General
-
Target
6e2ab37c4cf26d9e8ee7cf0696f63eb8_JaffaCakes118
-
Size
10.0MB
-
Sample
240524-l99pzade57
-
MD5
6e2ab37c4cf26d9e8ee7cf0696f63eb8
-
SHA1
3ff3cb4ee1c40d3cd20e3eb025fdb238efb48107
-
SHA256
f0c86c5d28b4aab065fcd8aa873dba4835acf5aaadee21916e3f50c61bff22f4
-
SHA512
2a6fdfe42a3f0ac70a2950671562e86ef58b949859f427528dc72904fbdf2348df17fcf66e3f4abe04e2a1cd93eb5c939bfea8fb7875b1f7f6606c9751115b82
-
SSDEEP
196608:9KB3j3AXlXh3oT9LdkP3mXPkctewZ5Wi61+pR9DJXBypwMaKV0ixBWA:9a3j3gxepqPIxfzXe+v9D3uwPPA
Malware Config
Targets
-
-
Target
6e2ab37c4cf26d9e8ee7cf0696f63eb8_JaffaCakes118
-
Size
10.0MB
-
MD5
6e2ab37c4cf26d9e8ee7cf0696f63eb8
-
SHA1
3ff3cb4ee1c40d3cd20e3eb025fdb238efb48107
-
SHA256
f0c86c5d28b4aab065fcd8aa873dba4835acf5aaadee21916e3f50c61bff22f4
-
SHA512
2a6fdfe42a3f0ac70a2950671562e86ef58b949859f427528dc72904fbdf2348df17fcf66e3f4abe04e2a1cd93eb5c939bfea8fb7875b1f7f6606c9751115b82
-
SSDEEP
196608:9KB3j3AXlXh3oT9LdkP3mXPkctewZ5Wi61+pR9DJXBypwMaKV0ixBWA:9a3j3gxepqPIxfzXe+v9D3uwPPA
Score8/10-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
-
Checks CPU information
Checks CPU information which indicate if the system is an emulator.
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries information about the current Wi-Fi connection
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Registers a broadcast receiver at runtime (usually for listening for system events)
-
Acquires the wake lock
-
Checks if the internet connection is available
-
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org
-
Reads information about phone network operator.
-
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Defense Evasion
Foreground Persistence
1Virtualization/Sandbox Evasion
1System Checks
1