General
-
Target
abfe749ff2a81d52f50838c87cfaa2e3_JaffaCakes118
-
Size
31.8MB
-
Sample
240614-3ggxxs1alg
-
MD5
abfe749ff2a81d52f50838c87cfaa2e3
-
SHA1
5d2359fd3632ee04efd33b6e8820c19ab9f55ab7
-
SHA256
0c40d070d4fbf2ce76193d89ef6c204cdafa8ed66cc0f00107da15298561e9e2
-
SHA512
f36df25f4648cd635e3813e68b6885de914e3e6ec34b5709594ae7e242a0cfe5b9261a51a50448123782f00954f8497c46c0f3737eb68ab74d3cfbb726cd2c8b
-
SSDEEP
786432:vS/CD/fwUHoFBa2zbh0WaN+DCfi+63h7ctjQhKiJ03lwLCDJEq02vhnB11b:vnD3wRBa2zbENy03Eh60hKYwwLmC2vn
Static task
static1
Behavioral task
behavioral1
Sample
abfe749ff2a81d52f50838c87cfaa2e3_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral2
Sample
bdxadsdk.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral3
Sample
bdxadsdk.apk
Resource
android-x64-20240611.1-en
Behavioral task
behavioral4
Sample
bdxadsdk.apk
Resource
android-x64-arm64-20240611.1-en
Behavioral task
behavioral5
Sample
gdtadv2.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral6
Sample
gdtadv2.apk
Resource
android-x64-20240611.1-en
Behavioral task
behavioral7
Sample
gdtadv2.apk
Resource
android-x64-arm64-20240611.1-en
Malware Config
Targets
-
-
Target
abfe749ff2a81d52f50838c87cfaa2e3_JaffaCakes118
-
Size
31.8MB
-
MD5
abfe749ff2a81d52f50838c87cfaa2e3
-
SHA1
5d2359fd3632ee04efd33b6e8820c19ab9f55ab7
-
SHA256
0c40d070d4fbf2ce76193d89ef6c204cdafa8ed66cc0f00107da15298561e9e2
-
SHA512
f36df25f4648cd635e3813e68b6885de914e3e6ec34b5709594ae7e242a0cfe5b9261a51a50448123782f00954f8497c46c0f3737eb68ab74d3cfbb726cd2c8b
-
SSDEEP
786432:vS/CD/fwUHoFBa2zbh0WaN+DCfi+63h7ctjQhKiJ03lwLCDJEq02vhnB11b:vnD3wRBa2zbENy03Eh60hKYwwLmC2vn
-
Checks if the Android device is rooted.
-
Queries information about running processes on the device
Application may abuse the framework's APIs to collect information about running processes on the device.
-
Queries information about the current nearby Wi-Fi networks
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
-
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries information about active data network
-
Queries information about the current Wi-Fi connection
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
-
-
Target
bdxadsdk.jar
-
Size
85KB
-
MD5
33d29faa7d49af349942a7005f7c19d5
-
SHA1
a80e3ec3ce3b7a7a561b0c37642e9a33700d6a38
-
SHA256
0c51612ef512f40890a61bb43a82d75be042bb81e777256ce65434dafe0a8d12
-
SHA512
0095beb08d9de9bf53e22b5e19492c3b2dac97d35667c9b7d1740d188c816dbcb32d9eb28a49e0f1e5c0ec546d7e448e2471852fc716fd1a3107d05d9bea67e2
-
SSDEEP
1536:Svc+ZnAgFdQZNkbxjvVqepTNioTYX0ZNCou5yvZWvOcrR0ps/nwXlS3oMlAz3SIB:S9zkZ2NqepTNlPooKOcr2pFVMkC8
Score1/10 -
-
-
Target
gdtadv2.jar
-
Size
149KB
-
MD5
5bbd4987057c6aa8f1992d72206c68a9
-
SHA1
3a2b6dae68dce8239f680c2684c648238bc1bf36
-
SHA256
2a7fea6e019debe6a0b0c8a5bff40a0451133d3f122d3bcb8f28aed615c50539
-
SHA512
ec138779d809f32ffe54998314263546f630fef799bb3cbf61fd494706724a3f756e0b3a5e721765b121a053b56cbe3e39f8edd09c17cae8289d677f9c4b8f73
-
SSDEEP
3072:s9ECghK7Pic1Oy3c/obh2acQZD8+jb1gUKno8+l7kSVi:sig7KijlbhncQ58CCUKolkSM
Score1/10 -
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Defense Evasion
Download New Code at Runtime
1Foreground Persistence
1Virtualization/Sandbox Evasion
1System Checks
1