Overview

overview

8

Static

static

6

6d04af25e1...18.apk

android-9-x86

8

6d04af25e1...18.apk

android-11-x64

8

LibMemoryL...or.apk

android-9-x86

1

LibMemoryL...or.apk

android-10-x64

1

LibMemoryL...or.apk

android-11-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6d04af25e1e9b7336d2e57afbd62b999_JaffaCakes118

  • Size

    15.2MB

  • Sample

    240524-chdnsahd71

  • MD5

    6d04af25e1e9b7336d2e57afbd62b999

  • SHA1

    37750e7a23b0fe3c3e876c1898c456d6b525da3f

  • SHA256

    1e8067ef7f6fce35184e7898724222374567f0f468edcff1d25e7636e0fb2528

  • SHA512

    1091b69b459446691b74979eeebf3118685296097b214989a05d6edca7c390019a241c63cd9563aeb69f9f2f20986acbb8f4385f7a02ca9d12938ab84a510042

  • SSDEEP

    393216:AS4kiviQJ95v4e751utE02uck8x3q1Nm/g4E6C:9/Qb75eETuc3x61A/gx

Score
8/10
androidcollectiondiscoveryevasionimpactpersistence

Malware Config

Targets

    • Target

      6d04af25e1e9b7336d2e57afbd62b999_JaffaCakes118

    • Size

      15.2MB

    • MD5

      6d04af25e1e9b7336d2e57afbd62b999

    • SHA1

      37750e7a23b0fe3c3e876c1898c456d6b525da3f

    • SHA256

      1e8067ef7f6fce35184e7898724222374567f0f468edcff1d25e7636e0fb2528

    • SHA512

      1091b69b459446691b74979eeebf3118685296097b214989a05d6edca7c390019a241c63cd9563aeb69f9f2f20986acbb8f4385f7a02ca9d12938ab84a510042

    • SSDEEP

      393216:AS4kiviQJ95v4e751utE02uck8x3q1Nm/g4E6C:9/Qb75eETuc3x61A/gx

    Score
    8/10
    collectiondiscoveryevasionimpactpersistence

    • Requests cell location

      Uses Android APIs to to get current cell information.

      collectiondiscovery

    • Requests cell location

      Uses Android APIs to to get current cell location.

      collectiondiscoveryevasion

    • Checks CPU information

      Checks CPU information which indicate if the system is an emulator.

      evasiondiscovery

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

      discovery

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

      discovery

    • Queries information about the current nearby Wi-Fi networks

      Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

      discovery

    • Registers a broadcast receiver at runtime (usually for listening for system events)

      persistence

    • Checks if the internet connection is available

      discovery

    • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

    • Reads information about phone network operator.

      discovery

    • Listens for changes in the sensor environment (might be used to detect emulation)

      evasion
    behavioral1behavioral2

    • Target

      LibMemoryLeakMonitor.apk

    • Size

      162KB

    • MD5

      1b72a34568e446a2c0d9cc6ca5c075d4

    • SHA1

      d5ef6d52d2c377d3e06de0ba36d0ab076b873ab0

    • SHA256

      a5d922b6773073d9c7600305ed9857f73d782f3bd8a52b4b2e5f1ab6ce172fe5

    • SHA512

      26cc1d82118702c09b7e3535eca0a65f4a3bca7dcccf0bd12e738d33259cfe7b5d67d2c33fb7a9b751930e09af786be2dfe9e5507aed39c6ea4f6a396d2159ab

    • SSDEEP

      3072:9ytCcMeJ3WUz3UDxvdpldyb1cEzUFVAvPoNLNWw7R8tEIsy+9kOueDY1eZuUycYm:9uCcMebz36HybCEzfXoNww6sJ6OBYyu2

    Score
    1/10
    behavioral3behavioral4behavioral5

MITRE ATT&CK Matrix

Tasks