ff039728f489e9644bd53825bb22cd9bfb574740d88540a2aa1b7c635526bbf5

Sharing

Copy URL

Twitter E-mail

General

Target

9ee9752135d276b5e91282695f9dc95a_JaffaCakes118
Size

2.5MB
Sample

241126-a9t4qsslbk
MD5

9ee9752135d276b5e91282695f9dc95a
SHA1

f5856d5d93ebf00c2924790fe2954b937e598d43
SHA256

ff039728f489e9644bd53825bb22cd9bfb574740d88540a2aa1b7c635526bbf5
SHA512

a937bc7a440cd0d6ba02bb8971ec61378b72b01f4403d572851b76b687f09c0ca50d3a53e7116d18a67120ecd4fe6d06ac9a51946be64f8336a4c4f53c0dfed4
SSDEEP

49152:RhAyegIXJpFLcykewnkghafPGjONr5f4/vON3q2F5LukFF/:RhaBJpFLTcnNfSzyvOsYt/

Score

7^/10

Malware Config

Targets

- Target
  
  9ee9752135d276b5e91282695f9dc95a_JaffaCakes118
- Size
  
  2.5MB
- MD5
  
  9ee9752135d276b5e91282695f9dc95a
- SHA1
  
  f5856d5d93ebf00c2924790fe2954b937e598d43
- SHA256
  
  ff039728f489e9644bd53825bb22cd9bfb574740d88540a2aa1b7c635526bbf5
- SHA512
  
  a937bc7a440cd0d6ba02bb8971ec61378b72b01f4403d572851b76b687f09c0ca50d3a53e7116d18a67120ecd4fe6d06ac9a51946be64f8336a4c4f53c0dfed4
- SSDEEP
  
  49152:RhAyegIXJpFLcykewnkghafPGjONr5f4/vON3q2F5LukFF/:RhaBJpFLTcnNfSzyvOsYt/
Score

7^/10

collection discovery impact persistence
- Queries information about running processes on the device
  Application may abuse the framework's APIs to collect information about running processes on the device.
  discovery
- Queries the phone number (MSISDN for GSM devices)
  discovery
- Reads the content of SMS inbox messages.
  collection
- Reads the content of the SMS messages.
  collection
- Queries information about active data network
  discovery
- Queries the mobile country code (MCC)
  discovery
behavioral1
- Target
  
  com.skymobi.pay.plugin.main_v10010.pl
- Size
  
  56KB
- MD5
  
  f7ac8045aed15eb38ffad345cf33389e
- SHA1
  
  c07acd8c9b82d029669e4befa08830df804f0d3e
- SHA256
  
  e6c51d15ade2eaff2ce08fc9b7826c97cf4b47db05054b22b3a8e775f21cb8a0
- SHA512
  
  267a0036597282cd1dbaaf8204aa5eadf82543fb0af449b9ae0a4d9eb878e29514f2332725c8ef35b74fe5e7fd23c20924b9bf53c4cdb29fa7bde53d02753c83
- SSDEEP
  
  1536:/0dSymllAt4YjEIbDZT8OT7m3WNlSN2rpcSPqNF5oa:vK4YYInZT5Hm3wFldPqNFya
Score

1^/10
behavioral2 behavioral3 behavioral4
- Target
  
  com.skymobi.pay.plugin.recordupload_v10009.pl
- Size
  
  38KB
- MD5
  
  55c24dc00f667f62ee0cc0dfca41fc28
- SHA1
  
  1811dd0ba5f5bdfeef743332b7ef1b8e4097a23c
- SHA256
  
  8199c84eb1412ac9f13edc3bff4cd66e788847143bd0c8497ce7f699a0d68e77
- SHA512
  
  b5a5269065f4bcf05c560315255c49dc7eafc015458eca425f6b44eec0ee74c3e1d481e06df70deca25056a8fd070efb5adcf364061a8e5c1e26fb8e102caf69
- SSDEEP
  
  768:Tf5Ui0Wh/Ndv7j7LF12NADhHl2ASeCYuD:+WNNdDJ0NahHMAS3D
Score

1^/10
behavioral5 behavioral6 behavioral7
- Target
  
  com.skymobi.pay.plugin.smspay_v10015.pl
- Size
  
  206KB
- MD5
  
  e5ac4347c4d13f0e3cc929ad78372f88
- SHA1
  
  97960a66ff300158e0b74c0122fcf9d80ed8cd93
- SHA256
  
  74b6542895aeef975ea0aacd8d3c29145543438f86d120ca46c6083d2a3dac1b
- SHA512
  
  0c20a1b348106b6582742b35a48ba703a24616e34a28b1eedc009d64d090a8157a1c167e3d6efa04fe9b3e7fbb93bb7616323c6a19e23a343c850b05892ee372
- SSDEEP
  
  6144:L5dvOF1MABFzlYGgbwhkIftWJ5CfO+j8/Yj:dAF1MAJh26WvCfO+j8/Yj
Score

1^/10
behavioral10 behavioral8 behavioral9
- Target
  
  skymobi_pay_wxplugin.apk
- Size
  
  33KB
- MD5
  
  73d8a99bf9de4eb876f1739627197190
- SHA1
  
  135f99fe90f129274c74f5c9b032294bfae3d05a
- SHA256
  
  6d6f22a6688689b35a723620794bc03e958a69e1770073bd921d3c6129733f26
- SHA512
  
  d5d9068f5fbf3c85bafb8edf084c40e4411814f02542cde120815951c6a2cfae78a0b08f930ef7143f10145ce0abcbd942c44f54afbb0d963ba47c653a162049
- SSDEEP
  
  768:iwFX6Lei59coj/94ML6plol/S54bLhWQeJ:iwF0t5jj1/LMcaivhWQC
Score

4^/10

persistence
behavioral11 behavioral12 behavioral13
- Target
  
  unicom_resource.dat
- Size
  
  41KB
- MD5
  
  5fc87888ecf3a4bcc60e2db055b2e766
- SHA1
  
  8f80d454f5d1e4e39e469f29a2658d460c73222f
- SHA256
  
  4307d3609485339da7438d4f27169a1399edbb8daa31a63cbefe69663f7f323c
- SHA512
  
  cbbfde6679cb3f345531b20ec98f9c5b81acc6f60dbac348ed06f363e2533c586949567604439287abf5739b717fc2edfada53d7bb6da0a61fc1a019d36886ae
- SSDEEP
  
  768:F0IUSGCpONOKIfwiFWAkEsDVop56mAQZuYMiELqYRc15:5XbpO4KsOQZuYHaRcP
Score

1^/10
behavioral14 behavioral15 behavioral16

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Protected User Data

T1636

SMS Messages

T1636.004

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Tasks

Sharing

General

Malware Config

Targets

Queries information about running processes on the device

Queries the phone number (MSISDN for GSM devices)

Reads the content of SMS inbox messages.

Reads the content of the SMS messages.

Queries information about active data network

Queries the mobile country code (MCC)

MITRE ATT&CK Mobile v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16