Overview

overview

7

Static

static

6

0fa27f264e...18.apk

android-9-x86

7

0fa27f264e...18.apk

android-13-x64

7

K.apk

android-9-x86

6

K.apk

android-10-x64

6

K.apk

android-11-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    0fa27f264e98386b19e14978896fe46b_JaffaCakes118

  • Size

    2.7MB

  • Sample

    241003-t15cwsydng

  • MD5

    0fa27f264e98386b19e14978896fe46b

  • SHA1

    0dc8a232d74c99231b83d3bd7b884e1e8ca69017

  • SHA256

    c7c653214480136303f1bbb443e0025d64332cc98da8441ecbe66c1092cb508f

  • SHA512

    ec2e74a1d05b8e0ee9d7698d660cb22d82557ab0ff7f580917f5ab336f2f87f5699d17d73e2be64c8c640dcf0e0bc11675b661e97bd0c7e45479ebd63e3de38d

  • SSDEEP

    49152:t+4/O6eukqtyTZXuUrzLTXfFKdQUEAyTcn0LEdlXinLnGAW8hnR9USEAyEIPbCin:g4/eNvfvfFKdQMYEd5beN6bCot

Score
7/10
androidcollectioncredential_accessdiscoveryevasionimpactpersistenceprivilege_escalation

Malware Config

Targets

    • Target

      0fa27f264e98386b19e14978896fe46b_JaffaCakes118

    • Size

      2.7MB

    • MD5

      0fa27f264e98386b19e14978896fe46b

    • SHA1

      0dc8a232d74c99231b83d3bd7b884e1e8ca69017

    • SHA256

      c7c653214480136303f1bbb443e0025d64332cc98da8441ecbe66c1092cb508f

    • SHA512

      ec2e74a1d05b8e0ee9d7698d660cb22d82557ab0ff7f580917f5ab336f2f87f5699d17d73e2be64c8c640dcf0e0bc11675b661e97bd0c7e45479ebd63e3de38d

    • SSDEEP

      49152:t+4/O6eukqtyTZXuUrzLTXfFKdQUEAyTcn0LEdlXinLnGAW8hnR9USEAyEIPbCin:g4/eNvfvfFKdQMYEd5beN6bCot

    Score
    7/10
    collectiondiscoveryevasionpersistencecredential_accessimpact

    • Obtains sensitive information copied to the device clipboard

      Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

      collectioncredential_accessimpact

    • Queries the phone number (MSISDN for GSM devices)

      discovery

    • Reads the content of SMS inbox messages.

      collection

    • Requests cell location

      Uses Android APIs to to get current cell location.

      collectiondiscoveryevasion

    • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

    • Queries information about active data network

      discovery

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

      discovery

    • Queries the mobile country code (MCC)

      discovery

    • Reads information about phone network operator.

      discovery
    behavioral1behavioral2

    • Target

      K.dat

    • Size

      493KB

    • MD5

      381a083eaf11c8342beb5d48b3660447

    • SHA1

      2acf9c110024d83db4205c9f1564e9c87091e3ee

    • SHA256

      6d9975697134dff58301f2c4b47cde4f0cf19ee9c034dc7b37b1f4fad587996b

    • SHA512

      3c012784b06b9ec5a57b4941bd07d501735fedb93c2cb04d3780246b12cdc45efd9247c990a521ec65223fac5830c7a5fd22c4d03a0ca3b6f1a8d6697e5f4c34

    • SSDEEP

      12288:kixvZg4X/HO+0YC8zJx4+iy2uVw7q5nQhWtIKdX:Lv+4/O6fiy2ukqywt

    Score
    6/10
    discoveryimpactpersistenceprivilege_escalation
    behavioral3behavioral4behavioral5

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

1
T1624

Broadcast Receivers

1
T1624.001

Privilege Escalation

Abuse Elevation Control Mechanism

1
T1626

Device Administrator Permissions

1
T1626.001

Defense Evasion

Execution Guardrails

1
T1627

Geofencing

1
T1627.001

Virtualization/Sandbox Evasion

2
T1633

System Checks

2
T1633.001

Credential Access

Clipboard Data

1
T1414

Discovery

Location Tracking

1
T1430

System Information Discovery

2
T1426

System Network Configuration Discovery

4
T1422

System Network Connections Discovery

2
T1421

Lateral Movement

Collection

Clipboard Data

1
T1414

Location Tracking

1
T1430

Protected User Data

1
T1636

SMS Messages

1
T1636.004

Command and Control

Exfiltration

Impact

Account Access Removal

1
T1640

Data Encrypted for Impact

1
T1471

Data Manipulation

1
T1641

Transmitted Data Manipulation

1
T1641.001

Tasks