General

  • Target

    f7a01a72056b791898c75c6de13a15c6_JaffaCakes118

  • Size

    13.6MB

  • Sample

    240926-fqfd5aygpr

  • MD5

    f7a01a72056b791898c75c6de13a15c6

  • SHA1

    9d901ec639f2a83899e3b1f60acd149ccba02387

  • SHA256

    93ca4d53d68b38627ce7c629f189d500ebe5f43240ae9a4cd1b1c02c68990359

  • SHA512

    03074bc31e599b7220577036f099908ed31642bf3bd9497e7b72934499279f394dc57ef9b68d62b053d84d4a833812bf061812c29739692760cc4cee16a491b9

  • SSDEEP

    393216:OM/M1aZ85fVGEAA9SVSEArrHnexhdPWACDIurRo951bw:RMnhA0SZ0i1C8c22

Malware Config

Targets

    • Target

      f7a01a72056b791898c75c6de13a15c6_JaffaCakes118

    • Size

      13.6MB

    • MD5

      f7a01a72056b791898c75c6de13a15c6

    • SHA1

      9d901ec639f2a83899e3b1f60acd149ccba02387

    • SHA256

      93ca4d53d68b38627ce7c629f189d500ebe5f43240ae9a4cd1b1c02c68990359

    • SHA512

      03074bc31e599b7220577036f099908ed31642bf3bd9497e7b72934499279f394dc57ef9b68d62b053d84d4a833812bf061812c29739692760cc4cee16a491b9

    • SSDEEP

      393216:OM/M1aZ85fVGEAA9SVSEArrHnexhdPWACDIurRo951bw:RMnhA0SZ0i1C8c22

    • Checks if the Android device is rooted.

    • Removes its main activity from the application launcher

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Queries the phone number (MSISDN for GSM devices)

    • Acquires the wake lock

    • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

    • Queries information about active data network

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Reads information about phone network operator.

    • Requests accessing notifications (often used to intercept notifications before users become aware).

    • Tries to add a device administrator.

    • Checks the presence of a debugger

MITRE ATT&CK Mobile v15

Tasks