General

  • Target

    b19f7883944e49e190236c9d4f9071d4_JaffaCakes118

  • Size

    28.9MB

  • Sample

    240616-eg2qbsselq

  • MD5

    b19f7883944e49e190236c9d4f9071d4

  • SHA1

    a31178062b1fe694d1877c2ebc94578517fc256b

  • SHA256

    b8d35d17c25d51156399f3a39b07ca3d1f0b2aa3535788ab6d21693b82814396

  • SHA512

    9f0be4ed38d6d34393c84bc6db60baaf7473dd9639b4fe42bac93855b53ed1f60868eef3cebdfe92f68598ee41ab7115e6d8d2835bed3735835c3037707a499a

  • SSDEEP

    786432:Unl+B5RPnAZqVs86PxBMH7av2v1fI1Q3x+hHsC7AMD:UY5RPnVgPxB6av2vxI1UEhHsCFD

Malware Config

Targets

    • Target

      b19f7883944e49e190236c9d4f9071d4_JaffaCakes118

    • Size

      28.9MB

    • MD5

      b19f7883944e49e190236c9d4f9071d4

    • SHA1

      a31178062b1fe694d1877c2ebc94578517fc256b

    • SHA256

      b8d35d17c25d51156399f3a39b07ca3d1f0b2aa3535788ab6d21693b82814396

    • SHA512

      9f0be4ed38d6d34393c84bc6db60baaf7473dd9639b4fe42bac93855b53ed1f60868eef3cebdfe92f68598ee41ab7115e6d8d2835bed3735835c3037707a499a

    • SSDEEP

      786432:Unl+B5RPnAZqVs86PxBMH7av2v1fI1Q3x+hHsC7AMD:UY5RPnVgPxB6av2vxI1UEhHsCFD

    Score
    1/10
    • Target

      rtk_app.apk

    • Size

      2.0MB

    • MD5

      e8940b2330477cdf8531f5a112f9ac13

    • SHA1

      4260129523ef4795d0127ceaf4708ab7505cfd14

    • SHA256

      818ddda8ce0047af0e936b44f538d8c781f8f9fb0667ddbc9439249ce04189d6

    • SHA512

      058262a504d5198703d5883d07380368a968150fdc39156b7ef6539f98a9c85d66a75deda20f266fee7844640f7fc94edf21840e20894ef495d8bedc2e10fdd4

    • SSDEEP

      24576:61r0JN42Q+j4EsmOoVAOdzBKdXVlczfk7XFT4r0VbMXlp2b0uz90mclt5v5V4:5L/jslO4XVlvXcGb0+0HlzvM

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Acquires the wake lock

    • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

    • Queries information about active data network

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Reads information about phone network operator.

MITRE ATT&CK Mobile v15

Tasks