General
-
Target
8aaadf13ecb9eb77a13472237327af94_JaffaCakes118
-
Size
29.2MB
-
Sample
240601-rb6tbaeb9w
-
MD5
8aaadf13ecb9eb77a13472237327af94
-
SHA1
cb7058d9ca3ed9e4791a84e1c1fd623f4cd0e660
-
SHA256
d2509053b285c78296c6960e9b07da05713b96799c38cf9c4861ab1b4490ff11
-
SHA512
b360ae73536df90d9a1e839d1f05607acd1438e2228766bff1aed2b86bc757af13bb2a0a834ede063c155a1e1f92451794ccfd70cbfd60503c1b5cb9f33b4029
-
SSDEEP
393216:x9rp0pX4yNBzHeEoMYvzyTer0IrYgxnV5XNTfLoMRmg89:xpp0pXpB7eE+oeY2YgP5XNBx89
Static task
static1
Behavioral task
behavioral1
Sample
8aaadf13ecb9eb77a13472237327af94_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
rtk_app.apk
Resource
android-x86-arm-20240514-en
Malware Config
Targets
-
-
Target
8aaadf13ecb9eb77a13472237327af94_JaffaCakes118
-
Size
29.2MB
-
MD5
8aaadf13ecb9eb77a13472237327af94
-
SHA1
cb7058d9ca3ed9e4791a84e1c1fd623f4cd0e660
-
SHA256
d2509053b285c78296c6960e9b07da05713b96799c38cf9c4861ab1b4490ff11
-
SHA512
b360ae73536df90d9a1e839d1f05607acd1438e2228766bff1aed2b86bc757af13bb2a0a834ede063c155a1e1f92451794ccfd70cbfd60503c1b5cb9f33b4029
-
SSDEEP
393216:x9rp0pX4yNBzHeEoMYvzyTer0IrYgxnV5XNTfLoMRmg89:xpp0pXpB7eE+oeY2YgP5XNBx89
Score6/10-
Declares services with permission to bind to the system
-
Requests dangerous framework permissions
-
-
-
Target
rtk_app.apk
-
Size
2.6MB
-
MD5
6c7958fa0aaab85d1301461def35d378
-
SHA1
1d98e95cbf378edbff4cc279640a622eeb0dc51a
-
SHA256
3a69b0a413ee44e8da2a558457f3b9df4d8e65368586cf9d2dc48df75be700d1
-
SHA512
528073f2c0419b516e7ada1ec79c148328c5397c41c6f19389f22189279c0b50879d0c4c90a9330c2aa05e554dcf4792b9e3d4722ddf7c3cbdcd257494197732
-
SSDEEP
49152:wA1OFsf1w8ZLkmCWwB/ImagZ7xHC0vqz6DxJY0E9kh6RLddpt4KgQM:bOSw8mmCWwB/ImvHCWzYE6RG
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Queries information about the current Wi-Fi connection
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Registers a broadcast receiver at runtime (usually for listening for system events)
-
Checks if the internet connection is available
-
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org
-
Reads information about phone network operator.
-
MITRE ATT&CK Mobile v15
Defense Evasion
Input Injection
1Virtualization/Sandbox Evasion
1System Checks
1Discovery
Software Discovery
1Security Software Discovery
1System Information Discovery
1System Network Configuration Discovery
1System Network Connections Discovery
2