General

  • Target

    98c8259dc42b138a77a1df1234529614_JaffaCakes118

  • Size

    8.8MB

  • Sample

    240605-v5tydsea58

  • MD5

    98c8259dc42b138a77a1df1234529614

  • SHA1

    104706bc80db44d9be46c0ca87d655a106897467

  • SHA256

    deb741d2bedbb5dd0b72d24cdd27f1e4fe39bade094725ae52c2d66c96c4d768

  • SHA512

    0d93980d8c5f15a338aaee2cbab114117347ebbf64c6bb495e230c48172d9616e1ead3eef0c2f170d4e1e3bbebaa0f54d6164a22756126812c87b2a4a55db4b8

  • SSDEEP

    196608:RjUH7KElSpvbBy7RfYmVDdVVNrhg2hgz0+bt8fq0W8Nl2SM:Rjtfpv1yNAuhhPhgzl89W9j

Malware Config

Targets

    • Target

      98c8259dc42b138a77a1df1234529614_JaffaCakes118

    • Size

      8.8MB

    • MD5

      98c8259dc42b138a77a1df1234529614

    • SHA1

      104706bc80db44d9be46c0ca87d655a106897467

    • SHA256

      deb741d2bedbb5dd0b72d24cdd27f1e4fe39bade094725ae52c2d66c96c4d768

    • SHA512

      0d93980d8c5f15a338aaee2cbab114117347ebbf64c6bb495e230c48172d9616e1ead3eef0c2f170d4e1e3bbebaa0f54d6164a22756126812c87b2a4a55db4b8

    • SSDEEP

      196608:RjUH7KElSpvbBy7RfYmVDdVVNrhg2hgz0+bt8fq0W8Nl2SM:Rjtfpv1yNAuhhPhgzl89W9j

    • Checks if the Android device is rooted.

    • Checks Android system properties for emulator presence.

    • Checks Qemu related system properties.

      Checks for Android system properties related to Qemu for Emulator detection.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Queries information about the current nearby Wi-Fi networks

      Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

    • Requests cell location

      Uses Android APIs to to get current cell location.

    • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

    • Queries information about active data network

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

MITRE ATT&CK Mobile v15

Tasks