General
-
Target
2f1ec688c3d0d6f195e261590fb66516_JaffaCakes118
-
Size
9.5MB
-
Sample
241009-l1d7ps1gng
-
MD5
2f1ec688c3d0d6f195e261590fb66516
-
SHA1
ac58e944a4433269d865699aa317a06daad218e6
-
SHA256
c1b1ec73d9fc187d34967f73212d335642819b45c637df0bc8620d701601deb4
-
SHA512
661476de1bed14dc06f86fcafe0308b31827b974d1d76aa61f332478f398f176ac324cff7ea9042f5943d8a50936b4fdb8dcba0315838e613a15201fa28b5592
-
SSDEEP
196608:kkN7sV+AeV9/PYXm3uWNM69niVkzFhtGpSzcfMzvbGJ6bmhOOR4279+/2q:kA7sV+5jmm+49vdG+rCtPRr9sf
Malware Config
Targets
-
-
Target
2f1ec688c3d0d6f195e261590fb66516_JaffaCakes118
-
Size
9.5MB
-
MD5
2f1ec688c3d0d6f195e261590fb66516
-
SHA1
ac58e944a4433269d865699aa317a06daad218e6
-
SHA256
c1b1ec73d9fc187d34967f73212d335642819b45c637df0bc8620d701601deb4
-
SHA512
661476de1bed14dc06f86fcafe0308b31827b974d1d76aa61f332478f398f176ac324cff7ea9042f5943d8a50936b4fdb8dcba0315838e613a15201fa28b5592
-
SSDEEP
196608:kkN7sV+AeV9/PYXm3uWNM69niVkzFhtGpSzcfMzvbGJ6bmhOOR4279+/2q:kA7sV+5jmm+49vdG+rCtPRr9sf
Score7/10-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
-
Queries information about running processes on the device
Application may abuse the framework's APIs to collect information about running processes on the device.
-
Queries the phone number (MSISDN for GSM devices)
-
Reads the content of the calendar entry data.
-
Requests cell location
Uses Android APIs to to get current cell location.
-
Acquires the wake lock
-
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org
-
Queries information about active data network
-
Queries information about the current Wi-Fi connection
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries the unique device ID (IMEI, MEID, IMSI)
-
Reads information about phone network operator.
-
MITRE ATT&CK Mobile v15
Defense Evasion
Execution Guardrails
1Geofencing
1Virtualization/Sandbox Evasion
1System Checks
1