General

  • Target

    c1eb2047e113d1eba656423b4a41e3aa_JaffaCakes118

  • Size

    1.3MB

  • Sample

    240826-awnd2awejq

  • MD5

    c1eb2047e113d1eba656423b4a41e3aa

  • SHA1

    6b771cf200c9d96c317a4a1dfba6edd09a9f9069

  • SHA256

    b74c754cb7142891972c08e126d8cb989f89118b456b3fe8103ed55b8eefe79b

  • SHA512

    602d9ec1594dbe53d5c8846f6f544e436d8271a885746396852ba74da74e650d494c6b50caa6325ffd23334d06cf851ea1c703fb451987e85a69fcac82b08b8a

  • SSDEEP

    24576:woL0otaYtXMLew2sepAvb6vsm0ZGpUvbRjzo+70jzeNq/13tdHbZKm51Ob83R:/Q7Yt4FeGv0sKUvbRjfgjzeNq/1XHNKE

Malware Config

Targets

    • Target

      c1eb2047e113d1eba656423b4a41e3aa_JaffaCakes118

    • Size

      1.3MB

    • MD5

      c1eb2047e113d1eba656423b4a41e3aa

    • SHA1

      6b771cf200c9d96c317a4a1dfba6edd09a9f9069

    • SHA256

      b74c754cb7142891972c08e126d8cb989f89118b456b3fe8103ed55b8eefe79b

    • SHA512

      602d9ec1594dbe53d5c8846f6f544e436d8271a885746396852ba74da74e650d494c6b50caa6325ffd23334d06cf851ea1c703fb451987e85a69fcac82b08b8a

    • SSDEEP

      24576:woL0otaYtXMLew2sepAvb6vsm0ZGpUvbRjzo+70jzeNq/13tdHbZKm51Ob83R:/Q7Yt4FeGv0sKUvbRjfgjzeNq/1XHNKE

    • Removes its main activity from the application launcher

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Queries account information for other applications stored on the device

      Application may abuse the framework's APIs to collect account information stored on the device.

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

    • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

    • Queries information about active data network

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Queries the unique device ID (IMEI, MEID, IMSI)

    • Reads information about phone network operator.

MITRE ATT&CK Mobile v15

Tasks