General
-
Target
c174a2be1037a9b7e70f2b07fcf33bbb_JaffaCakes118
-
Size
15.7MB
-
Sample
240825-ynlr8ssale
-
MD5
c174a2be1037a9b7e70f2b07fcf33bbb
-
SHA1
0691f9c931cbfcb24747023c1d9a6ffe78501e6f
-
SHA256
bb79030372683fef827627d7a5950c686985067de503d7c89294e5290cc519da
-
SHA512
11be855df7123698c9d0cdfef8be0d661b455f53b0bb2d77aec131a41137aea15c81e9311f8471e77d452b9ec9f1f29403bd00ce4fd1ea642c707ec32a908e14
-
SSDEEP
393216:rdatUb9I0fizNVleUTwpuikwdsCkLkSi8nQ9XV:rdwU5IOENVfTwpu6d1ukSiTV
Malware Config
Targets
-
-
Target
c174a2be1037a9b7e70f2b07fcf33bbb_JaffaCakes118
-
Size
15.7MB
-
MD5
c174a2be1037a9b7e70f2b07fcf33bbb
-
SHA1
0691f9c931cbfcb24747023c1d9a6ffe78501e6f
-
SHA256
bb79030372683fef827627d7a5950c686985067de503d7c89294e5290cc519da
-
SHA512
11be855df7123698c9d0cdfef8be0d661b455f53b0bb2d77aec131a41137aea15c81e9311f8471e77d452b9ec9f1f29403bd00ce4fd1ea642c707ec32a908e14
-
SSDEEP
393216:rdatUb9I0fizNVleUTwpuikwdsCkLkSi8nQ9XV:rdwU5IOENVfTwpu6d1ukSiTV
Score8/10-
Checks if the Android device is rooted.
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
-
Queries information about running processes on the device
Application may abuse the framework's APIs to collect information about running processes on the device.
-
Queries information about the current nearby Wi-Fi networks
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
-
Queries the phone number (MSISDN for GSM devices)
-
Requests cell location
Uses Android APIs to to get current cell information.
-
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org
-
Queries information about active data network
-
Queries information about the current Wi-Fi connection
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries the mobile country code (MCC)
-
Queries the unique device ID (IMEI, MEID, IMSI)
-
-
-
Target
server.apk
-
Size
1.2MB
-
MD5
87d49130a4a503761ff1ba4615adbacb
-
SHA1
1742fbf0da6d6ee43e801a3247e2417e809b55c0
-
SHA256
318ce9e35ee0dbcfc28c553cc495d3b4980c51a0f176cde40631e3c6f5c7385f
-
SHA512
9dd1889f90857d43a8c44f7a327e516999adff080ec722238dcc83911aada3f8eaba61652ac3b048743d08465144e87cf84a14c8b06bf9aec7dfc6f191602f6a
-
SSDEEP
24576:DDw9jov9HnWHQZKpxN15JKcf9+xiCLQD/1t/DnPVxq8aoKiYn/kb:DDyy9HWwZKDN15JKc1+xiC0Dd5DPVxF9
Score7/10-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
-
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries information about active data network
-
Queries information about the current Wi-Fi connection
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
-
-
Target
plugin.apk
-
Size
14KB
-
MD5
df5120343ed3531d83aeb924382eaa04
-
SHA1
422c0dd0bdbeed562cee559d69c97f8a388ece43
-
SHA256
cddef6ef175bf86c17948529ca8bc441c7df742ac2e7987b1ddd85457038deaf
-
SHA512
e9e137eac31d54b7d9e9c3dcb247d51cd288a6489e771eb7513c77f768789f69a50e28ff6afda1d6609023baadab323ceec7ced0cb8a8ad5977976c81675cf2f
-
SSDEEP
384:keJnmk4UwDvDZB+wJTfrLaKVJmofrywxp7AjjL:/kEWZImLaKLzf1DsP
Score1/10 -
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Defense Evasion
Download New Code at Runtime
1Foreground Persistence
1Virtualization/Sandbox Evasion
2System Checks
2