General
-
Target
995a0ea871f394cf3bedae6672d45142_JaffaCakes118
-
Size
30.7MB
-
Sample
240605-1vzzjsbc26
-
MD5
995a0ea871f394cf3bedae6672d45142
-
SHA1
b58134c97e503f95b08c34505a4e81fa83be4e60
-
SHA256
89b9cf8562478a4e1423e9af0a69277e3802a5b7624509038009cbe7ebe79c31
-
SHA512
41bcd2d9b83ae5fca09bf21b1f5d0ec3c7c8c7507a70c2970a6d70366720955ffe8f3bade514a63c4917abbf0a5141ebcf5fc8005d9304face9a8ba5d8d7e24a
-
SSDEEP
786432:cHTv6BaB+nJV3X3eWe54GNfSpSJWwV19aHJMcWmT7DAJIyUxqpMucQI:Ir6Uud3eBNJSKGJM9mT7TqpI
Static task
static1
Behavioral task
behavioral1
Sample
995a0ea871f394cf3bedae6672d45142_JaffaCakes118.apk
Resource
android-x86-arm-20240603-en
Behavioral task
behavioral2
Sample
995a0ea871f394cf3bedae6672d45142_JaffaCakes118.apk
Resource
android-x64-arm64-20240603-en
Behavioral task
behavioral3
Sample
mimo_asset.apk
Resource
android-x86-arm-20240603-en
Behavioral task
behavioral4
Sample
mimo_asset.apk
Resource
android-x64-20240603-en
Behavioral task
behavioral5
Sample
mimo_asset.apk
Resource
android-x64-arm64-20240603-en
Malware Config
Targets
-
-
Target
995a0ea871f394cf3bedae6672d45142_JaffaCakes118
-
Size
30.7MB
-
MD5
995a0ea871f394cf3bedae6672d45142
-
SHA1
b58134c97e503f95b08c34505a4e81fa83be4e60
-
SHA256
89b9cf8562478a4e1423e9af0a69277e3802a5b7624509038009cbe7ebe79c31
-
SHA512
41bcd2d9b83ae5fca09bf21b1f5d0ec3c7c8c7507a70c2970a6d70366720955ffe8f3bade514a63c4917abbf0a5141ebcf5fc8005d9304face9a8ba5d8d7e24a
-
SSDEEP
786432:cHTv6BaB+nJV3X3eWe54GNfSpSJWwV19aHJMcWmT7DAJIyUxqpMucQI:Ir6Uud3eBNJSKGJM9mT7TqpI
-
Renames multiple (53) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks if the Android device is rooted.
-
Checks Android system properties for emulator presence.
-
Obtains sensitive information copied to the device clipboard
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Queries information about running processes on the device
Application may abuse the framework's APIs to collect information about running processes on the device.
-
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org
-
Queries information about active data network
-
Queries information about the current Wi-Fi connection
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries the mobile country code (MCC)
-
Reads information about phone network operator.
-
-
-
Target
mimo_asset.apk
-
Size
300KB
-
MD5
b3bc6255feea6cd9398fa0cc9da7a88d
-
SHA1
85924ff9afd7531e191367a1c1c086829161fa19
-
SHA256
8de83f61dbba332ba95cdeefea24114adc08f483b45398a53bf06f5608e4d65e
-
SHA512
0020ec00005ac5127d9425dea6713980881d33b72c767c42d0237fad5cf403c751a6d8d153ce6b4286e227042b36c0909e2a7af55b635963193e6cc99e78a644
-
SSDEEP
6144:9ZuHNuP4S37gQ3HSBSZGFbtxTPgVpqzjDPNHcPLwyU8wgKZ/sCtYte:ewPD73HyVL0VpqzjrhW35KdJYte
Score1/10 -