General

  • Target

    a88cab3d3ed763d1afadd4757a2ae173_JaffaCakes118

  • Size

    16.8MB

  • Sample

    240614-je6zgszgnb

  • MD5

    a88cab3d3ed763d1afadd4757a2ae173

  • SHA1

    1532c8035d63a68ff8f847ffaffe4f80661680ce

  • SHA256

    a6cb7de1ce66a864b606171b8a1705af5166f7688774fd310ff4481c2969e380

  • SHA512

    b6ce47eaebb80fcab2b3b68b51f886445dc300ceb4a5bf7ac450dc6a29bca68228e62144a5da6c2e7e3aefd94819b16729f2fde9edb954bb2e9c9a7bbc6b3bc1

  • SSDEEP

    196608:LU2QPM6j3X1NTSf8xYnhBmzDNrc+/NOsewT8X5dOZ/16NhVNEZF7G4kYo7FvN05J:I2+PXSfwYhn+Mtm8X3OZ/16NuZaNWFxX

Malware Config

Targets

    • Target

      a88cab3d3ed763d1afadd4757a2ae173_JaffaCakes118

    • Size

      16.8MB

    • MD5

      a88cab3d3ed763d1afadd4757a2ae173

    • SHA1

      1532c8035d63a68ff8f847ffaffe4f80661680ce

    • SHA256

      a6cb7de1ce66a864b606171b8a1705af5166f7688774fd310ff4481c2969e380

    • SHA512

      b6ce47eaebb80fcab2b3b68b51f886445dc300ceb4a5bf7ac450dc6a29bca68228e62144a5da6c2e7e3aefd94819b16729f2fde9edb954bb2e9c9a7bbc6b3bc1

    • SSDEEP

      196608:LU2QPM6j3X1NTSf8xYnhBmzDNrc+/NOsewT8X5dOZ/16NhVNEZF7G4kYo7FvN05J:I2+PXSfwYhn+Mtm8X3OZ/16NuZaNWFxX

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

    • Queries information about the current nearby Wi-Fi networks

      Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

    • Requests cell location

      Uses Android APIs to to get current cell location.

    • Acquires the wake lock

    • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

    • Queries information about active data network

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Reads information about phone network operator.

    • Requests dangerous framework permissions

    • Target

      PlayerUIApk.apk

    • Size

      679KB

    • MD5

      214859b97c863807cb1d5cb599c65f34

    • SHA1

      37bad24715b80168de469280ac41b33c1d17aa8f

    • SHA256

      178987e039e604c6ad4e27f8010f7d47fbd657bd75a7211a42165a9d8a614709

    • SHA512

      f71e25780db96f7b13276b38ef7ce39268b4ead3fb9fd951fbd9d5c885389e0f6ab86d7bd2551795e213f6147a49e0070b5f8e958f343c7f996c5d74690bcf8f

    • SSDEEP

      12288:cP7Zlf0IWTvMn1kOW3tu2/o8JoIiWdENZJzCzVgMRRgRvm:cbMIWLMmO4iWdSJzC2MRR2vm

    Score
    1/10

MITRE ATT&CK Matrix

Tasks