Overview

overview

8

Static

static

6

83d5c4b2a0...18.apk

android-9-x86

8

83d5c4b2a0...18.apk

android-10-x64

8

83d5c4b2a0...18.apk

android-11-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    83d5c4b2a023403d1f4708fff0533eaa_JaffaCakes118

  • Size

    13.6MB

  • Sample

    240530-l3bvcsdg2y

  • MD5

    83d5c4b2a023403d1f4708fff0533eaa

  • SHA1

    2f7aac1addf79d6e7f46e02ed1e20c707faa0950

  • SHA256

    0b952b02824c47701066187433878ebfed9f7cbb1e931115676618d9eb7d2bfa

  • SHA512

    33e0d113c4e61d00666b3dede4d47258247159a17eaee28d223f28647f66169fe39622c154dc60515f6fdaa7bec60bd8c548d0dd6608cd47aef1937cb962c674

  • SSDEEP

    393216:1jyNj0cGzvsZG80rGzho36eVQkSRF3isSF2x+Ig8abE:1jyynk5hoxsyTgcnbE

Score
8/10
androidcollectioncredential_accessdiscoveryevasionimpactpersistence

Malware Config

Targets

    • Target

      83d5c4b2a023403d1f4708fff0533eaa_JaffaCakes118

    • Size

      13.6MB

    • MD5

      83d5c4b2a023403d1f4708fff0533eaa

    • SHA1

      2f7aac1addf79d6e7f46e02ed1e20c707faa0950

    • SHA256

      0b952b02824c47701066187433878ebfed9f7cbb1e931115676618d9eb7d2bfa

    • SHA512

      33e0d113c4e61d00666b3dede4d47258247159a17eaee28d223f28647f66169fe39622c154dc60515f6fdaa7bec60bd8c548d0dd6608cd47aef1937cb962c674

    • SSDEEP

      393216:1jyNj0cGzvsZG80rGzho36eVQkSRF3isSF2x+Ig8abE:1jyynk5hoxsyTgcnbE

    Score
    8/10
    collectiondiscoveryevasionimpactpersistencecredential_access

    • Requests cell location

      Uses Android APIs to to get current cell location.

      collectiondiscoveryevasion

    • Checks CPU information

      Checks CPU information which indicate if the system is an emulator.

      evasiondiscovery

    • Checks memory information

      Checks memory information which indicate if the system is an emulator.

      evasiondiscovery

    • Obtains sensitive information copied to the device clipboard

      Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

      collectioncredential_accessimpact

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

      discovery

    • Queries information about the current nearby Wi-Fi networks

      Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

      discovery

    • Queries the mobile country code (MCC)

      discovery

    • Registers a broadcast receiver at runtime (usually for listening for system events)

      persistence

    • Checks if the internet connection is available

      discovery

    • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

    • Queries the unique device ID (IMEI, MEID, IMSI)

      discovery

    • Reads information about phone network operator.

      discovery
    behavioral1behavioral2behavioral3

MITRE ATT&CK Mobile v15

Tasks