7d50ec7aa69d2e85ac7c963c14adeca97fb8be548788f9f8ddd6a0175780f5bc

General

Target

6df3810ea9deffad9a44bd182b10aa3d_JaffaCakes118
Size

25.6MB
Sample

240524-ktfxaabg7s
MD5

6df3810ea9deffad9a44bd182b10aa3d
SHA1

d3fffcf9f67832337ed45f5995063d3e7554803b
SHA256

7d50ec7aa69d2e85ac7c963c14adeca97fb8be548788f9f8ddd6a0175780f5bc
SHA512

100fb05851fd903f108384965a92b41bb848c66e3962e1ecd41b563478ab2d3a687e9d72edcea8d07b037ee8b5e0149138637a63ccb0bae1963c211f6b3f4b38
SSDEEP

393216:ZXeo4CYT7IwG81UpSimXEVD/yWKJypOd5Jk4SCFX/KwkMROxYyOkvpjCX+FVAENg:ZXzo7pGT/mUVFaPWMPKxMI3A62EN4x

Score

8^/10

Malware Config

Targets

- Target
  
  6df3810ea9deffad9a44bd182b10aa3d_JaffaCakes118
- Size
  
  25.6MB
- MD5
  
  6df3810ea9deffad9a44bd182b10aa3d
- SHA1
  
  d3fffcf9f67832337ed45f5995063d3e7554803b
- SHA256
  
  7d50ec7aa69d2e85ac7c963c14adeca97fb8be548788f9f8ddd6a0175780f5bc
- SHA512
  
  100fb05851fd903f108384965a92b41bb848c66e3962e1ecd41b563478ab2d3a687e9d72edcea8d07b037ee8b5e0149138637a63ccb0bae1963c211f6b3f4b38
- SSDEEP
  
  393216:ZXeo4CYT7IwG81UpSimXEVD/yWKJypOd5Jk4SCFX/KwkMROxYyOkvpjCX+FVAENg:ZXzo7pGT/mUVFaPWMPKxMI3A62EN4x
Score

8^/10

banker collection discovery evasion impact persistence
- Checks if the Android device is rooted.
  evasion
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Requests cell location
  Uses Android APIs to to get current cell location.
  collection discovery evasion
- Checks Android system properties for emulator presence.
  evasion
- Checks CPU information
  Checks CPU information which indicate if the system is an emulator.
  evasion discovery
- Checks memory information
  Checks memory information which indicate if the system is an emulator.
  evasion discovery
- Queries information about the current Wi-Fi connection
  Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
  discovery
- Queries information about the current nearby Wi-Fi networks
  Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
  discovery
- Queries the mobile country code (MCC)
  discovery
- Registers a broadcast receiver at runtime (usually for listening for system events)
  persistence
- Acquires the wake lock
- Checks if the internet connection is available
  discovery
- Domain associated with commercial stalkerware software, includes indicators from echap.eu.org
- Reads information about phone network operator.
  discovery
behavioral1
- Target
  
  dynamic1111.jar
- Size
  
  107KB
- MD5
  
  35c4cfbc0a433d640181796a6f99400f
- SHA1
  
  d6094ee48191f6ebd0c41b9c8bb6f73a5bb9b3d6
- SHA256
  
  7306f7c9bfb0b152a4b4cf53a23f69558724cf237e477d0a302f5ce12af20104
- SHA512
  
  c4da54f8408d84db0f9b78b4d7431ef7273c266980c9ecad0afc25b593d2b2701f087a9dfe9dbc62e3ce4dc3ec127167bbea59b27ecbe40d08258f20f960dbb3
- SSDEEP
  
  3072:526YUeTinBtiDpVeqbZaug/eBXmdPMIpEBGngwOBpUhiAce:DsTin+1VeqbZauHXMgXDUOe
Score

1^/10
behavioral2 behavioral3 behavioral4

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Targets

Checks if the Android device is rooted.

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Requests cell location

Checks Android system properties for emulator presence.

Checks CPU information

Checks memory information

Queries information about the current Wi-Fi connection

Queries information about the current nearby Wi-Fi networks

Queries the mobile country code (MCC)

Registers a broadcast receiver at runtime (usually for listening for system events)

Acquires the wake lock

Checks if the internet connection is available

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Reads information about phone network operator.

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4