General

  • Target

    8fd583bf07d99790c44d01adb0e7ca19_JaffaCakes118

  • Size

    8.9MB

  • Sample

    240602-3nca1sbd3t

  • MD5

    8fd583bf07d99790c44d01adb0e7ca19

  • SHA1

    36e06cdeaac025c1fdf3eb39a2aaf3842ef734eb

  • SHA256

    76b1fe4d88cddbd83ac9f28b6f5fa50475bc7f42bee869864e9dba3064dda1f2

  • SHA512

    9bd00924d0a2a15cb61960f21ea145f196ce5ed0ef625ae698a228ac226a6b67da98c346aa66ff99b9e557be9a35384385074883ad0d7c4b80ed962d12b690d1

  • SSDEEP

    196608:KJyHy8dHPZ7CXqZNr+6vA3CGiAXgTHeaIl0H3/hXiJhTo0sMrQAyK8lgxu+U8m9h:DHthPZ7Gc+A9THaO3xibTofMrQlv6hUZ

Malware Config

Targets

    • Target

      8fd583bf07d99790c44d01adb0e7ca19_JaffaCakes118

    • Size

      8.9MB

    • MD5

      8fd583bf07d99790c44d01adb0e7ca19

    • SHA1

      36e06cdeaac025c1fdf3eb39a2aaf3842ef734eb

    • SHA256

      76b1fe4d88cddbd83ac9f28b6f5fa50475bc7f42bee869864e9dba3064dda1f2

    • SHA512

      9bd00924d0a2a15cb61960f21ea145f196ce5ed0ef625ae698a228ac226a6b67da98c346aa66ff99b9e557be9a35384385074883ad0d7c4b80ed962d12b690d1

    • SSDEEP

      196608:KJyHy8dHPZ7CXqZNr+6vA3CGiAXgTHeaIl0H3/hXiJhTo0sMrQAyK8lgxu+U8m9h:DHthPZ7Gc+A9THaO3xibTofMrQlv6hUZ

    • Checks if the Android device is rooted.

    • Checks Android system properties for emulator presence.

    • Checks CPU information

      Checks CPU information which indicate if the system is an emulator.

    • Checks memory information

      Checks memory information which indicate if the system is an emulator.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Obtains sensitive information copied to the device clipboard

      Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Queries the mobile country code (MCC)

    • Registers a broadcast receiver at runtime (usually for listening for system events)

    • Checks if the internet connection is available

    • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

    • Reads information about phone network operator.

MITRE ATT&CK Mobile v15

Tasks