General
-
Target
90856505ad24499042ce139ee985190e_JaffaCakes118
-
Size
18.6MB
-
Sample
240603-e1rz8sbc2z
-
MD5
90856505ad24499042ce139ee985190e
-
SHA1
104d06f2d2ab5e7ec569b9a025684466fc02749e
-
SHA256
1fb9013bff278259a6c99cbed5c231a07e55c570ce03d4566c1e15f61041355f
-
SHA512
882b8521ad8ef50c9a52acf4b54bf6338700b9119dea0112a547c9884d8b963cc36be4d3c2bdb7d554715f9df25577e70df1d13714db03841a2b6d0d0513fbc1
-
SSDEEP
393216:Up70AjaM9AY85pxETATCOnwHuKUbtJCVAmFG++LbK8Ma7yTCzgIiIwyUxsT/POOV:Uh0AjaFlGThOnwLYQwvKjLWzXzMw
Static task
static1
Behavioral task
behavioral1
Sample
90856505ad24499042ce139ee985190e_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Malware Config
Targets
-
-
Target
90856505ad24499042ce139ee985190e_JaffaCakes118
-
Size
18.6MB
-
MD5
90856505ad24499042ce139ee985190e
-
SHA1
104d06f2d2ab5e7ec569b9a025684466fc02749e
-
SHA256
1fb9013bff278259a6c99cbed5c231a07e55c570ce03d4566c1e15f61041355f
-
SHA512
882b8521ad8ef50c9a52acf4b54bf6338700b9119dea0112a547c9884d8b963cc36be4d3c2bdb7d554715f9df25577e70df1d13714db03841a2b6d0d0513fbc1
-
SSDEEP
393216:Up70AjaM9AY85pxETATCOnwHuKUbtJCVAmFG++LbK8Ma7yTCzgIiIwyUxsT/POOV:Uh0AjaFlGThOnwLYQwvKjLWzXzMw
-
Checks if the Android device is rooted.
-
Checks known Qemu files.
Checks for known Qemu files that exist on Android virtual device images.
-
Checks known Qemu pipes.
Checks for known pipes used by the Android emulator to communicate with the host.
-
Queries account information for other applications stored on the device
Application may abuse the framework's APIs to collect account information stored on the device.
-
Queries information about running processes on the device
Application may abuse the framework's APIs to collect information about running processes on the device.
-
Queries information about the current Wi-Fi connection
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries information about the current nearby Wi-Fi networks
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
-
Queries the mobile country code (MCC)
-
Queries the phone number (MSISDN for GSM devices)
-
Reads the contacts stored on the device.
-
Reads the content of photos stored on the user's device.
-
Registers a broadcast receiver at runtime (usually for listening for system events)
-
Checks if the internet connection is available
-
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org
-
Reads information about phone network operator.
-
Listens for changes in the sensor environment (might be used to detect emulation)
-
MITRE ATT&CK Mobile v15
Defense Evasion
Hide Artifacts
1User Evasion
1Virtualization/Sandbox Evasion
3System Checks
3Discovery
Location Tracking
1Process Discovery
1Software Discovery
1Security Software Discovery
1System Information Discovery
2System Network Configuration Discovery
3System Network Connections Discovery
3