General

  • Target

    b847292440b28d8c9484fd771b919aff_JaffaCakes118

  • Size

    24.9MB

  • Sample

    240617-m6w55sxhjg

  • MD5

    b847292440b28d8c9484fd771b919aff

  • SHA1

    f2dbd33bff02f1fe76e98653d6952fcba27d2267

  • SHA256

    8294be60c43a8a13a17f33653035c1511979d89735f4b50eb2b5fbe8c7a4a7e5

  • SHA512

    f1f81da6189f4924f3a03314d52345096eede15ba1f4888aed98b4f447abcc0ac3c8d56af8962876b68f044d9f3985a039f8b2997a8d8ffc21cb9a58ee6dec03

  • SSDEEP

    786432:MOMcC9WRYAH6tJFPZv8yR0/6UpGYR7x/NvfB7yRNdz:BC97LFPR0CUp/RFZfB7q

Malware Config

Targets

    • Target

      b847292440b28d8c9484fd771b919aff_JaffaCakes118

    • Size

      24.9MB

    • MD5

      b847292440b28d8c9484fd771b919aff

    • SHA1

      f2dbd33bff02f1fe76e98653d6952fcba27d2267

    • SHA256

      8294be60c43a8a13a17f33653035c1511979d89735f4b50eb2b5fbe8c7a4a7e5

    • SHA512

      f1f81da6189f4924f3a03314d52345096eede15ba1f4888aed98b4f447abcc0ac3c8d56af8962876b68f044d9f3985a039f8b2997a8d8ffc21cb9a58ee6dec03

    • SSDEEP

      786432:MOMcC9WRYAH6tJFPZv8yR0/6UpGYR7x/NvfB7yRNdz:BC97LFPR0CUp/RFZfB7q

    • Checks if the Android device is rooted.

    • Checks known Qemu files.

      Checks for known Qemu files that exist on Android virtual device images.

    • Checks known Qemu pipes.

      Checks for known pipes used by the Android emulator to communicate with the host.

    • Obtains sensitive information copied to the device clipboard

      Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

    • Queries information about the current nearby Wi-Fi networks

      Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

    • Queries the phone number (MSISDN for GSM devices)

    • Requests cell location

      Uses Android APIs to to get current cell information.

    • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

    • Queries information about active data network

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Queries the unique device ID (IMEI, MEID, IMSI)

    • Reads information about phone network operator.

MITRE ATT&CK Mobile v15

Tasks