General
-
Target
cf16ebf6c12c4000778e386b9ccae521_JaffaCakes118
-
Size
4.7MB
-
Sample
240906-j52gpawcqa
-
MD5
cf16ebf6c12c4000778e386b9ccae521
-
SHA1
0abbc5befcfe7c4a8939e5dbf5581b2529116a81
-
SHA256
b085f40400fee4e0a7d6e467cbab0ffe84da19c4d97d5a0bf61d9822e9e67dc6
-
SHA512
824130bd8a7ec6fcdf93d0d1a6fb41ed05171242c915adbe3fde8568e6f7f664139c672faaa8953724fac8553fe24011605890f699777622cd8dc6bc33b87573
-
SSDEEP
98304:sE9++Mh09/NM6pPlAqim6G0vjgVxozVXFHxhuSHeuQMemx0qwmAnzLqMuOnT3m:MjhkJ9fBbFVxopXHhuZPMzxymSqMJnLm
Malware Config
Targets
-
-
Target
cf16ebf6c12c4000778e386b9ccae521_JaffaCakes118
-
Size
4.7MB
-
MD5
cf16ebf6c12c4000778e386b9ccae521
-
SHA1
0abbc5befcfe7c4a8939e5dbf5581b2529116a81
-
SHA256
b085f40400fee4e0a7d6e467cbab0ffe84da19c4d97d5a0bf61d9822e9e67dc6
-
SHA512
824130bd8a7ec6fcdf93d0d1a6fb41ed05171242c915adbe3fde8568e6f7f664139c672faaa8953724fac8553fe24011605890f699777622cd8dc6bc33b87573
-
SSDEEP
98304:sE9++Mh09/NM6pPlAqim6G0vjgVxozVXFHxhuSHeuQMemx0qwmAnzLqMuOnT3m:MjhkJ9fBbFVxopXHhuZPMzxymSqMJnLm
Score7/10-
Obtains sensitive information copied to the device clipboard
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries information about active data network
-
Queries information about the current Wi-Fi connection
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries the mobile country code (MCC)
-
Listens for changes in the sensor environment (might be used to detect emulation)
-
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Defense Evasion
Foreground Persistence
1Hide Artifacts
1User Evasion
1Virtualization/Sandbox Evasion
2System Checks
2