General

  • Target

    8db2a1b3afc10b83666afd669f4ec464_JaffaCakes118

  • Size

    17.2MB

  • Sample

    241103-1yv5rsvlfx

  • MD5

    8db2a1b3afc10b83666afd669f4ec464

  • SHA1

    f60ee15df376cccca07beaafa38bed2f9c381c68

  • SHA256

    078fc70b191278797d6a173584f5c016f351da9a04e4fd89341beb3dac2cb75e

  • SHA512

    67343bbad6c34aedb9c327096e78a7825a383dc00392c89d0aae483a9461e499bcc88d71444642aa85364ca05353d366ddc5382eab1ec973e6233d0c270aef2a

  • SSDEEP

    393216:HiDWZWSVtr7zFAn4MnvFS65/ZSq/h4xFzRR2Ws8tSxsJs8C8u:HiDdSVXC4MvAqJuS2Js8i

Malware Config

Targets

    • Target

      8db2a1b3afc10b83666afd669f4ec464_JaffaCakes118

    • Size

      17.2MB

    • MD5

      8db2a1b3afc10b83666afd669f4ec464

    • SHA1

      f60ee15df376cccca07beaafa38bed2f9c381c68

    • SHA256

      078fc70b191278797d6a173584f5c016f351da9a04e4fd89341beb3dac2cb75e

    • SHA512

      67343bbad6c34aedb9c327096e78a7825a383dc00392c89d0aae483a9461e499bcc88d71444642aa85364ca05353d366ddc5382eab1ec973e6233d0c270aef2a

    • SSDEEP

      393216:HiDWZWSVtr7zFAn4MnvFS65/ZSq/h4xFzRR2Ws8tSxsJs8C8u:HiDdSVXC4MvAqJuS2Js8i

    Score
    1/10
    • Target

      accounts.jar

    • Size

      218KB

    • MD5

      9be094e5a8dcabd8b476951acda3e8cd

    • SHA1

      c687e9f9c311a4425c84a667a23bbd239c269dfb

    • SHA256

      d5e3d8a17a04bc2fcdbd80b99c790f51f736f340cb36f59aeaf49624d41eb3bb

    • SHA512

      f578478ebc53926ea25d5812f6c85db1f25cb425de59c7fa4e5fba05920dfb050a4b9f3e441459bb8fa0c8f85c2bf1c650fa6ea383566be9f4a5d499652d6050

    • SSDEEP

      6144:MtEbhhx/UbUWO5Nui/YZQIJTyvmBfATPSTiEN:Mtsd/0HkF/RIJTqPGTbN

    Score
    6/10
    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Queries the unique device ID (IMEI, MEID, IMSI)

    • Target

      antivirus.jar

    • Size

      394KB

    • MD5

      b9484106ae8a71dec2c3dc021d0527e3

    • SHA1

      74c4eb08fa7774ba61d4ef267888d8230534a4dc

    • SHA256

      f9bc5bcc908090d820f624b5fda171aaaa88246fb716abde414b07a3319486ca

    • SHA512

      60a3d3b3336fd07841d52a4c9285b9153d25aa993a9ab887ca5ca2545eade74cdbe20645a0e93e0f1e3b525eac868c1ad84c4001d512881165443acd9f0a6210

    • SSDEEP

      12288:f1UfBTF6DzuCylcjv57m6B1WXoPEDLJ29k:tiFSIlUmtEEnJ29k

    Score
    1/10
    • Target

      apull.jar

    • Size

      1.1MB

    • MD5

      ee33972cb6e2598ba737d1f1bd475680

    • SHA1

      a3c92e0f83385598334746b3cc2ae6d316845896

    • SHA256

      0fe7f75d92659bb65915765f2ba2ad7583d0add7acddef67413484447d80a547

    • SHA512

      68eab42d4f57927303740c269595615518cda2fc939ad30f058785b413a05cfea329f02d126a753dba624722e4cf8abe7438acf7c788dcc7f3b9179551aa20fc

    • SSDEEP

      24576:3gclwrvA+i6AYjVAk+Y50FHcmWuF0nyuInGaa/YsesYHo68Q:Q3rvp9P53+Y50V0PnrIGaagZHGQ

    Score
    7/10
    • Queries information about the current nearby Wi-Fi networks

      Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

    • Queries the unique device ID (IMEI, MEID, IMSI)

    • Requests cell location

      Uses Android APIs to to get current cell information.

    • Target

      authguide.jar

    • Size

      99KB

    • MD5

      f0bd18de0f6df62194e2fa3c6cc14050

    • SHA1

      74b9aba6901ea22873b4484e953a0c2a41a87a52

    • SHA256

      976e1007640868928024df58abe95dfcf75b01e5dc859b6601cadd8ed3046001

    • SHA512

      a0abb6780b31b7477ecf1a4d3197115a5807ea3344bc2d9e747d7314406755dffd5e267c839eb93a9e866f4393a10714ab17c145484917798514b7ec786a1423

    • SSDEEP

      3072:dlsC0ygzCdsaCc0VHb+vCjSyg9EwlnKAkM:Ts/poseEb+vMSPewVf

    Score
    1/10
    • Target

      av_rt.jar

    • Size

      11KB

    • MD5

      a08d16ca200e664b96c15d576f665f4b

    • SHA1

      aeb28ab363f21e9dff757302c256a4c79acb4e18

    • SHA256

      b12dd7ff734e9bf3376f2f386b8933d5568f2c865d95882e905041d811e6fa88

    • SHA512

      51c8e7154fca45fc1e82f9e937ef02b7abfad0dc612752ac90b22219a98a10d7df31cd452408e25a401eeeb7c0a46c880b253a73cb8a28cb1fd4b2a7abdef5f2

    • SSDEEP

      192:uViIkX34YT5QNwVPZjRmA8P+Hu2ce73iPmUcudR8iSs6qsGqKckwehoSZnd2X86:uIpFPVxjRMPUu2cEcEGatkwehoqdl6

    Score
    1/10
    • Target

      blockui.jar

    • Size

      543KB

    • MD5

      399357cf78324de28ece93b5bf35072d

    • SHA1

      0a62b83c957eecfd81d508b79e0b6f83c8204c13

    • SHA256

      d134d4ab8e513744a5291d027dc4c1be405c04f1b3c69719ccc541b1079fec81

    • SHA512

      2988f9895e062e19204963d053954192baa0c6f0c6872db3e3e0b109a49dec9cf2a5cc85ae8189c94148d3da4830229dcc2bb1049cdc4781b79d2c17b206d3f4

    • SSDEEP

      12288:dVHCP3xeydOfgVfDRUOBUEUtVL3WN2CfQjR15x4sAfX9:d8IXfgVfDC6E6BYjDL4bfX9

    Score
    1/10
    • Target

      callshow.jar

    • Size

      436KB

    • MD5

      145a3029358b70a066f7ff99b31507d0

    • SHA1

      abc4c402435e1a1dfd97cce3673738563dd50bea

    • SHA256

      43732f53d095d5c67e2f06e81f8d17a8086727a31c0714d743e9f8558cda342e

    • SHA512

      c07b9c9945fdf0b26e74fcdb9698f405e40e0d051e6dd290f7d2b02870a06dcff54688aa4473c091e723fd5d0b14faf26952abcea6374fbafda37929cc7e3fbd

    • SSDEEP

      12288:53FiEQRlvBZ/vJoIGjrQ44joUWiq2EZ1H0:h8EClvL/vxGfp4XL/eU

    Score
    1/10
    • Target

      callshowmgr.jar

    • Size

      238KB

    • MD5

      5ffb9b5ae1e098176aefce59022aa809

    • SHA1

      eafec960296bfa0796810102f7f8d5216757d3db

    • SHA256

      99b92910af2c6a6620c40f2adaa57c95f31a6fb33670df9c2222fb7aea0c90cc

    • SHA512

      fda4d9afbbbd2e474c5be9b87b04d02a35dc4587312f733984cf1b16c838d964152e9ac7202d736b35e43605a6c0cb77cd3954abcba8d8d8b8ab4709b1e3fc1a

    • SSDEEP

      6144:4iN2Zd+MBKKvybuRhKphpQxwWFPwBSglf8GtAf:4iUZK5buR2k1Bwhlf8GtAf

    Score
    1/10
    • Target

      clean.jar

    • Size

      1.1MB

    • MD5

      f4f45e49aa4fb12e1dd66eb2f1267130

    • SHA1

      3e5b53cac3e3c03dd2982083e91a658eb2f007ae

    • SHA256

      11d8fb0e4c8786cdb617ee1ce6afc083f12d13c760fcbfdab6db31b7f9544c0e

    • SHA512

      c49567387b8af6ac43dc4c288cf1256ca06e06c3c3b208cf1ae8c7cbe5b038c04c9e99781b78544e31122c909d8f412d14219f28ae3f9be99532da183a2dd410

    • SSDEEP

      24576:ZKzBF8ZG/T8mvuOeNNprNAdUxG99dG12hEak8z3YGRfydMm7ZHOss+T:Z4kWTMOeNNpOsGPs14EakVGdyd7Rp

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Queries account information for other applications stored on the device

      Application may abuse the framework's APIs to collect account information stored on the device.

    • Target

      exam.jar

    • Size

      172KB

    • MD5

      a87520c4e4edd6180789bf502441aea0

    • SHA1

      0a15451199061d00e4c3d2acec031d6416dd8153

    • SHA256

      c188bde669065bb6b54444328b395468030d9d59ed2c66df33d87e4d5ebbbe5f

    • SHA512

      0001564f7cfdff48f55d145df4b2ad266442925e7f5e1c706cb900a40962de01bfcc769fa0a011cea3622173b632bfb3aa053167865a2d2a149d40754ec317a6

    • SSDEEP

      3072:gdGKkvZxD33Rk4JPCETA/Dd9ieJq3uDu2cpRjt5u7XEQ3nkgxj743kCB/TmsZ:gIRxDRkc6ZDziD9p35631xjE3PBqE

    Score
    1/10
    • Target

      floatwin.jar

    • Size

      765KB

    • MD5

      18919fbbd880683e3ede6763fa48aa34

    • SHA1

      edef828c7780af651f9c215f480bea6f7c836023

    • SHA256

      3c56e52d66f3ecbeee9bfc530fdabaca0f789782cf0492070a22d7e7e2eff817

    • SHA512

      fbeb2ed9ebab623d3abfe99cb85d986755291c82fb78cebed394975c0bde363b18ac1aef4b8fd63e1265e9f8b2e4145ba660b444666412945f7927d502470a12

    • SSDEEP

      12288:Aoh/Xu8zekxXnz+udizrNxdwMmGwl4tc5ogStkP9FJqnS1k3ur1cd+rwJGrStcfJ:Xh/TK+Xnz+wirN49l4tmoFeqn/AcjJtM

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Queries the unique device ID (IMEI, MEID, IMSI)

MITRE ATT&CK Mobile v15

Tasks

static1

Score
6/10

behavioral1

Score
1/10

behavioral2

impact
Score
4/10

behavioral3

discoveryimpact
Score
6/10

behavioral4

discoveryimpact
Score
6/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

Score
1/10

behavioral8

collectiondiscovery
Score
7/10

behavioral9

collectiondiscovery
Score
7/10

behavioral10

collectiondiscovery
Score
7/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

bankercollectiondiscoveryimpactpersistence
Score
7/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

discoverypersistence
Score
6/10

behavioral31

discoverypersistence
Score
6/10

behavioral32

discovery
Score
6/10