0b97eaefe63c123592cbb263d05dd02c48503b7d75c74a772d6d9a47487a616d

Sharing

Copy URL Twitter E-mail

General

Target

ac0a75c7b47c3c68d29327cde1777a8f_JaffaCakes118
Size

9.2MB
Sample

240819-wrr3basdkp
MD5

ac0a75c7b47c3c68d29327cde1777a8f
SHA1

40bb0c972c6a2e176c68e02c204b760055b7339f
SHA256

0b97eaefe63c123592cbb263d05dd02c48503b7d75c74a772d6d9a47487a616d
SHA512

afb70429066d2b9c7e03e5025959824ed8f779b65600a94753c2d7c5dd06f6a881336aed2e86b69bf61d82344875aed4a55843f1957163ce7fa5171a28270dd1
SSDEEP

196608:4X0lOZPUj5hzcM/WKWPOd6O0aLpiF5tjaNmiLo3pn6EdLDV02ubH:4klOij5hQM/HiOO5tXHpn62/V020

Score

8^/10

Malware Config

Targets

- Target
  
  ac0a75c7b47c3c68d29327cde1777a8f_JaffaCakes118
- Size
  
  9.2MB
- MD5
  
  ac0a75c7b47c3c68d29327cde1777a8f
- SHA1
  
  40bb0c972c6a2e176c68e02c204b760055b7339f
- SHA256
  
  0b97eaefe63c123592cbb263d05dd02c48503b7d75c74a772d6d9a47487a616d
- SHA512
  
  afb70429066d2b9c7e03e5025959824ed8f779b65600a94753c2d7c5dd06f6a881336aed2e86b69bf61d82344875aed4a55843f1957163ce7fa5171a28270dd1
- SSDEEP
  
  196608:4X0lOZPUj5hzcM/WKWPOd6O0aLpiF5tjaNmiLo3pn6EdLDV02ubH:4klOij5hQM/HiOO5tXHpn62/V020
Score

8^/10

discovery evasion impact persistence
- Checks if the Android device is rooted.
  evasion
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Queries information about running processes on the device
  Application may abuse the framework's APIs to collect information about running processes on the device.
  discovery
- Domain associated with commercial stalkerware software, includes indicators from echap.eu.org
- Queries information about active data network
  discovery
- Queries information about the current Wi-Fi connection
  Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
  discovery
- Listens for changes in the sensor environment (might be used to detect emulation)
  evasion
behavioral1
- Target
  
  CommonPlugin-2.5.apk
- Size
  
  623KB
- MD5
  
  a932425aaf93132605954ad6a28afb64
- SHA1
  
  33b2fcf79a5d5726a6760d0d3fe519934574d8fa
- SHA256
  
  1e9da4c59de751b28983c548ec51b722202c5c11ae717fec3d4bebca28b1a2e2
- SHA512
  
  6fde7a0fe5acdb23e6768d200f8b8707774095f53a31d1bda560e60b5a32603d1c602a4d1f61687b10758e18e21c31191fffc4aff64886bfd360b799d370a44e
- SSDEEP
  
  12288:KV4sx+pXGMmF5Hln3e/pd1FuU9uG0jYURhLAlOApBBO6qzYmqp5sdHo1:K9IXmF5H561FUY0uQAp7O6KxGsK1
Score

1^/10
behavioral2 behavioral3 behavioral4
- Target
  
  FrameworkPlugin-2.3.apk
- Size
  
  17KB
- MD5
  
  6393ef1ee424db0d146ff45727831591
- SHA1
  
  a68443910e562178c5802b433291089a7f46fa7a
- SHA256
  
  6e133bfcbc45d0514d56896daf4ceca3464d77f9b0449e03aaf624a5351d072c
- SHA512
  
  f5e4d339e1ef91e579134dcb96ea985de011030b9accc9603c23fb058975b2911db60caede7f0e79bdea03780b20e5bdea99549803ac60b2ae0283769e0847e2
- SSDEEP
  
  384:wd3UpbSRFJ43AQ6SLV3joXYffg3zNQruDdsCvG+vjzu:FOFJ43PLtUXyfkzSrws6rvjy
Score

1^/10
behavioral5 behavioral6 behavioral7
- Target
  
  LoopImagePlugin-1.0.apk
- Size
  
  34KB
- MD5
  
  0ba1d82b586ef93ca8d11a52ac555bdf
- SHA1
  
  9636cfd503ce4c7c6fe802dd232c448c374ac7db
- SHA256
  
  62d9617b04f70a4806b8e4b789baa43fe63d692bac0f4850b1f614bfaebb76b8
- SHA512
  
  9f260f998d5f10b590d997aceab807b2cf61914c37fee541b166933772b0e797ab4bebc8ea1a67fed052a977c33162e7601ed233a4906a3902fc655ba3f12692
- SSDEEP
  
  768:ccgm5zrXFWLKxe7X+Fu9z7ujZ1URR5pHRaz/Q7SzzR9Kv:czm5zbgLKxe7wuUyRII7SzzT8
Score

1^/10
behavioral10 behavioral8 behavioral9
- Target
  
  WelcomePlugin-1.3.apk
- Size
  
  30KB
- MD5
  
  7b7032a62eb25aa912e696da4b4b1243
- SHA1
  
  44e953b019cc38cb4c64362c92876185b1fdb92b
- SHA256
  
  5ab0da96696fa49aa40d65a84a3515a5f0a9b6892ffa3e0e87f08b7d8a622b6b
- SHA512
  
  151eb2a9d3a4a52edad5d5f5312a8cc7569641d2825b17d51e3efd7f9fa96e04680b7ba677241b61a0ce5269179144829d171915bcb266cb5411c3451075af04
- SSDEEP
  
  768:vHTrXFWLKxe7X+Fu9It/em8vRun1Y5rN03KZvVIkW:vzbgLKxe7wuVvRu1Yl3yZ
Score

1^/10
behavioral11 behavioral12 behavioral13

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Hide Artifacts

T1628

User Evasion

T1628.002

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Tasks

Sharing

General

Malware Config

Targets

Checks if the Android device is rooted.

Loads dropped Dex/Jar

Queries information about running processes on the device

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Queries information about active data network

Queries information about the current Wi-Fi connection

Listens for changes in the sensor environment (might be used to detect emulation)

MITRE ATT&CK Mobile v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13