General

  • Target

    ba416ef892aef27ed0a855d4f460d613_JaffaCakes118

  • Size

    13.4MB

  • Sample

    240618-an4q2stgrj

  • MD5

    ba416ef892aef27ed0a855d4f460d613

  • SHA1

    de71cd5e664178b8001f59a2d00705dfdef6def5

  • SHA256

    2a0f4394d2f6576e942bd3c906e9260bf8a1c330d41a2b657a2cfa1d37beea5a

  • SHA512

    4ef7c1a6d8e10c86a05b1535179e6d21011f6cd1794abc64ea85f2f7bae3fcab032dd56021b917e8f06e2b1e581cd8d1571dab5349329aa6e3c4e65c9a5403a0

  • SSDEEP

    393216:9e3K7Ilpy8RhwAz38RVwAeyMkdUdb2lnTf:9yPDyq97qhQkIb2xr

Malware Config

Targets

    • Target

      ba416ef892aef27ed0a855d4f460d613_JaffaCakes118

    • Size

      13.4MB

    • MD5

      ba416ef892aef27ed0a855d4f460d613

    • SHA1

      de71cd5e664178b8001f59a2d00705dfdef6def5

    • SHA256

      2a0f4394d2f6576e942bd3c906e9260bf8a1c330d41a2b657a2cfa1d37beea5a

    • SHA512

      4ef7c1a6d8e10c86a05b1535179e6d21011f6cd1794abc64ea85f2f7bae3fcab032dd56021b917e8f06e2b1e581cd8d1571dab5349329aa6e3c4e65c9a5403a0

    • SSDEEP

      393216:9e3K7Ilpy8RhwAz38RVwAeyMkdUdb2lnTf:9yPDyq97qhQkIb2xr

    • Checks if the Android device is rooted.

    • Checks Android system properties for emulator presence.

    • Checks Qemu related system properties.

      Checks for Android system properties related to Qemu for Emulator detection.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

    • Queries information about the current nearby Wi-Fi networks

      Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

    • Requests cell location

      Uses Android APIs to to get current cell location.

    • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

    • Queries information about active data network

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Queries the unique device ID (IMEI, MEID, IMSI)

    • Listens for changes in the sensor environment (might be used to detect emulation)

    • Target

      gdtadv2.jar

    • Size

      241KB

    • MD5

      b95166c2f63e536b6fc4b5b811444dec

    • SHA1

      45fc74323bb2e66f4c2a493b65b70e0de2aeb77c

    • SHA256

      2f92b98f55c7d4417dff3fc2af9245c66aad3ab8be65177954ed7a4f13bae20d

    • SHA512

      65eb813d39270d83e6d43956ec139f04779dbea58e517da1727a0f4fad9de32bb4cd49bed1dc1fec31b95a95b1c653c22b327aa38cba1645330c9d256d94c087

    • SSDEEP

      6144:KRKhU/uUwjTCpnUjgWkiCBliWLvghUhSj4qj80Gq7JqBGK:KoUmUgenUjwBl1jgVjJ57IBl

    Score
    1/10

MITRE ATT&CK Mobile v15

Tasks