General

  • Target

    afd4b67b2f23f688df40929b18d6124c_JaffaCakes118

  • Size

    28.5MB

  • Sample

    240615-xcna9a1ckg

  • MD5

    afd4b67b2f23f688df40929b18d6124c

  • SHA1

    8f37d2957e9a4c405ced4ac782f5cadfbbe85645

  • SHA256

    99c9e3c2dc13326ab673ad980d560c345bca9d4730215a31e39974303ad0fbe2

  • SHA512

    4751c502a1f5422e6011e0fc9bc8b47800765ea4b1bf62eac6d28124ede44a0a24f38e10cd1af46479ed30b34fa6a593ba48b62817b92e391a3988420e8dc86f

  • SSDEEP

    786432:8KiNRdOm+4rivSUHBVBXkA+x0/GwCeLZ+Q2tBn43:8/Re4rKS0u2stBa

Malware Config

Targets

    • Target

      afd4b67b2f23f688df40929b18d6124c_JaffaCakes118

    • Size

      28.5MB

    • MD5

      afd4b67b2f23f688df40929b18d6124c

    • SHA1

      8f37d2957e9a4c405ced4ac782f5cadfbbe85645

    • SHA256

      99c9e3c2dc13326ab673ad980d560c345bca9d4730215a31e39974303ad0fbe2

    • SHA512

      4751c502a1f5422e6011e0fc9bc8b47800765ea4b1bf62eac6d28124ede44a0a24f38e10cd1af46479ed30b34fa6a593ba48b62817b92e391a3988420e8dc86f

    • SSDEEP

      786432:8KiNRdOm+4rivSUHBVBXkA+x0/GwCeLZ+Q2tBn43:8/Re4rKS0u2stBa

    • Checks if the Android device is rooted.

    • Checks Android system properties for emulator presence.

    • Checks known Qemu files.

      Checks for known Qemu files that exist on Android virtual device images.

    • Checks known Qemu pipes.

      Checks for known pipes used by the Android emulator to communicate with the host.

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

    • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

    • Queries information about active data network

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

MITRE ATT&CK Matrix

Tasks