General

  • Target

    b8a865ed2a6bcbe0edc5fb02701b2eb8_JaffaCakes118

  • Size

    637KB

  • Sample

    240617-pt7gfs1cmd

  • MD5

    b8a865ed2a6bcbe0edc5fb02701b2eb8

  • SHA1

    f2b3895038ba8746a2adff40bb455df252df6aea

  • SHA256

    50e079b51d035e383473bba56db1d25236be67efe6497ff23fdfa1e04d9efe6b

  • SHA512

    04a17ca50b3a6c0c7d96a9e5bbbe9972fde11976c1ca5c4a34e9ddb01708bafb8c6cc07f500b3ecca443d48e65363a5d16eb502845c6d70c027955ed18379d7c

  • SSDEEP

    12288:TF4L4oQI8Y0FotaKIUtrbM+D954vqaHoCoxKI2AKYnIRIB0gXa46iyeFxGMr+94K:FoL0otaYtXMEWHHMkI2on/B0gXa46iTk

Malware Config

Targets

    • Target

      b8a865ed2a6bcbe0edc5fb02701b2eb8_JaffaCakes118

    • Size

      637KB

    • MD5

      b8a865ed2a6bcbe0edc5fb02701b2eb8

    • SHA1

      f2b3895038ba8746a2adff40bb455df252df6aea

    • SHA256

      50e079b51d035e383473bba56db1d25236be67efe6497ff23fdfa1e04d9efe6b

    • SHA512

      04a17ca50b3a6c0c7d96a9e5bbbe9972fde11976c1ca5c4a34e9ddb01708bafb8c6cc07f500b3ecca443d48e65363a5d16eb502845c6d70c027955ed18379d7c

    • SSDEEP

      12288:TF4L4oQI8Y0FotaKIUtrbM+D954vqaHoCoxKI2AKYnIRIB0gXa46iyeFxGMr+94K:FoL0otaYtXMEWHHMkI2on/B0gXa46iTk

    • Removes its main activity from the application launcher

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Queries account information for other applications stored on the device

      Application may abuse the framework's APIs to collect account information stored on the device.

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

    • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

    • Queries information about active data network

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Queries the unique device ID (IMEI, MEID, IMSI)

    • Reads information about phone network operator.

MITRE ATT&CK Matrix

Tasks