General

  • Target

    bbf66d1f64959360736dca3f3ef62d97_JaffaCakes118

  • Size

    19.2MB

  • Sample

    240618-psvq9sxhkl

  • MD5

    bbf66d1f64959360736dca3f3ef62d97

  • SHA1

    f1b1a535f93cfc51bd64c5d58e37d0c0602ad92e

  • SHA256

    33b719a8ac2c94254a90f60aed8517308a466906ea0144d2a61edd5c21873a23

  • SHA512

    918ef553949dbafce07ab7b5ed861ba3f2e3388fd956806a897807f70419c66b1d71ecc6987a03bef5b5be7bac583cd255dc5b96448d806e8745217766cddbbf

  • SSDEEP

    393216:ojjQ9Zy1joIBB1uHRiNkr8scj+r2tF9Ymud3j7gfPdgZ7iiTrx5f:ojjQW1oQ2PY9F96TcGZeiT1F

Malware Config

Targets

    • Target

      bbf66d1f64959360736dca3f3ef62d97_JaffaCakes118

    • Size

      19.2MB

    • MD5

      bbf66d1f64959360736dca3f3ef62d97

    • SHA1

      f1b1a535f93cfc51bd64c5d58e37d0c0602ad92e

    • SHA256

      33b719a8ac2c94254a90f60aed8517308a466906ea0144d2a61edd5c21873a23

    • SHA512

      918ef553949dbafce07ab7b5ed861ba3f2e3388fd956806a897807f70419c66b1d71ecc6987a03bef5b5be7bac583cd255dc5b96448d806e8745217766cddbbf

    • SSDEEP

      393216:ojjQ9Zy1joIBB1uHRiNkr8scj+r2tF9Ymud3j7gfPdgZ7iiTrx5f:ojjQW1oQ2PY9F96TcGZeiT1F

    • Checks if the Android device is rooted.

    • Checks Android system properties for emulator presence.

    • Checks Qemu related system properties.

      Checks for Android system properties related to Qemu for Emulator detection.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

    • Queries information about the current nearby Wi-Fi networks

      Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

    • Requests cell location

      Uses Android APIs to to get current cell location.

    • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

    • Queries information about active data network

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Queries the unique device ID (IMEI, MEID, IMSI)

    • Reads information about phone network operator.

    • Listens for changes in the sensor environment (might be used to detect emulation)

MITRE ATT&CK Mobile v15

Tasks