Overview

overview

8

Static

static

6

cfc8f82fc2...18.apk

android-9-x86

8

cfc8f82fc2...18.apk

android-13-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    cfc8f82fc224bf7098bc6eb9470cf105_JaffaCakes118

  • Size

    9.1MB

  • Sample

    240906-r5zxvssgle

  • MD5

    cfc8f82fc224bf7098bc6eb9470cf105

  • SHA1

    2c800f72d2595c69d28dbe2f78cb449681161ee9

  • SHA256

    b5d12962c8519f2aae18709ad0e13a13070d3a296667f48cd2a72ceea3e99131

  • SHA512

    c585f5643af9b9c7a3195da6eb046517a77043e09a9cf568408ca43cfec4f31c6478c2704f7f0e03b0efed75933a6e47977555d9aa6c637defdce78c99b33e59

  • SSDEEP

    196608:7F0vQxpCdg6Yv5m5ev85CHFAYQCm31gyDyXXtMkGejX:7FDrCs5m5evYCHFkFtIXtlGA

Score
8/10
androidcollectiondiscoveryevasionexecutionimpactpersistence

Malware Config

Targets

    • Target

      cfc8f82fc224bf7098bc6eb9470cf105_JaffaCakes118

    • Size

      9.1MB

    • MD5

      cfc8f82fc224bf7098bc6eb9470cf105

    • SHA1

      2c800f72d2595c69d28dbe2f78cb449681161ee9

    • SHA256

      b5d12962c8519f2aae18709ad0e13a13070d3a296667f48cd2a72ceea3e99131

    • SHA512

      c585f5643af9b9c7a3195da6eb046517a77043e09a9cf568408ca43cfec4f31c6478c2704f7f0e03b0efed75933a6e47977555d9aa6c637defdce78c99b33e59

    • SSDEEP

      196608:7F0vQxpCdg6Yv5m5ev85CHFAYQCm31gyDyXXtMkGejX:7FDrCs5m5evYCHFkFtIXtlGA

    Score
    8/10
    collectiondiscoveryevasionexecutionimpactpersistence

    • Checks if the Android device is rooted.

      evasion

    • Checks known Qemu files.

      Checks for known Qemu files that exist on Android virtual device images.

      evasion

    • Checks known Qemu pipes.

      Checks for known pipes used by the Android emulator to communicate with the host.

      evasion

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

      discovery

    • Queries the phone number (MSISDN for GSM devices)

      discovery

    • Requests cell location

      Uses Android APIs to to get current cell location.

      collectiondiscoveryevasion

    • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

      evasionpersistence

    • Queries information about active data network

      discovery

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

      discovery

    • Queries the mobile country code (MCC)

      discovery

    • Reads information about phone network operator.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Mobile v15

Tasks