General
-
Target
fd3967e48875232f15a7ee1fcb00bb3c_JaffaCakes118
-
Size
30.7MB
-
Sample
240928-1v7dmaxhjl
-
MD5
fd3967e48875232f15a7ee1fcb00bb3c
-
SHA1
2e174830aa4a1422e127d32bc7acdb33ec13ca80
-
SHA256
f88c5b042800387a576bf4e409cdd3a1c2856f95653f6a527fdc4b64d9562154
-
SHA512
451d6b0ad7c02578560cddf460e520770e285f8d80be6beef905508cbfe609401853bbba28fabd9a7853cbb7bae4c2103c84a1d43cd7739224d64d7d6aa6370e
-
SSDEEP
786432:YGNz2EU7wze+w3M6KpkqtfyRCMpEBaXhEu2bjaczoRx9vkmS3pU:YSdvsKpkqdyRtpEEhEfje9vkZpU
Malware Config
Targets
-
-
Target
fd3967e48875232f15a7ee1fcb00bb3c_JaffaCakes118
-
Size
30.7MB
-
MD5
fd3967e48875232f15a7ee1fcb00bb3c
-
SHA1
2e174830aa4a1422e127d32bc7acdb33ec13ca80
-
SHA256
f88c5b042800387a576bf4e409cdd3a1c2856f95653f6a527fdc4b64d9562154
-
SHA512
451d6b0ad7c02578560cddf460e520770e285f8d80be6beef905508cbfe609401853bbba28fabd9a7853cbb7bae4c2103c84a1d43cd7739224d64d7d6aa6370e
-
SSDEEP
786432:YGNz2EU7wze+w3M6KpkqtfyRCMpEBaXhEu2bjaczoRx9vkmS3pU:YSdvsKpkqdyRtpEEhEfje9vkZpU
Score7/10-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org
-
Queries information about active data network
-
Queries information about the current Wi-Fi connection
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
-
-
Target
ccplaymerket.apk
-
Size
4.8MB
-
MD5
1c36c043536a78ce8751f85e47b30e46
-
SHA1
48f50de5a315ef85b5d08530dce857c59cb82633
-
SHA256
12ed220844272ad227251986b5de2a75146a70c21d8d2827402f2b7c77a30e57
-
SHA512
27584d5c44c66a9e4710cc4b01d279772203685ac130a47b5a6681cd86c85a8811b659fe47287a73bc16c04365d0e2149db59ab6005595fbc59e3b26a250103d
-
SSDEEP
98304:PVONhlsYaJE6AtyBl2bPgkZO9FY2YBNakTShyvLbV6+9kMro0xB2Sfjr5+ZQNshn:Shlfn3t+BsHvXGMB24jtgXhhuQ
Score7/10-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
-
Queries information about running processes on the device
Application may abuse the framework's APIs to collect information about running processes on the device.
-
Requests cell location
Uses Android APIs to to get current cell location.
-
Queries information about active data network
-
Queries information about the current Wi-Fi connection
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Reads information about phone network operator.
-
Listens for changes in the sensor environment (might be used to detect emulation)
-
-
-
Target
ltayx.mn.ltplugin_v2000.pl
-
Size
101KB
-
MD5
4e0b4e0c5f77e8eac335f7b2d996372b
-
SHA1
6ebacba1a06d056a5ad61e6b5901e727b7fd26b4
-
SHA256
1326553724cf0690c188ed8c5e858f5af25e5b4f48c0f029bad82310659fa80f
-
SHA512
3c3c0d546318bf489d92c3bfc4fc2bf38ee86dcb5ce2b20d6417033c1a69cd0fdd4c3b08bd5a5901f92aec2ea619b7cdc412421945bb24356eb9df4cfecce4ba
-
SSDEEP
1536:joW8LBLVEmm3LfUHZaKGV6fCA4+prcuUwCA6zTF+DXrYDB/BKEVBdE8ntTNVNpJU:4Fmb4anV66A4fS8BoXr68EVQ8nxNnq3
Score1/10 -
-
-
Target
unicom_resource.dat
-
Size
64KB
-
MD5
92196937fb04bc1bee22e106ea4cf28f
-
SHA1
0c68a181eb63f1a6690e60dfd837b91eb17151a5
-
SHA256
4fcfe4f8c3e7cc3c4320e2a6a3dd3c20f47324f53243e93dd85ad95e387d92cf
-
SHA512
6cda00e6ebe4f6ade964ccab4db83c8363f2def0acd2dd744e1b0048cb5f32185fdfe75aa70d0df38ce1ce52d3d731848eece6f5626f826f891172433fdc8bd4
-
SSDEEP
1536:aWDADrANWprK16KtyiRFtm8clagB/dcfziAWmk2CN:a13ANkxsFto4c/HT
Score1/10 -
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Execution Guardrails
1Geofencing
1Hide Artifacts
1User Evasion
1Input Injection
1Discovery
Location Tracking
1Process Discovery
1Software Discovery
1Security Software Discovery
1System Network Configuration Discovery
1System Network Connections Discovery
2