General

  • Target

    9b0e34eecce3279259fe7676348f4b17_JaffaCakes118

  • Size

    10.9MB

  • Sample

    240610-r7wm8a1apm

  • MD5

    9b0e34eecce3279259fe7676348f4b17

  • SHA1

    9251ffa4b899db3274ac59ad3ad6fc4c120d1530

  • SHA256

    9d1e99e3e224563d7558ec1128e62c666373c91e99a6badb60024f26655b4564

  • SHA512

    49396bba69dac9d5aac0d97308e38cec90a7b891a59f4f699db9212ab7aca1f1bf9e53bbf205e569e600ec193a507c11e9df3670388d89279b94b337b5dcc190

  • SSDEEP

    196608:aZFXJGKy0FgBFJ4TUBAjvWXGhDBZA4gGq14bCcJ8qeT0BcRigGlKaoa:AZy0mBUYBQ+GhDfA4gYb78HWcwgGlKa9

Malware Config

Targets

    • Target

      9b0e34eecce3279259fe7676348f4b17_JaffaCakes118

    • Size

      10.9MB

    • MD5

      9b0e34eecce3279259fe7676348f4b17

    • SHA1

      9251ffa4b899db3274ac59ad3ad6fc4c120d1530

    • SHA256

      9d1e99e3e224563d7558ec1128e62c666373c91e99a6badb60024f26655b4564

    • SHA512

      49396bba69dac9d5aac0d97308e38cec90a7b891a59f4f699db9212ab7aca1f1bf9e53bbf205e569e600ec193a507c11e9df3670388d89279b94b337b5dcc190

    • SSDEEP

      196608:aZFXJGKy0FgBFJ4TUBAjvWXGhDBZA4gGq14bCcJ8qeT0BcRigGlKaoa:AZy0mBUYBQ+GhDfA4gYb78HWcwgGlKa9

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

    • Queries information about active data network

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Reads information about phone network operator.

    • Target

      NewMuMaYiMarket.apk

    • Size

      3.5MB

    • MD5

      060475bb8935b6ce583372154fff7180

    • SHA1

      084a087002c04ece06626a3b2685eb62c731a8f5

    • SHA256

      4653d410a8fe58822e6eb45e8548a548a48feb33ea8eec31ab763974299ef4e1

    • SHA512

      98786b62c57c4b121c178bba53fcde931ab9c3d02b4f303561dd9fdb365799806923dd6f4728700d6a1732b9888fc919466d267650a7083cdcfe4a6ad2fda03c

    • SSDEEP

      98304:CODDQIol5oqAzyK/wcU97IbEENbcuHDl9X:JBol5bAzyK3UWRcujlN

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

    • Queries information about active data network

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Reads information about phone network operator.

    • Target

      unicom_resource.dat

    • Size

      177KB

    • MD5

      5cfe8d468fe051860c18be0ab76b104b

    • SHA1

      764b20102d13040c495985cd2b900e403036cf1f

    • SHA256

      009ba4d87e96fbf126cabd023c2952f98fd0975755ce7b891d92ed4ce98fb957

    • SHA512

      add3b12bc41421ce73a64052265dd27fbdce2ce0376480b2958060f7607e30a5ab3e5df3482aaad959d60b0ff95ce6d08802c4b74a035a74d31d3692ea529507

    • SSDEEP

      3072:JPlYmBG2fTEuSzfr/k58otFhWduFjuttuZsdRY:JPlYUpcI8sFhAuauZsQ

    Score
    1/10

MITRE ATT&CK Mobile v15

Tasks