General
-
Target
6c7778b001387ab1762f4dc1083afc52_JaffaCakes118
-
Size
12.1MB
-
Sample
240523-2erhxabd46
-
MD5
6c7778b001387ab1762f4dc1083afc52
-
SHA1
84f5c8f7248f7d04f26f0c466556958c4c98418a
-
SHA256
8165355d356aa160e47e62b4aa13d23825216a0a5ca2a74f5e6a00f5a0ef1578
-
SHA512
5e86e9296873fa7ee7843b543363e2cb16e3c70d83d91f95e1a76e570d6e8f0f2a74405085d72b48cba6063b268e8ca5506b89f0ae15d9765da050f90bbb482c
-
SSDEEP
196608:zEhUtLkb3s25kDMRWEWCb/9RSK31c49ZJbh+uU+eBU16veL9+JHB7L:zEhTH55Wlw/9tXZJAshbL9IB7L
Static task
static1
Behavioral task
behavioral1
Sample
6c7778b001387ab1762f4dc1083afc52_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Malware Config
Targets
-
-
Target
6c7778b001387ab1762f4dc1083afc52_JaffaCakes118
-
Size
12.1MB
-
MD5
6c7778b001387ab1762f4dc1083afc52
-
SHA1
84f5c8f7248f7d04f26f0c466556958c4c98418a
-
SHA256
8165355d356aa160e47e62b4aa13d23825216a0a5ca2a74f5e6a00f5a0ef1578
-
SHA512
5e86e9296873fa7ee7843b543363e2cb16e3c70d83d91f95e1a76e570d6e8f0f2a74405085d72b48cba6063b268e8ca5506b89f0ae15d9765da050f90bbb482c
-
SSDEEP
196608:zEhUtLkb3s25kDMRWEWCb/9RSK31c49ZJbh+uU+eBU16veL9+JHB7L:zEhTH55Wlw/9tXZJAshbL9IB7L
Score8/10-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries account information for other applications stored on the device
Application may abuse the framework's APIs to collect account information stored on the device.
-
Queries information about running processes on the device
Application may abuse the framework's APIs to collect information about running processes on the device.
-
Queries information about the current Wi-Fi connection
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries information about the current nearby Wi-Fi networks
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
-
Registers a broadcast receiver at runtime (usually for listening for system events)
-
Acquires the wake lock
-
Checks if the internet connection is available
-
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org
-
Reads information about phone network operator.
-
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Defense Evasion
Execution Guardrails
1Geofencing
1Foreground Persistence
1Virtualization/Sandbox Evasion
1System Checks
1