General

  • Target

    b7d53dc481e135fc1462152073496353_JaffaCakes118

  • Size

    19.9MB

  • Sample

    240617-k6nsnatgmf

  • MD5

    b7d53dc481e135fc1462152073496353

  • SHA1

    c0cfe5a5616b042fd0c5a8f533922a42a772e907

  • SHA256

    68bc5d532c2234e67d9612fd6b193bfd4c93774623080b438b5db46b3e5d5975

  • SHA512

    149468df7c443e54cc836c51996062347cbb15e1a097379bcd94ebba42e5815f7175ce058cb9fad28036f86c2b78ee8ea0a800825c8c14aff29daf1addd69dec

  • SSDEEP

    393216:+ywH3k2A/X3rlrTemu/Krw3geqIk9bcKPucU2A2/fqUBiXatAmqChI3jy3:VanULt1brwC9bD4BlUBiXat/hJ3

Malware Config

Targets

    • Target

      b7d53dc481e135fc1462152073496353_JaffaCakes118

    • Size

      19.9MB

    • MD5

      b7d53dc481e135fc1462152073496353

    • SHA1

      c0cfe5a5616b042fd0c5a8f533922a42a772e907

    • SHA256

      68bc5d532c2234e67d9612fd6b193bfd4c93774623080b438b5db46b3e5d5975

    • SHA512

      149468df7c443e54cc836c51996062347cbb15e1a097379bcd94ebba42e5815f7175ce058cb9fad28036f86c2b78ee8ea0a800825c8c14aff29daf1addd69dec

    • SSDEEP

      393216:+ywH3k2A/X3rlrTemu/Krw3geqIk9bcKPucU2A2/fqUBiXatAmqChI3jy3:VanULt1brwC9bD4BlUBiXat/hJ3

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Obtains sensitive information copied to the device clipboard

      Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Queries information about the current nearby Wi-Fi networks

      Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

    • Queries the phone number (MSISDN for GSM devices)

    • Requests cell location

      Uses Android APIs to to get current cell location.

    • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

    • Queries information about active data network

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Queries the mobile country code (MCC)

    • Queries the unique device ID (IMEI, MEID, IMSI)

    • Reads information about phone network operator.

MITRE ATT&CK Mobile v15

Tasks