General

  • Target

    a0057bb657d607a59ba2a05d9974f023_JaffaCakes118

  • Size

    30.1MB

  • Sample

    240612-ka9p9awbjb

  • MD5

    a0057bb657d607a59ba2a05d9974f023

  • SHA1

    b97a7dfd6f75e3eb3a3a354b9345cad7359f3869

  • SHA256

    7b66d0ec6dfac74790bf189105b39e45afbe9f12f02bcc0b7f582e97bfbf4636

  • SHA512

    5168a8b2f68f8cbf049f92f678eaf9dfd5387e0f4b2eb864d7c5da0a88beaf24c48bb06cbac220f2ece0260caab6e45ccc6bbb7662a799e7a712eb598546304d

  • SSDEEP

    786432:YheUmDh+cnKuXRTXHL+yU4abNfA/vVIUF2tKu5J6dNaYlML:bLYcnKUbhiZEtIUF2tKu5JQl4

Malware Config

Targets

    • Target

      a0057bb657d607a59ba2a05d9974f023_JaffaCakes118

    • Size

      30.1MB

    • MD5

      a0057bb657d607a59ba2a05d9974f023

    • SHA1

      b97a7dfd6f75e3eb3a3a354b9345cad7359f3869

    • SHA256

      7b66d0ec6dfac74790bf189105b39e45afbe9f12f02bcc0b7f582e97bfbf4636

    • SHA512

      5168a8b2f68f8cbf049f92f678eaf9dfd5387e0f4b2eb864d7c5da0a88beaf24c48bb06cbac220f2ece0260caab6e45ccc6bbb7662a799e7a712eb598546304d

    • SSDEEP

      786432:YheUmDh+cnKuXRTXHL+yU4abNfA/vVIUF2tKu5J6dNaYlML:bLYcnKUbhiZEtIUF2tKu5JQl4

    • Checks if the Android device is rooted.

    • Checks known Qemu files.

      Checks for known Qemu files that exist on Android virtual device images.

    • Checks known Qemu pipes.

      Checks for known pipes used by the Android emulator to communicate with the host.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

    • Queries information about the current nearby Wi-Fi networks

      Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

    • Requests cell location

      Uses Android APIs to to get current cell information.

    • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

    • Queries information about active data network

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Reads information about phone network operator.

MITRE ATT&CK Mobile v15

Tasks