7e8b5cdf7cd8e2abf020012872e1e4056b6043e8ea83dc4b81a8a5c9f2858d30

Sharing

Copy URL

Twitter E-mail

General

Target

91a7acb61c7f8a7c0d0233bfe0efd8af_JaffaCakes118
Size

21.5MB
Sample

240603-nvpgladc5w
MD5

91a7acb61c7f8a7c0d0233bfe0efd8af
SHA1

7c7fb388584eee19dc90401409ff7a4b7114962a
SHA256

7e8b5cdf7cd8e2abf020012872e1e4056b6043e8ea83dc4b81a8a5c9f2858d30
SHA512

134810e3718a05b124068cab7a5f9bf54b5b4e4577857bbb050afa27843cf2c565a19537fd73fe06f741113447ad6aed642fba8f44974399930af7b7051db930
SSDEEP

393216:JHQpmtgNTp2naorZFRC6A2uONXZj2pdMqVatHJNdUGAj9wPe0pLMeCAhZo+V0Lnm:JUqQTp2nao9fxPuwXFS2tHJNk9wPe0Rf

Score

7^/10

Malware Config

Targets

- Target
  
  91a7acb61c7f8a7c0d0233bfe0efd8af_JaffaCakes118
- Size
  
  21.5MB
- MD5
  
  91a7acb61c7f8a7c0d0233bfe0efd8af
- SHA1
  
  7c7fb388584eee19dc90401409ff7a4b7114962a
- SHA256
  
  7e8b5cdf7cd8e2abf020012872e1e4056b6043e8ea83dc4b81a8a5c9f2858d30
- SHA512
  
  134810e3718a05b124068cab7a5f9bf54b5b4e4577857bbb050afa27843cf2c565a19537fd73fe06f741113447ad6aed642fba8f44974399930af7b7051db930
- SSDEEP
  
  393216:JHQpmtgNTp2naorZFRC6A2uONXZj2pdMqVatHJNdUGAj9wPe0pLMeCAhZo+V0Lnm:JUqQTp2nao9fxPuwXFS2tHJNk9wPe0Rf
Score

7^/10

discovery evasion impact persistence
- Checks CPU information
  Checks CPU information which indicate if the system is an emulator.
  evasion discovery
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Queries information about running processes on the device
  Application may abuse the framework's APIs to collect information about running processes on the device.
  discovery
- Queries information about the current Wi-Fi connection
  Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
  discovery
- Registers a broadcast receiver at runtime (usually for listening for system events)
  persistence
- Checks if the internet connection is available
  discovery
- Domain associated with commercial stalkerware software, includes indicators from echap.eu.org
- Reads information about phone network operator.
  discovery
behavioral1 behavioral2
- Target
  
  01ef0de2a918e7d488ff3af863efe2d1.jar
- Size
  
  207KB
- MD5
  
  541f8a736540fa6b26cadda9d6681337
- SHA1
  
  62e7bac68837c254762217d97f71a4bdb7fc8bef
- SHA256
  
  c1f412f3bade7dc1f331b71ecbe50c4d585c870050ad896a5f1eda65c74373ca
- SHA512
  
  96dc6d7b8584a00d9cbee649d1e686c4f6a0c2afc5db67f0fd2599305f89a125d94193d47f54753de21d8b0026da77d5573022d4b7530b2e22ce3d9addeb6803
- SSDEEP
  
  6144:F1Y7q8QdHF3eayTQGbOz3V7baoAi5OgylL:/Yo3eT8BbaoAi5P6L
Score

1^/10
behavioral3 behavioral4 behavioral5
- Target
  
  031f263f331ba38cd12687b037fae0e9.jar
- Size
  
  36KB
- MD5
  
  11ab38c76d6315cdaee522b76364b901
- SHA1
  
  bf575cb97e908f6351b4a5e39e458a7cda269b0f
- SHA256
  
  24f9952f78ff7e5a642ac8b30b5615b1d82e099ce12ab9333bb7645cd75bb025
- SHA512
  
  fd5a713a54b665b136b4092f7470863cf26a91577c208bc24a8020e2e37e6527ffe9b7298458bd4ccda2bdd5804d2e5cb926efc676842ff9a7ea2992c3a9d56c
- SSDEEP
  
  768:obflit5plP0cjqkin091yO6ibjEcNrd50nEMpRj/gB/zw3MAf61AjP:n5pldOBn091yOFjfz0JpRj/GU3MAf5z
Score

1^/10
behavioral6 behavioral7 behavioral8
- Target
  
  0eed6a1d138b5fc185c6c7f34ff12c50.jar
- Size
  
  432KB
- MD5
  
  5104fe961685d2ffba76496771251f4d
- SHA1
  
  8d4725888ea2508f53273d15d403e0a6ca7cde5d
- SHA256
  
  723ef165f8c7f15ef4005f73444fc853e39084c2fff7b690ea5f4941db70c85d
- SHA512
  
  b95018ad7891782bebd7086e39dd28784874f4937327117755202835065902483c1e40b437a40b1c0c04697460ca7bfdf93d6d3570147faa4d8e354e54b67b00
- SSDEEP
  
  6144:3IaFVIGiZh8Si9OaHp2qz7Dm174CnN9sg6mzKQzeffuwtcSoWklBkDim5KXkYcv:33F6pZho9X2uDqDnYg6SKQancNWklaIy
Score

1^/10
behavioral10 behavioral11 behavioral9
- Target
  
  110af6bc5252a2bbf78573a2487b7252.jar
- Size
  
  151KB
- MD5
  
  70c3070cdef73e16e19277e8af3072b9
- SHA1
  
  61f0f09b6f829373b3969e6e0bc08688e8f66b11
- SHA256
  
  52bb9ec016ed09a4de5d77e62a05be08567cb6a579eee48b57a4d2ab908ab798
- SHA512
  
  da47cd265e9cbeaba49e6f9455ae6b9ee3ec21c577dc76a53c0a2fb5adf348e9df5651479611896c326f1a981d9f4aa507ebee105cead518a7a25747df8e53d6
- SSDEEP
  
  3072:j5k7ZP+gvMTBXzn/wTas279BbNmF6YsW2vTcF6cQ6u253UVHJZRw3b:OZPgBXjOaJG6lokcT53oa3b
Score

1^/10
behavioral12 behavioral13 behavioral14
- Target
  
  28166f3fd042f3feec6dcd31311b52ac.jar
- Size
  
  758KB
- MD5
  
  9d14246539030abc1fe7df0813e33b43
- SHA1
  
  fb412648822fdddbbd03e96136bddf457e3ab766
- SHA256
  
  b9f6a5d518f1d1bee04a8cdb8e5881d2bc3c8b96030beef6cf685053f12e7cf2
- SHA512
  
  3285e18ddebb07e56fb5b4d273b9297d58e2b631833f3fadf9bcad5afe42f4a75a23ba6a7e082981e81cc5cbc57fd4d0b75272e9c44a55d0d4e44d5c92b28b5f
- SSDEEP
  
  12288:v90Bfj6EQneXonnL9619JLbaTu6CpJERyU924eRp77fPdhV6KYfyeeeUee8L1cFF:v90tnceoGUu6CpJrU4l9r6jO9WAywXnb
Score

1^/10
behavioral15 behavioral16 behavioral17
- Target
  
  32bc7f24abcf80a5ac5fa4d2c445ced8.jar
- Size
  
  182KB
- MD5
  
  3fa49bdeec89ae73d2b94edfd87569d8
- SHA1
  
  95eda4dde37b60dd55b8db77848db9cd9469325f
- SHA256
  
  6a28eed150c9e94cf74aa5d24a048717713daa21aca457b4818c4c30035dd47c
- SHA512
  
  681c89ef1c1088636b0949d44965ecf9eaf553844706b0ab47650244b5af5fb2f56e3aa411d192e081bcbd599443da4b66ea8100b79d9dad0b1a83a33355c032
- SSDEEP
  
  3072:CAkuF23zHe8z6yNfW3eEjocqCa6VsSEQwtif6/s6fqbopkSjnxbrkX0Gw:CAkuY368z8eVv6OSrCif6XqbDAnxbrk2
Score

1^/10
behavioral18 behavioral19 behavioral20
- Target
  
  3619165b0c03bec2ae9f0dc452ccb7d3.jar
- Size
  
  163KB
- MD5
  
  1f7e778c014ea6bf44bd94aa62848acd
- SHA1
  
  0e31229ab0f423c56c81a2952c33e061403afb5f
- SHA256
  
  a6b3f822e0a1dd2f33f90711f7b59f95db0de93ec6297ec73a3dd7b7ccf6ead8
- SHA512
  
  a63c747b0c176342c14de44741cf006cdd55626cdec915e0561d7954ee63fc03f58aba21e50814550845d8a153af7da7a005eaf591ba8d92b986c1eb74834b86
- SSDEEP
  
  3072:z2YvSCgLN4bPv5NUK5/cRMRjwXuRVRbPfhuyL0avLYch0/Rchyt/E:JK/ObP7Uq+uRTbnhuyoYLb0pUSE
Score

1^/10
behavioral21 behavioral22 behavioral23
- Target
  
  570dbe5b27f3d4937a429874c4f1485a.jar
- Size
  
  998KB
- MD5
  
  a8da20ccc8da08b51bbac2cd11da40db
- SHA1
  
  c670fc3e50dc3e6d6abb7affa00ce91b26a86f5a
- SHA256
  
  66b3096ef63b416689e910255cd1e4fbf8d668f044886324b21a32fcc3988954
- SHA512
  
  3fec18ecc64cc67d2499760104c1f9228a87308392e398629c755d4bcc592a3e6808bb805bea7b4d6303a3d8ff79032dc741482205218aceeeedbeb269a345f4
- SSDEEP
  
  24576:qcRuy6nPln+1RZXjKMRMnzX+31auMtr87xU+f97MH:qn5nd+ZzKMCnzX+31Y87xrhMH
Score

1^/10
behavioral24 behavioral25 behavioral26
- Target
  
  6169765fa6d71b4b9c8d3d901acffa7b.jar
- Size
  
  878KB
- MD5
  
  5e2f1207f6433f62a111f9f2dc9b26d5
- SHA1
  
  34f940a6b4d79e8a06114a882f8ae1fb8d7924a0
- SHA256
  
  8cdad107f842cffe74ecc4e19e6b04dcb1688f30dbf909d8d01217144712bb38
- SHA512
  
  9dcc0d1f75097f4919d69dd64408c2e254cd81b3e15eb8e37e87a0991744aa5b680846142ea638d26b5447fb82560af897cf36ea00b5a568609ae3c66061a911
- SSDEEP
  
  12288:q7u+E4XpwQzrsVj6Ya5SHIrsjzNIybm/VH5GKuxKhg933FybOvIYJLYVO9:QpuUrsZ6jrsXWy6d5GWwnpI4MS
Score

1^/10
behavioral27 behavioral28 behavioral29
- Target
  
  6bb3f15885249d7b931913ef6142385b.jar
- Size
  
  273KB
- MD5
  
  4ded04297b05a2b9d626e4f3153f878b
- SHA1
  
  a5fce843a0dc943c8dc521ca0677612fbbcf1287
- SHA256
  
  5d327cffe9eba884814063f83f8a1adbb2fe0fe45cb4fa654c449937875c45f2
- SHA512
  
  a6552ae6687a4a756b1fc817ae52ea2b7903c6585735f9e8869f70b3ddea108d74b741b1c5d3fe23ff0ff704fda80c61dd98949f8a8e84a1ab3282ef009b2fb2
- SSDEEP
  
  6144:c4FsLcAQTtpwXkOlguLVLZd4vHNwEczRx2syqV0Xl1oCDAstwDSqwkhS:TsLt1xdoG1V88CU5SwhS
Score

1^/10
behavioral30 behavioral31 behavioral32

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Tasks

Sharing

General

Malware Config

Targets

Checks CPU information

Loads dropped Dex/Jar

Queries information about running processes on the device

Queries information about the current Wi-Fi connection

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks if the internet connection is available

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Reads information about phone network operator.

MITRE ATT&CK Mobile v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32