General

  • Target

    adaa93b5cae7b403e78a18510543eacc_JaffaCakes118

  • Size

    23.5MB

  • Sample

    240615-kz5slaycjj

  • MD5

    adaa93b5cae7b403e78a18510543eacc

  • SHA1

    e9e7443760cc6760fd2c4ef6a4a2e7eddcff455f

  • SHA256

    37a43f95a37bdbc0e164675eaf6963ebca0c119df4a4ef182f8a65b57455e2dc

  • SHA512

    e0780ddf1313b1187a820d2a7b6aed2ffdb41adaf04f29d90e0dca14128f3b5d073153b8e03bae3369a91a8a07051ed24b9c533f86e8988d54b153e152d883de

  • SSDEEP

    393216:ZL4wpyRzrrGiVdcg2YG2kd2SM9sgt14XFgzl408jDVZOd+5WW2qIZH8Y8qCVw+40:Z4Pxig2Y426+ii408jXlT2qIZcY9qw+N

Malware Config

Targets

    • Target

      adaa93b5cae7b403e78a18510543eacc_JaffaCakes118

    • Size

      23.5MB

    • MD5

      adaa93b5cae7b403e78a18510543eacc

    • SHA1

      e9e7443760cc6760fd2c4ef6a4a2e7eddcff455f

    • SHA256

      37a43f95a37bdbc0e164675eaf6963ebca0c119df4a4ef182f8a65b57455e2dc

    • SHA512

      e0780ddf1313b1187a820d2a7b6aed2ffdb41adaf04f29d90e0dca14128f3b5d073153b8e03bae3369a91a8a07051ed24b9c533f86e8988d54b153e152d883de

    • SSDEEP

      393216:ZL4wpyRzrrGiVdcg2YG2kd2SM9sgt14XFgzl408jDVZOd+5WW2qIZH8Y8qCVw+40:Z4Pxig2Y426+ii408jXlT2qIZcY9qw+N

    • Checks if the Android device is rooted.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

    • Queries information about the current nearby Wi-Fi networks

      Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

    • Requests cell location

      Uses Android APIs to to get current cell location.

    • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

    • Queries information about active data network

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Queries the mobile country code (MCC)

    • Reads information about phone network operator.

    • Listens for changes in the sensor environment (might be used to detect emulation)

MITRE ATT&CK Mobile v15

Tasks