General

  • Target

    8aaadf13ecb9eb77a13472237327af94_JaffaCakes118

  • Size

    29.2MB

  • Sample

    240601-rb6tbaeb9w

  • MD5

    8aaadf13ecb9eb77a13472237327af94

  • SHA1

    cb7058d9ca3ed9e4791a84e1c1fd623f4cd0e660

  • SHA256

    d2509053b285c78296c6960e9b07da05713b96799c38cf9c4861ab1b4490ff11

  • SHA512

    b360ae73536df90d9a1e839d1f05607acd1438e2228766bff1aed2b86bc757af13bb2a0a834ede063c155a1e1f92451794ccfd70cbfd60503c1b5cb9f33b4029

  • SSDEEP

    393216:x9rp0pX4yNBzHeEoMYvzyTer0IrYgxnV5XNTfLoMRmg89:xpp0pXpB7eE+oeY2YgP5XNBx89

Malware Config

Targets

    • Target

      8aaadf13ecb9eb77a13472237327af94_JaffaCakes118

    • Size

      29.2MB

    • MD5

      8aaadf13ecb9eb77a13472237327af94

    • SHA1

      cb7058d9ca3ed9e4791a84e1c1fd623f4cd0e660

    • SHA256

      d2509053b285c78296c6960e9b07da05713b96799c38cf9c4861ab1b4490ff11

    • SHA512

      b360ae73536df90d9a1e839d1f05607acd1438e2228766bff1aed2b86bc757af13bb2a0a834ede063c155a1e1f92451794ccfd70cbfd60503c1b5cb9f33b4029

    • SSDEEP

      393216:x9rp0pX4yNBzHeEoMYvzyTer0IrYgxnV5XNTfLoMRmg89:xpp0pXpB7eE+oeY2YgP5XNBx89

    Score
    6/10
    • Declares services with permission to bind to the system

    • Requests dangerous framework permissions

    • Target

      rtk_app.apk

    • Size

      2.6MB

    • MD5

      6c7958fa0aaab85d1301461def35d378

    • SHA1

      1d98e95cbf378edbff4cc279640a622eeb0dc51a

    • SHA256

      3a69b0a413ee44e8da2a558457f3b9df4d8e65368586cf9d2dc48df75be700d1

    • SHA512

      528073f2c0419b516e7ada1ec79c148328c5397c41c6f19389f22189279c0b50879d0c4c90a9330c2aa05e554dcf4792b9e3d4722ddf7c3cbdcd257494197732

    • SSDEEP

      49152:wA1OFsf1w8ZLkmCWwB/ImagZ7xHC0vqz6DxJY0E9kh6RLddpt4KgQM:bOSw8mmCWwB/ImvHCWzYE6RG

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Checks CPU information

      Checks CPU information which indicate if the system is an emulator.

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Registers a broadcast receiver at runtime (usually for listening for system events)

    • Checks if the internet connection is available

    • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

    • Reads information about phone network operator.

MITRE ATT&CK Mobile v15

Tasks