General

  • Target

    988e2ce3e14ce47c08b143d4fd47e3c6_JaffaCakes118

  • Size

    31.8MB

  • Sample

    240605-tdw31acb64

  • MD5

    988e2ce3e14ce47c08b143d4fd47e3c6

  • SHA1

    5c08ce5d15f13bc17c97c47ad2cdf85e24a25128

  • SHA256

    2606e9e7d3cb402b2fad8512a65ef3620c3e54fea44a2e5af5d2be2bc4c572e2

  • SHA512

    27a5d602b80ede0259da9713fce8c402532101c2cb8b4da38d0b13572c9f2227969f0cf51a12edf19eb3b2118e477344a3630445d7195d36e2fff48c5e4a4396

  • SSDEEP

    786432:O00u4CdF0npDgGfMsOTl9L2H8KMNeUiTphkaeUXzDjcky:O0lNrapnMsGL5KkexpKSXc7

Malware Config

Targets

    • Target

      988e2ce3e14ce47c08b143d4fd47e3c6_JaffaCakes118

    • Size

      31.8MB

    • MD5

      988e2ce3e14ce47c08b143d4fd47e3c6

    • SHA1

      5c08ce5d15f13bc17c97c47ad2cdf85e24a25128

    • SHA256

      2606e9e7d3cb402b2fad8512a65ef3620c3e54fea44a2e5af5d2be2bc4c572e2

    • SHA512

      27a5d602b80ede0259da9713fce8c402532101c2cb8b4da38d0b13572c9f2227969f0cf51a12edf19eb3b2118e477344a3630445d7195d36e2fff48c5e4a4396

    • SSDEEP

      786432:O00u4CdF0npDgGfMsOTl9L2H8KMNeUiTphkaeUXzDjcky:O0lNrapnMsGL5KkexpKSXc7

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

    • Queries information about active data network

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Reads information about phone network operator.

    • Target

      360AccountCenter.apk

    • Size

      69KB

    • MD5

      b6cec8eaa3b584302e778bf5adf91020

    • SHA1

      18caca7a3b22d01dbfd14d87e5bba0532160aef8

    • SHA256

      c989fa3a3da852ff9c7feeaaec5ba10585bced49fabfa6e6d7c36705caa01f8f

    • SHA512

      11cdd14b1fb4d336a39c956962048c262c6e4987909ab58124c6afcaf39c35a77e5333be51852dd81c98cc1bbfc68bcf26df87a478318549028604633674107c

    • SSDEEP

      1536:Qyn7Tn9sACVWqTQ9vrdi1/acqWDSiA8Wn+CNlCY1IF/t0tza:RlaXQVAEcLSi8nkY25t0Va

    Score
    1/10
    • Target

      UPPayPlugin.apk

    • Size

      428KB

    • MD5

      b18f818799c791c81e8ec68275bacf5f

    • SHA1

      0cd7503b1803de1a05bb1159402638e1fcc961b5

    • SHA256

      8af3f0d5fedb27e6399dc9516b48bf175d42fa2ca4d49a1739ccbf568e9ca91b

    • SHA512

      e9871f3abba4f1874fcbac6ebfc8dd0ba334e187dc087f94dc92ba332ebf4630a37531912c3c0adf6addbef1772a6fd57b89977beba2be65b5cec9ee4295f8ba

    • SSDEEP

      12288:NZcg0xqnyhk/nRnUBcOIvTxCT/7YHvDp+a:NZyxqnyhkfZOIv4/UP9+a

    Score
    1/10
    • Target

      alipay_plugin.apk

    • Size

      354KB

    • MD5

      7b3353b143078dbafd37485f8136728e

    • SHA1

      f2d312754bb2c4854849381997561d09a90b4fb9

    • SHA256

      e86f24838e0aa5527adf3d129652bf70b67990989bf7e8c8d61c3356231ce1ac

    • SHA512

      0f326957abeebaed130da1f6ec7a53de5dd9671d6ae7d975f2b6172af4c323df81efd0f6d4b8a1e4197d5dd35d4419c658f1c936a404bbf9d7e73ee71a5e06f8

    • SSDEEP

      6144:Iv8DL7okgHi/BBs3dWcfihtB7+Y3Ju4g2Tf5C8EcPK+WvyQcy2fny43:Iv67gC/BBsNWfh3VcG5CLE8Rcy2fny43

    • Requests cell location

      Uses Android APIs to to get current cell location.

    • Queries information about active data network

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Target

      pro.jar

    • Size

      340KB

    • MD5

      15bba7ef94733357290f9fa497b0d9b0

    • SHA1

      711c49a3f95ad820831121dca8457353c78053ac

    • SHA256

      8c5bc659bfc15882f27b3c8b661a14822161f23ecc4660ac5df7a5fc50edc77e

    • SHA512

      776b67f1cc3dbe7909257b3ab515266343d20e25827604564e73fb0251b8dedbc6f9dd4b80c852dcdc135729ee38336e225041ed48db26e45f13266df34de841

    • SSDEEP

      6144:gZa4jUlS7IsF4uttCO4F1WWiHoPoOpVoq1nAq+OPzt8SMlNUsgIEhVDW9bqomVxU:VsUBYCzzW5ITpSgAaPziSkN0IEhVa9OG

    Score
    1/10

MITRE ATT&CK Mobile v15

Tasks