General

  • Target

    aa46251fe5a7327bfb40d2b2e328ff6b_JaffaCakes118

  • Size

    12.4MB

  • Sample

    240614-r87rwavfqe

  • MD5

    aa46251fe5a7327bfb40d2b2e328ff6b

  • SHA1

    88c1a69331cb23db224deb0501f413d57fb5d3ce

  • SHA256

    a8bd38a5abbd6942a5c1e61b359b761c79dc53e16588d8b88ce00d7013d53d2b

  • SHA512

    32e70e7243d17b06a0eb647e85846228f4f40f4e38e45b8bbc6847c32c184ea98c217545856fbd443e83090dfcbd247d20f81eada936ea01551ed985dd0b3309

  • SSDEEP

    393216:jdtUt7y3YZtTII1cmE9dl2yFPV2TTVPEgkbRhM0mDdp73u:g7yIZN1cnPxFPQV8gw7LV

Malware Config

Targets

    • Target

      aa46251fe5a7327bfb40d2b2e328ff6b_JaffaCakes118

    • Size

      12.4MB

    • MD5

      aa46251fe5a7327bfb40d2b2e328ff6b

    • SHA1

      88c1a69331cb23db224deb0501f413d57fb5d3ce

    • SHA256

      a8bd38a5abbd6942a5c1e61b359b761c79dc53e16588d8b88ce00d7013d53d2b

    • SHA512

      32e70e7243d17b06a0eb647e85846228f4f40f4e38e45b8bbc6847c32c184ea98c217545856fbd443e83090dfcbd247d20f81eada936ea01551ed985dd0b3309

    • SSDEEP

      393216:jdtUt7y3YZtTII1cmE9dl2yFPV2TTVPEgkbRhM0mDdp73u:g7yIZN1cnPxFPQV8gw7LV

    • Checks if the Android device is rooted.

    • Checks known Qemu files.

      Checks for known Qemu files that exist on Android virtual device images.

    • Checks known Qemu pipes.

      Checks for known pipes used by the Android emulator to communicate with the host.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Requests cell location

      Uses Android APIs to to get current cell location.

    • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

    • Legitimate hosting services abused for malware hosting/C2

    • Queries information about active data network

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

MITRE ATT&CK Matrix

Tasks