZdas47yy5yKB+v50kCC5i8l+4ZIwk0t6n:H9CD1vz8zUx+xjkiDt47xyKYx5Cqii5I

Malware Config

Targets

    • Target

      82ebc53c72b9c2f05ce70cca84ccd8e3_JaffaCakes118

    • Size

      2.8MB

    • MD5

      82ebc53c72b9c2f05ce70cca84ccd8e3

    • SHA1

      8190b30a8d7d30954fbfd655d3ee6709dce97b3f

    • SHA256

      f28be8fc5d0e19df790db806bcd272c83ceb4459e2bdcc9d455823d66c3dc4b2

    • SHA512

      8c474eb09e93d2255dcedc47f9003dff6e78eb8d57fb8772f501c4ab671face9a03db5e7d8d56f2e4fc3654622d8732416de1057234b316b339d60e35beb7757

    • SSDEEP

      49152:HuGnCfvzAIJ1Nx8zKJjt+xjkYXZdas47yy5yKB+v50kCC5i8l+4ZIwk0t6n:H9CD1vz8zUx+xjkiDt47xyKYx5Cqii5I

    • Removes its main activity from the application launcher

    • Checks Android system properties for emulator presence.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Obtains sensitive information copied to the device clipboard

      Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

    • Queries the mobile country code (MCC)

    • Queries the unique device ID (IMEI, MEID, IMSI)

    • Target

      Flash-Browser.apk

    • Size

      1.0MB

    • MD5

      a75988519599581b6c20f6d3a46a4346

    • SHA1

      7bd4e43433dabf85b19642a69b4bde580a19864e

    • SHA256

      70909748d0a0a562b835b32b70706f52c61da1dd7dfadd393cc4ab32dd12e017

    • SHA512

      99947a94b3ed15a3b54785cc23a6cea3468b6770e5531235d032231bbf8b6cdf33cc0b06399dca57f7aed945fa72424a9a5c861ab55a3f4c7c3f944526fe629d

    • SSDEEP

      24576:zuG4Nt2CfmEiQ7jR9PGLIJwYNrRI8B4JLkHOO0dw2b:zuGnCfvzAIJ1Nx8zK6

    • Checks Android system properties for emulator presence.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Obtains sensitive information copied to the device clipboard

      Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

    • Queries the mobile country code (MCC)

    • Queries the unique device ID (IMEI, MEID, IMSI)

MITRE ATT&CK Mobile v15

Tasks