General

  • Target

    88b35d179028c8b336cb43263603da5a_JaffaCakes118

  • Size

    27.3MB

  • Sample

    241103-at4m8syrcw

  • MD5

    88b35d179028c8b336cb43263603da5a

  • SHA1

    160455066bad5cdf0ee7cc1cb513453f55780619

  • SHA256

    63e1e75afa71297c24fb6049b529c67c60223d041ad9a5f413248f130738745c

  • SHA512

    4896495c7d92aa6e89b9ea6ec78ea997d6e9008f2d022cd471a8ab7e8083246c5865ff7c63fb87d0639dfd1a50c49ea8b1cbbcfa951516032c9d4bd24de01ca3

  • SSDEEP

    786432:LG9uax0LYUFnTNie+nfpTa0h0BkIZWXSI20Slf24:RM6YUdxiVfQ0hSkIZs120z4

Malware Config

Targets

    • Target

      88b35d179028c8b336cb43263603da5a_JaffaCakes118

    • Size

      27.3MB

    • MD5

      88b35d179028c8b336cb43263603da5a

    • SHA1

      160455066bad5cdf0ee7cc1cb513453f55780619

    • SHA256

      63e1e75afa71297c24fb6049b529c67c60223d041ad9a5f413248f130738745c

    • SHA512

      4896495c7d92aa6e89b9ea6ec78ea997d6e9008f2d022cd471a8ab7e8083246c5865ff7c63fb87d0639dfd1a50c49ea8b1cbbcfa951516032c9d4bd24de01ca3

    • SSDEEP

      786432:LG9uax0LYUFnTNie+nfpTa0h0BkIZWXSI20Slf24:RM6YUdxiVfQ0hSkIZs120z4

    • Checks if the Android device is rooted.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

    • Queries information about the current nearby Wi-Fi networks

      Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

    • Queries the phone number (MSISDN for GSM devices)

    • Requests cell location

      Uses Android APIs to to get current cell location.

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

    • Queries information about active data network

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Reads information about phone network operator.

    • Requests dangerous framework permissions

    • Target

      com.wuba.car.apk

    • Size

      2.1MB

    • MD5

      37e0415b1f324ebafc8d20f3ee55ca3b

    • SHA1

      794ac6906f41597f6e6564671ce5344e88822925

    • SHA256

      d0567d0029e7dd665c344475dc3ad007e2f82800c66defaced7406332cc5480e

    • SHA512

      9af85f29fcf7881c20672d4dcf10066db2cf9dae9aaae700002ded95b783591cdb4dafb0bb58632e0a2cad605c5d92ed410491f593613113bd97da1aa2959309

    • SSDEEP

      49152:HhcF/O2/iIhMgALBAcsAOqWsqskJtSQOV8tuPB7+/L1vQF2z9/:B+/O2/ThMg+BAcs7lsqskJtSQ3teBSjZ

    Score
    1/10
    • Target

      com.wuba.house.apk

    • Size

      3.0MB

    • MD5

      735adbc439d01fce05471d362fb31c8a

    • SHA1

      3ea6001a8587191256043bbd6bb49be70b30847d

    • SHA256

      381899d1407024a69d0a448f3a590cad156b193ee4f820afbd3e9711aa96681e

    • SHA512

      dc53f15c7e6b4d52eb1a5b4a4f16bb961e7fc94c833ce44c4ef0ba8d36dd47d7a4a14e2d2ae81f9d845d183e936ac4be328df86f3f85cf2c3179ae842186dd61

    • SSDEEP

      98304:cdLmSYqk+jTrxetIssL9scJTEUO5VO9S/1vQFX/:yYb+dO3Oyy

    Score
    1/10
    • Target

      com.wuba.huangye.apk

    • Size

      1.8MB

    • MD5

      f82a70bdc1834f7fe1fa0cef1d8fe6d4

    • SHA1

      aeb1dd11054bfeb47dabf6dfcd0a582d4d249e23

    • SHA256

      34e07406f778b28580485cee2d6a175cf7d264fef68158d1d48e08ee05a5c322

    • SHA512

      86713fd3b7b62799521643126ae41a13135897eda4494d72f952716b9f4c9306f20e178a069fee7cfe8fad246cfa78ea3201e21889638a5693ff8e2443a44fc5

    • SSDEEP

      49152:KYRPm3aAxDTpwisrUgo5nRcvvvNObUjJm7+//1vQF2+t:K2Pm3jxfpwisggo5nRjbAmS31vQF/t

    Score
    1/10
    • Target

      com.wuba.job.apk

    • Size

      2.9MB

    • MD5

      e0524d85890f8415650eac8cc005b533

    • SHA1

      3d822dfd60b620b84fe97130d483d3265d29f027

    • SHA256

      cf114c6ba40fe8479f9ed5f5ce00925de5dcf215c7388be04ccd937119209a78

    • SHA512

      05fed10fda54acfb962acb249456b39485b8b8652a9191fbf49b2bea435113ce26b6433235dd6b4816f0d36f562b1a94c0339190035f7164df133b50361bb1a1

    • SSDEEP

      49152:Ii6P2fCowOjQD6aMiNhAPJO6sve7LDFC8FHILP6XA1zRmipnJgF7+/O1vQF2k/mm:IHP2fTwQQD6aDhAPY6s27LDE3P6CzRMo

    Score
    1/10
    • Target

      com.wuba.sale.apk

    • Size

      1.9MB

    • MD5

      da20cac0204e1e3a1a0d146ed2d26658

    • SHA1

      876ec01273706e426fd9660e1cc46aa43bc29c5a

    • SHA256

      b7b2443b09ff8f6d41f2f7858073d4a7d860904a92ff018b832b1fd5ae3e014d

    • SHA512

      04d526bf0e5a45261cc7eb9c8842716711986ab6dd5b86953d9de3836f22eb2493fd9e0626c6e32c95c4a540f8997b6d4d5f3cccfb23e7abef1f84f5df850cef

    • SSDEEP

      49152:5H7lK6V/Pk+w20gIss2w1bsPflItr/aM7+/21vQF2UhXyx:5blK6dPr70gIssrbsPfefS+1vQFdXyx

    Score
    1/10
    • Target

      com.wuba.thirdapps.kuaidi100.apk

    • Size

      409KB

    • MD5

      fb4025dc6e54494f3e9e55f4b89beb53

    • SHA1

      0b590f53c9d4f17bed5cbeeb85bab13388aca2b2

    • SHA256

      a951001ca0ca0476679134af5fd60a5d66a9661d9cfd5f4b05d6fe3a2ab903a0

    • SHA512

      293de7bd3562190e6d665a4e03e18a979170cba08567a874b2cee3b5c60cda176d53e4eb79bd500caeb1df2f58a010490bb5ef404a551ab2f5ba4025e67db3db

    • SSDEEP

      12288:CRiw4FZE2S77rAoI/rpE3BgbpoVlgWrNs4qXMFtmNU2I7QCSyhMc:CRrX6uEtMFtmNYQCDhMc

    Score
    1/10

MITRE ATT&CK Mobile v15

Tasks