General
-
Target
6ef3ec9f552a4225c2fc3a861b876f04_JaffaCakes118
-
Size
2.5MB
-
Sample
240524-spd6wsac9w
-
MD5
6ef3ec9f552a4225c2fc3a861b876f04
-
SHA1
e9adbcfdf6fec79ae03da4052d8e55b019ffef37
-
SHA256
0dc474a1488e06f13fcb75759006b073b0d58f9617f51e5e851f1545476a6b66
-
SHA512
178101023781c6fe7d8b9be0b49b84a4089b7741cd60e6be9a350489faf07a5da03b1e2f05afc23ab8e0dc43d7f86aa519f0c7d58e5b97bf198338c6c41173a4
-
SSDEEP
49152:zhI608Vq0rEpZwN9C5oUUD9NzT/76v2rDJwAJ9cNDqS5m:qh8Vq0rEp+N9CiU49s2JwAJ92qSs
Malware Config
Targets
-
-
Target
6ef3ec9f552a4225c2fc3a861b876f04_JaffaCakes118
-
Size
2.5MB
-
MD5
6ef3ec9f552a4225c2fc3a861b876f04
-
SHA1
e9adbcfdf6fec79ae03da4052d8e55b019ffef37
-
SHA256
0dc474a1488e06f13fcb75759006b073b0d58f9617f51e5e851f1545476a6b66
-
SHA512
178101023781c6fe7d8b9be0b49b84a4089b7741cd60e6be9a350489faf07a5da03b1e2f05afc23ab8e0dc43d7f86aa519f0c7d58e5b97bf198338c6c41173a4
-
SSDEEP
49152:zhI608Vq0rEpZwN9C5oUUD9NzT/76v2rDJwAJ9cNDqS5m:qh8Vq0rEp+N9CiU49s2JwAJ92qSs
Score8/10-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
-
Checks CPU information
Checks CPU information which indicate if the system is an emulator.
-
Queries account information for other applications stored on the device
Application may abuse the framework's APIs to collect account information stored on the device.
-
Queries information about the current Wi-Fi connection
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Registers a broadcast receiver at runtime (usually for listening for system events)
-
Checks if the internet connection is available
-
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org
-
Queries the unique device ID (IMEI, MEID, IMSI)
-
Reads information about phone network operator.
-
Schedules tasks to execute at a specified time
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
-