General

  • Target

    abfe749ff2a81d52f50838c87cfaa2e3_JaffaCakes118

  • Size

    31.8MB

  • Sample

    240614-3ggxxs1alg

  • MD5

    abfe749ff2a81d52f50838c87cfaa2e3

  • SHA1

    5d2359fd3632ee04efd33b6e8820c19ab9f55ab7

  • SHA256

    0c40d070d4fbf2ce76193d89ef6c204cdafa8ed66cc0f00107da15298561e9e2

  • SHA512

    f36df25f4648cd635e3813e68b6885de914e3e6ec34b5709594ae7e242a0cfe5b9261a51a50448123782f00954f8497c46c0f3737eb68ab74d3cfbb726cd2c8b

  • SSDEEP

    786432:vS/CD/fwUHoFBa2zbh0WaN+DCfi+63h7ctjQhKiJ03lwLCDJEq02vhnB11b:vnD3wRBa2zbENy03Eh60hKYwwLmC2vn

Malware Config

Targets

    • Target

      abfe749ff2a81d52f50838c87cfaa2e3_JaffaCakes118

    • Size

      31.8MB

    • MD5

      abfe749ff2a81d52f50838c87cfaa2e3

    • SHA1

      5d2359fd3632ee04efd33b6e8820c19ab9f55ab7

    • SHA256

      0c40d070d4fbf2ce76193d89ef6c204cdafa8ed66cc0f00107da15298561e9e2

    • SHA512

      f36df25f4648cd635e3813e68b6885de914e3e6ec34b5709594ae7e242a0cfe5b9261a51a50448123782f00954f8497c46c0f3737eb68ab74d3cfbb726cd2c8b

    • SSDEEP

      786432:vS/CD/fwUHoFBa2zbh0WaN+DCfi+63h7ctjQhKiJ03lwLCDJEq02vhnB11b:vnD3wRBa2zbENy03Eh60hKYwwLmC2vn

    • Checks if the Android device is rooted.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

    • Queries information about the current nearby Wi-Fi networks

      Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

    • Requests cell location

      Uses Android APIs to to get current cell information.

    • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

    • Queries information about active data network

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Target

      bdxadsdk.jar

    • Size

      85KB

    • MD5

      33d29faa7d49af349942a7005f7c19d5

    • SHA1

      a80e3ec3ce3b7a7a561b0c37642e9a33700d6a38

    • SHA256

      0c51612ef512f40890a61bb43a82d75be042bb81e777256ce65434dafe0a8d12

    • SHA512

      0095beb08d9de9bf53e22b5e19492c3b2dac97d35667c9b7d1740d188c816dbcb32d9eb28a49e0f1e5c0ec546d7e448e2471852fc716fd1a3107d05d9bea67e2

    • SSDEEP

      1536:Svc+ZnAgFdQZNkbxjvVqepTNioTYX0ZNCou5yvZWvOcrR0ps/nwXlS3oMlAz3SIB:S9zkZ2NqepTNlPooKOcr2pFVMkC8

    Score
    1/10
    • Target

      gdtadv2.jar

    • Size

      149KB

    • MD5

      5bbd4987057c6aa8f1992d72206c68a9

    • SHA1

      3a2b6dae68dce8239f680c2684c648238bc1bf36

    • SHA256

      2a7fea6e019debe6a0b0c8a5bff40a0451133d3f122d3bcb8f28aed615c50539

    • SHA512

      ec138779d809f32ffe54998314263546f630fef799bb3cbf61fd494706724a3f756e0b3a5e721765b121a053b56cbe3e39f8edd09c17cae8289d677f9c4b8f73

    • SSDEEP

      3072:s9ECghK7Pic1Oy3c/obh2acQZD8+jb1gUKno8+l7kSVi:sig7KijlbhncQ58CCUKolkSM

    Score
    1/10

MITRE ATT&CK Mobile v15

Tasks