General

  • Target

    bd4f7874862e4892806735aa7d63c0e7_JaffaCakes118

  • Size

    8.2MB

  • Sample

    240619-t7g6yatemf

  • MD5

    bd4f7874862e4892806735aa7d63c0e7

  • SHA1

    96acb0a3ef1b8c41b824f3e50564aa5a23fbb983

  • SHA256

    bfe080465364983c29e8cf407bdcb9416bd6634bcffa809d031767dcd8c3a6a9

  • SHA512

    e3035b2524016c6d9e373254c87a909947c5f2bbbc0e40519f68239adb4ee828f4444c3ce1774b0554a86108c743fed64c7e4954ea18d574f476c589de7c2380

  • SSDEEP

    196608:GEYYfCNmPsGhrE0PpkaFFGyf96Jsy6ydCbWjK8:gmvvpkGHf4Jsy6ywY

Malware Config

Targets

    • Target

      bd4f7874862e4892806735aa7d63c0e7_JaffaCakes118

    • Size

      8.2MB

    • MD5

      bd4f7874862e4892806735aa7d63c0e7

    • SHA1

      96acb0a3ef1b8c41b824f3e50564aa5a23fbb983

    • SHA256

      bfe080465364983c29e8cf407bdcb9416bd6634bcffa809d031767dcd8c3a6a9

    • SHA512

      e3035b2524016c6d9e373254c87a909947c5f2bbbc0e40519f68239adb4ee828f4444c3ce1774b0554a86108c743fed64c7e4954ea18d574f476c589de7c2380

    • SSDEEP

      196608:GEYYfCNmPsGhrE0PpkaFFGyf96Jsy6ydCbWjK8:gmvvpkGHf4Jsy6ywY

    • Obtains sensitive information copied to the device clipboard

      Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Acquires the wake lock

    • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

    • Queries information about active data network

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Queries the mobile country code (MCC)

    • Reads information about phone network operator.

MITRE ATT&CK Mobile v15

Tasks