General

  • Target

    ba2b69d1af6627ef3c035bf816b6743f_JaffaCakes118

  • Size

    15.0MB

  • Sample

    240617-3tjmaayhjh

  • MD5

    ba2b69d1af6627ef3c035bf816b6743f

  • SHA1

    3f46df96abe2f63529427f9201e086fa05ca7639

  • SHA256

    b283a7573149259deedd678e22cf5fe05a3012682de0d06d9362e168bfd0fd5b

  • SHA512

    780dc478df750c325cbe8f6c0d9f5e1c0681fc9a579f4e4dd9d99de7a0ac0dc41b292698d03a22e44b061c172d2768691a1d6534f1e2a7e4d0225e112b5bf811

  • SSDEEP

    393216:KYVQYosOG5PRJ4PuYN5QF33HRBUIO3AksAjNp8owFI:Z7oCkxNm33H75ObD8I

Malware Config

Targets

    • Target

      ba2b69d1af6627ef3c035bf816b6743f_JaffaCakes118

    • Size

      15.0MB

    • MD5

      ba2b69d1af6627ef3c035bf816b6743f

    • SHA1

      3f46df96abe2f63529427f9201e086fa05ca7639

    • SHA256

      b283a7573149259deedd678e22cf5fe05a3012682de0d06d9362e168bfd0fd5b

    • SHA512

      780dc478df750c325cbe8f6c0d9f5e1c0681fc9a579f4e4dd9d99de7a0ac0dc41b292698d03a22e44b061c172d2768691a1d6534f1e2a7e4d0225e112b5bf811

    • SSDEEP

      393216:KYVQYosOG5PRJ4PuYN5QF33HRBUIO3AksAjNp8owFI:Z7oCkxNm33H75ObD8I

    • Checks if the Android device is rooted.

    • Checks Android system properties for emulator presence.

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

    • Queries information about the current nearby Wi-Fi networks

      Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

    • Requests cell location

      Uses Android APIs to to get current cell information.

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

    • Queries information about active data network

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Queries the mobile country code (MCC)

    • Reads information about phone network operator.

    • Target

      aisdk_qtt.jar

    • Size

      459KB

    • MD5

      6ca2f499b5f3d357ad5dccbf6a94a1a5

    • SHA1

      df96d1d8b24065991a5c8a88586666156ae3c8e4

    • SHA256

      0fc72ca824284950f5f69014757feac50626f139440f88d492531ff4e03ea2cf

    • SHA512

      1be05ec408ed28559ef2345203b61888b94219d92a2c8eb12c939c140688a9211d34fd322752195c45ed8c6be200d78cda7fff36a4654fe054a28e401347497e

    • SSDEEP

      6144:6u+O0NAME6POXcDN5vNpcJM55mY/CDS6FNKhiaVqa5au21wtFIp0IS81dLYxTORX:6u+FAks8YJS5ADqVqaAu21w4p91iEF

    Score
    1/10
    • Target

      unpreverified.patch

    • Size

      1KB

    • MD5

      1b526370068cccc3106816f765e92582

    • SHA1

      ba39b4d43095379d51b678f9545d16e05a461c42

    • SHA256

      1c573224f0c70b31ada709c380a494fef5f605b18df7615ffa71f98d03ff4031

    • SHA512

      cabf88b012aee9ebac2a32fa1efda127723b8c4e38de76784ea4867c2ec47ed27afcb4990cd63fe3525c0f6119fa019da82a259a5fa546c8ed844fdf78b88260

    Score
    1/10

MITRE ATT&CK Mobile v15

Tasks