General
-
Target
a0057bb657d607a59ba2a05d9974f023_JaffaCakes118
-
Size
30.1MB
-
Sample
240612-ka9p9awbjb
-
MD5
a0057bb657d607a59ba2a05d9974f023
-
SHA1
b97a7dfd6f75e3eb3a3a354b9345cad7359f3869
-
SHA256
7b66d0ec6dfac74790bf189105b39e45afbe9f12f02bcc0b7f582e97bfbf4636
-
SHA512
5168a8b2f68f8cbf049f92f678eaf9dfd5387e0f4b2eb864d7c5da0a88beaf24c48bb06cbac220f2ece0260caab6e45ccc6bbb7662a799e7a712eb598546304d
-
SSDEEP
786432:YheUmDh+cnKuXRTXHL+yU4abNfA/vVIUF2tKu5J6dNaYlML:bLYcnKUbhiZEtIUF2tKu5JQl4
Static task
static1
Behavioral task
behavioral1
Sample
a0057bb657d607a59ba2a05d9974f023_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
Malware Config
Targets
-
-
Target
a0057bb657d607a59ba2a05d9974f023_JaffaCakes118
-
Size
30.1MB
-
MD5
a0057bb657d607a59ba2a05d9974f023
-
SHA1
b97a7dfd6f75e3eb3a3a354b9345cad7359f3869
-
SHA256
7b66d0ec6dfac74790bf189105b39e45afbe9f12f02bcc0b7f582e97bfbf4636
-
SHA512
5168a8b2f68f8cbf049f92f678eaf9dfd5387e0f4b2eb864d7c5da0a88beaf24c48bb06cbac220f2ece0260caab6e45ccc6bbb7662a799e7a712eb598546304d
-
SSDEEP
786432:YheUmDh+cnKuXRTXHL+yU4abNfA/vVIUF2tKu5J6dNaYlML:bLYcnKUbhiZEtIUF2tKu5JQl4
Score8/10-
Checks if the Android device is rooted.
-
Checks known Qemu files.
Checks for known Qemu files that exist on Android virtual device images.
-
Checks known Qemu pipes.
Checks for known pipes used by the Android emulator to communicate with the host.
-
Queries information about running processes on the device
Application may abuse the framework's APIs to collect information about running processes on the device.
-
Queries information about the current nearby Wi-Fi networks
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
-
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries information about active data network
-
Queries information about the current Wi-Fi connection
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Reads information about phone network operator.
-
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Defense Evasion
Download New Code at Runtime
1Foreground Persistence
1Virtualization/Sandbox Evasion
4System Checks
4