General
-
Target
d018df43bd54a51ed4c8fd72f9d7c6b2_JaffaCakes118
-
Size
1.6MB
-
Sample
240906-v8trsszarq
-
MD5
d018df43bd54a51ed4c8fd72f9d7c6b2
-
SHA1
9152738bdf83aa68fa6491c72eb5b32bb18065ac
-
SHA256
b5f6dfadfa563923da87e5228f9f76929e479d8ef9f9baae8706d30717a3a54c
-
SHA512
561137cf149b32221e3dfc5e1616a1d8c28ba873760f8a360d8c5ef653191d2caa50600950b656369fe912cb5c5c495f602b2708605eee3328fadedbca5d102e
-
SSDEEP
49152:9kVdYOsZUcYUv6P+VAZwmCsmlOAXyhs1IWCAAvsJ:npNv6WKZygAXyha1J
Malware Config
Targets
-
-
Target
d018df43bd54a51ed4c8fd72f9d7c6b2_JaffaCakes118
-
Size
1.6MB
-
MD5
d018df43bd54a51ed4c8fd72f9d7c6b2
-
SHA1
9152738bdf83aa68fa6491c72eb5b32bb18065ac
-
SHA256
b5f6dfadfa563923da87e5228f9f76929e479d8ef9f9baae8706d30717a3a54c
-
SHA512
561137cf149b32221e3dfc5e1616a1d8c28ba873760f8a360d8c5ef653191d2caa50600950b656369fe912cb5c5c495f602b2708605eee3328fadedbca5d102e
-
SSDEEP
49152:9kVdYOsZUcYUv6P+VAZwmCsmlOAXyhs1IWCAAvsJ:npNv6WKZygAXyha1J
Score7/10-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
-
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Queries information about active data network
-
Reads information about phone network operator.
-
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Scheduled Task/Job
1