3353c08fee5cda5a29426a89804619faf9abbc48ad22b3165f306153a848f970

General

Target

a7f6eecd206dc3e9297be2cb5f4917c4_JaffaCakes118
Size

19.2MB
Sample

240614-esbnaavckb
MD5

a7f6eecd206dc3e9297be2cb5f4917c4
SHA1

e30aafa2cd125890b88c1ff2d8b2508e9b5eb189
SHA256

3353c08fee5cda5a29426a89804619faf9abbc48ad22b3165f306153a848f970
SHA512

1c52cb21580d23d87f42b34a1f536124ff5ba8eee796fc5161e42087dc08917e453eb1e5ae670f46501f011835807b7ad2126d71038d90713f35c46075d20e38
SSDEEP

393216:ByacdE/iXNoRkVzoeDOcreW3kpg3uiUEeg8tbH/8C92KNyxuDdG1jH55VD42U0Bl:BSi/iX6K09cUq3fSRHUC9QuD41jH55Vv

Score

8^/10

Malware Config

Targets

- Target
  
  a7f6eecd206dc3e9297be2cb5f4917c4_JaffaCakes118
- Size
  
  19.2MB
- MD5
  
  a7f6eecd206dc3e9297be2cb5f4917c4
- SHA1
  
  e30aafa2cd125890b88c1ff2d8b2508e9b5eb189
- SHA256
  
  3353c08fee5cda5a29426a89804619faf9abbc48ad22b3165f306153a848f970
- SHA512
  
  1c52cb21580d23d87f42b34a1f536124ff5ba8eee796fc5161e42087dc08917e453eb1e5ae670f46501f011835807b7ad2126d71038d90713f35c46075d20e38
- SSDEEP
  
  393216:ByacdE/iXNoRkVzoeDOcreW3kpg3uiUEeg8tbH/8C92KNyxuDdG1jH55VD42U0Bl:BSi/iX6K09cUq3fSRHUC9QuD41jH55Vv
Score

8^/10

collection discovery evasion execution impact persistence
- Checks if the Android device is rooted.
  evasion
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Queries account information for other applications stored on the device
  Application may abuse the framework's APIs to collect account information stored on the device.
  collection
- Queries information about running processes on the device
  Application may abuse the framework's APIs to collect information about running processes on the device.
  discovery
- Reads the content of photos stored on the user's device.
  collection
- Domain associated with commercial stalkerware software, includes indicators from echap.eu.org
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Queries information about active data network
  discovery
- Queries information about the current Wi-Fi connection
  Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
  discovery
- Queries the unique device ID (IMEI, MEID, IMSI)
  discovery
- Reads information about phone network operator.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Targets

Checks if the Android device is rooted.

Loads dropped Dex/Jar

Queries account information for other applications stored on the device

Queries information about running processes on the device

Reads the content of photos stored on the user's device.

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Makes use of the framework's foreground persistence service

Queries information about active data network

Queries information about the current Wi-Fi connection

Queries the unique device ID (IMEI, MEID, IMSI)

Reads information about phone network operator.

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2