General
-
Target
6c8c5ee755b8c13adde612c32c5483fd_JaffaCakes118
-
Size
1.8MB
-
Sample
240523-2y484scf2s
-
MD5
6c8c5ee755b8c13adde612c32c5483fd
-
SHA1
da914950b7882c9b0503d75eec3e8fee807d7a86
-
SHA256
ccc1f3b420bf31873185ae52a0404e8b8c0416fcf170a0bbe7531f77e8a637c0
-
SHA512
a632eb3385f031b5b2f90aa6514d3729d5e28bd92c0aff14d7f7ee88db1a77b3fc7bb2bba1778e8e318996e879617a192e656a0e5c0d81747011403ab234f97f
-
SSDEEP
49152:9u0Gtim4MuvOtBhrBSk+sLB0GtX0rmdgOavqGm1Q31B:90imFuvYBb+sL5krq/7E1B
Static task
static1
Behavioral task
behavioral1
Sample
6c8c5ee755b8c13adde612c32c5483fd_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
monkey.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral3
Sample
monkey.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral4
Sample
monkey.apk
Resource
android-x64-arm64-20240514-en
Behavioral task
behavioral5
Sample
gdtad.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral6
Sample
gdtad.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral7
Sample
gdtad.apk
Resource
android-x64-arm64-20240514-en
Malware Config
Targets
-
-
Target
6c8c5ee755b8c13adde612c32c5483fd_JaffaCakes118
-
Size
1.8MB
-
MD5
6c8c5ee755b8c13adde612c32c5483fd
-
SHA1
da914950b7882c9b0503d75eec3e8fee807d7a86
-
SHA256
ccc1f3b420bf31873185ae52a0404e8b8c0416fcf170a0bbe7531f77e8a637c0
-
SHA512
a632eb3385f031b5b2f90aa6514d3729d5e28bd92c0aff14d7f7ee88db1a77b3fc7bb2bba1778e8e318996e879617a192e656a0e5c0d81747011403ab234f97f
-
SSDEEP
49152:9u0Gtim4MuvOtBhrBSk+sLB0GtX0rmdgOavqGm1Q31B:90imFuvYBb+sL5krq/7E1B
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries information about the current Wi-Fi connection
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Registers a broadcast receiver at runtime (usually for listening for system events)
-
Checks if the internet connection is available
-
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org
-
Reads information about phone network operator.
-
Requests dangerous framework permissions
-
-
-
Target
monkey
-
Size
139KB
-
MD5
5f0944504b514eefc15612d33d6aef01
-
SHA1
13d3dfd0b368c7b7bdac29b30131a2ca74f1736a
-
SHA256
b5c5b1351a962a2e001ea75516734d1ed4c3a8c9c39dc8c498d4b68c9ceb55c2
-
SHA512
06b28c505bff8b431faaa411b15028e9d33e2be806e20e62071fbf78257f2a358e3010347d71a3a4a53d30d99986604f54884941bb6b3975fe57dbb763db35af
-
SSDEEP
3072:Wtfem2RTEDPv3wahHCK5fjts5pt0pTrNkLxn36FVf0wbY3znl08:JzRTQPPwahHlfRs5p+du36Rbslv
-
-
-
Target
gdtad.jar
-
Size
75KB
-
MD5
7068fc92af9e6dc686de8924e174180b
-
SHA1
e8c47cb6f40b058b96bc5ab1bbff6a0a1a2adf2b
-
SHA256
8b759e7358f706522f51d8774d38f264e13bd62dd49b1825b0ca7dfcc0c9e299
-
SHA512
05ab5cfb9df4cca02c43bbc81a8e8b10469dd27604d487591fe15d3620d8623bb19d30af9607430e0a73fd04df02ffbf551f5c1e58af24293f681c928395aaa0
-
SSDEEP
1536:P3AK+z0NSabIMKCxTEGDpCrLHgOnAOxyZV9r4L8fHROwbY3zZJYgwxx+p9/3:P3AKZNSafTrNkLxn36VVfYwbY3zZJY9W
Score1/10 -