General

  • Target

    e5d247675ac5a1326fead1be2d22cf16_JaffaCakes118

  • Size

    3.0MB

  • Sample

    241212-lvfhkszpaw

  • MD5

    e5d247675ac5a1326fead1be2d22cf16

  • SHA1

    2c384fdaa45c5496fc649ae227fa7b5e9ae3e363

  • SHA256

    2ba94628cffefb0fc52a5bc61982b5e8dfd2f8afa03bd86030b200ff1c7c1c67

  • SHA512

    70c8a9084ce41b0ee48e95f761ec51b870aae2c93c0a492c20b043e659d410623360ab80aafb0590792fdcc7a5efd1a8920f0ee5bd289e5eb701de5f234d4fba

  • SSDEEP

    49152:ZZ3Fhu5v+oeX7tQ0gYZ1r6svkRQYGdHgMjVwAf6BwGf6fkPiK2pFd4MfXqiDo/Jz:ZTYtAZQ4wR7G5g4VbfOVu9FdhvWmkv

Malware Config

Targets

    • Target

      e5d247675ac5a1326fead1be2d22cf16_JaffaCakes118

    • Size

      3.0MB

    • MD5

      e5d247675ac5a1326fead1be2d22cf16

    • SHA1

      2c384fdaa45c5496fc649ae227fa7b5e9ae3e363

    • SHA256

      2ba94628cffefb0fc52a5bc61982b5e8dfd2f8afa03bd86030b200ff1c7c1c67

    • SHA512

      70c8a9084ce41b0ee48e95f761ec51b870aae2c93c0a492c20b043e659d410623360ab80aafb0590792fdcc7a5efd1a8920f0ee5bd289e5eb701de5f234d4fba

    • SSDEEP

      49152:ZZ3Fhu5v+oeX7tQ0gYZ1r6svkRQYGdHgMjVwAf6BwGf6fkPiK2pFd4MfXqiDo/Jz:ZTYtAZQ4wR7G5g4VbfOVu9FdhvWmkv

    • Hydra

      Android banker and info stealer.

    • Hydra family

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Queries information about active data network

    • Queries the mobile country code (MCC)

    • Reads information about phone network operator.

MITRE ATT&CK Mobile v15

Tasks