General

  • Target

    a352d16d2ec195383e39e5ce5bbffecc_JaffaCakes118

  • Size

    18.1MB

  • Sample

    240613-bmvx7asdqp

  • MD5

    a352d16d2ec195383e39e5ce5bbffecc

  • SHA1

    25a722b3a81f7a4731962e8ab3b872ac073ad687

  • SHA256

    90642849499a6d1cabb40c70c4d5f2f2b782b2fa3f84e619733d88a6b7ed03c9

  • SHA512

    84f54f9ea6dfbff368f3faae1b3f00bca27907fd72fbb29a22f7ef810d7dfda979b81146886ee377dccf698e27bca547726370604c0bdc3fc89d54b7efbf47b6

  • SSDEEP

    393216:z6yP6nhZkmvDYqArf7vONpkGqlPH6UFqFUllPCnFZCPrJcOA:cnhZkqcqmON7qdhvllanFZCPrJcj

Malware Config

Targets

    • Target

      a352d16d2ec195383e39e5ce5bbffecc_JaffaCakes118

    • Size

      18.1MB

    • MD5

      a352d16d2ec195383e39e5ce5bbffecc

    • SHA1

      25a722b3a81f7a4731962e8ab3b872ac073ad687

    • SHA256

      90642849499a6d1cabb40c70c4d5f2f2b782b2fa3f84e619733d88a6b7ed03c9

    • SHA512

      84f54f9ea6dfbff368f3faae1b3f00bca27907fd72fbb29a22f7ef810d7dfda979b81146886ee377dccf698e27bca547726370604c0bdc3fc89d54b7efbf47b6

    • SSDEEP

      393216:z6yP6nhZkmvDYqArf7vONpkGqlPH6UFqFUllPCnFZCPrJcOA:cnhZkqcqmON7qdhvllanFZCPrJcj

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Requests dangerous framework permissions

    • Target

      7723box_pjz.apk

    • Size

      1.3MB

    • MD5

      e289f461c283b18733dc096deb61d8c9

    • SHA1

      a1326cc213c071487c1b8ae26a0fa51fb41bedfc

    • SHA256

      85e97ed4033cdd94d5803837f1ae222809ca2e87d502c0bc2122427bd0119397

    • SHA512

      0eefaceed88dc68fa6e1ef532fd9d3a6312ae061e264d4d90918f9949741c83cf18a668dff99f90fa2193c69af81597f881f6e70a737802299fca387163ab797

    • SSDEEP

      24576:sPyqUePcCryD26+a2SHyAVHddI2gCGBS1G9lm3xcVcz0d8kM5NeRVWj:pqUePJWC6p9HRF/Id/oeVcAd8kM5Ne7k

    Score
    6/10
    • Acquires the wake lock

    • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

    • Queries information about active data network

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Reads information about phone network operator.

MITRE ATT&CK Matrix

Tasks