General

  • Target

    8581afabf94ad59f698db9613752c1e8_JaffaCakes118

  • Size

    3.9MB

  • Sample

    241102-p1kahaxmbq

  • MD5

    8581afabf94ad59f698db9613752c1e8

  • SHA1

    9016c2aab837221036293817ad3252cdd68c1f04

  • SHA256

    55dbdcc885e61061fcdc8ac9c7d7a98cd684f6ee73dafac5777a38b7eb8c0947

  • SHA512

    e0d08bcda229aa24db409b645055d8e4906a7aa22ec3279bd68e0dffa6f9f96cd190b1a71d23eb827da4e6e2bccbac9a43286833c4806086217388fb62f734bb

  • SSDEEP

    98304:nJCF6UNlZUBoKiX6zP2VVdp7vpPvCbZdDD//ygTfIws1fMXNR:IFjQnzPQVdp7l6ZdDxjhEfiNR

Malware Config

Targets

    • Target

      8581afabf94ad59f698db9613752c1e8_JaffaCakes118

    • Size

      3.9MB

    • MD5

      8581afabf94ad59f698db9613752c1e8

    • SHA1

      9016c2aab837221036293817ad3252cdd68c1f04

    • SHA256

      55dbdcc885e61061fcdc8ac9c7d7a98cd684f6ee73dafac5777a38b7eb8c0947

    • SHA512

      e0d08bcda229aa24db409b645055d8e4906a7aa22ec3279bd68e0dffa6f9f96cd190b1a71d23eb827da4e6e2bccbac9a43286833c4806086217388fb62f734bb

    • SSDEEP

      98304:nJCF6UNlZUBoKiX6zP2VVdp7vpPvCbZdDD//ygTfIws1fMXNR:IFjQnzPQVdp7l6ZdDxjhEfiNR

    • Removes its main activity from the application launcher

    • Checks Android system properties for emulator presence.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Obtains sensitive information copied to the device clipboard

      Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

    • Queries information about active data network

    • Queries the mobile country code (MCC)

    • Queries the unique device ID (IMEI, MEID, IMSI)

    • Reads information about phone network operator.

    • Target

      Browser.apk

    • Size

      998KB

    • MD5

      3aedff8ce0a4e96146c973b81c2e5398

    • SHA1

      c2abb6677410920a69f35de9bc8d6c4cfb92f8d3

    • SHA256

      00563462525546424dc1f105ab96ec801c1e09e88f66f09b2417e6e0ee2ee877

    • SHA512

      456e2af952ea78c8a5043c773eb2c29a4809c5aedae3451138f87c87859cb50b499caee2498f033be2afcb41c7e3eac0d7031ed54e8473166fe6b46f385c3785

    • SSDEEP

      24576:tKuGZst2C7WgizjUtJYGL0JB2m50Y4orjLWgqXrvGSOMEi:MuGfC7UY10JobQXLZqXXr

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Obtains sensitive information copied to the device clipboard

      Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

    • Reads the content of the browser bookmarks.

    • Queries information about active data network

    • Queries the mobile country code (MCC)

    • Queries the unique device ID (IMEI, MEID, IMSI)

MITRE ATT&CK Mobile v15

Tasks