General

  • Target

    988f6442a1bedbf47d4520f5eb110415_JaffaCakes118

  • Size

    16.2MB

  • Sample

    240605-tfxsbabd5x

  • MD5

    988f6442a1bedbf47d4520f5eb110415

  • SHA1

    1e5f3af87836890bd3975c5d26553a6856092055

  • SHA256

    c7734c5b20909c6586a5c2f9bf777cd49c579a07fc529f2d6a2c62d62e844a1c

  • SHA512

    a0db5c3ffb5384e0fd583580cc41651fc305f6b939a7252aa0a9fab004bcafcefedeac1b3868115044d9efeb8d7550cb92e6d1bd0bbdf5f285df45bf16153b32

  • SSDEEP

    393216:Jh6RvJs1/2qH2NkzBr/elB3FuiX4hhHRiWKWGS/VJOb7z5Uy9G:j6RvJqMkzBrwFj2HR5JxJOb7FUKG

Malware Config

Targets

    • Target

      988f6442a1bedbf47d4520f5eb110415_JaffaCakes118

    • Size

      16.2MB

    • MD5

      988f6442a1bedbf47d4520f5eb110415

    • SHA1

      1e5f3af87836890bd3975c5d26553a6856092055

    • SHA256

      c7734c5b20909c6586a5c2f9bf777cd49c579a07fc529f2d6a2c62d62e844a1c

    • SHA512

      a0db5c3ffb5384e0fd583580cc41651fc305f6b939a7252aa0a9fab004bcafcefedeac1b3868115044d9efeb8d7550cb92e6d1bd0bbdf5f285df45bf16153b32

    • SSDEEP

      393216:Jh6RvJs1/2qH2NkzBr/elB3FuiX4hhHRiWKWGS/VJOb7z5Uy9G:j6RvJqMkzBrwFj2HR5JxJOb7FUKG

    • Checks if the Android device is rooted.

    • Checks known Qemu files.

      Checks for known Qemu files that exist on Android virtual device images.

    • Checks known Qemu pipes.

      Checks for known pipes used by the Android emulator to communicate with the host.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

    • Queries information about the current nearby Wi-Fi networks

      Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

    • Queries the phone number (MSISDN for GSM devices)

    • Requests cell location

      Uses Android APIs to to get current cell location.

    • Acquires the wake lock

    • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

    • Queries information about active data network

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Reads information about phone network operator.

MITRE ATT&CK Mobile v15

Tasks