General

  • Target

    426c9a2216f78554a99f299b88b6c04b_JaffaCakes118

  • Size

    1.7MB

  • Sample

    241014-p1649swdlc

  • MD5

    426c9a2216f78554a99f299b88b6c04b

  • SHA1

    ae5ea9b24204bdde0bcd97c383701fd3c4b81ca1

  • SHA256

    ed014f3df39f26afe4da28e19972018c815a81d31ce9d823d951704d1c8a6d1c

  • SHA512

    cbca9ce968e80ab19219f370dc1f700d5b1d1e40eb1a054d00622154d708dac5d7a66474702c690314fd6bae87950e2e8ba9c195d092d9b2e0f80882d871dd76

  • SSDEEP

    49152:dtwJWx0acqr23cqY/Xa0xvHLdDjOgGFhoxK:dtwJ7acvMA8nO3

Malware Config

Targets

    • Target

      426c9a2216f78554a99f299b88b6c04b_JaffaCakes118

    • Size

      1.7MB

    • MD5

      426c9a2216f78554a99f299b88b6c04b

    • SHA1

      ae5ea9b24204bdde0bcd97c383701fd3c4b81ca1

    • SHA256

      ed014f3df39f26afe4da28e19972018c815a81d31ce9d823d951704d1c8a6d1c

    • SHA512

      cbca9ce968e80ab19219f370dc1f700d5b1d1e40eb1a054d00622154d708dac5d7a66474702c690314fd6bae87950e2e8ba9c195d092d9b2e0f80882d871dd76

    • SSDEEP

      49152:dtwJWx0acqr23cqY/Xa0xvHLdDjOgGFhoxK:dtwJ7acvMA8nO3

    • Checks if the Android device is rooted.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Obtains sensitive information copied to the device clipboard

      Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Queries the phone number (MSISDN for GSM devices)

    • Reads the content of SMS inbox messages.

    • Requests cell location

      Uses Android APIs to to get current cell location.

    • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

    • Queries information about active data network

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Queries the mobile country code (MCC)

    • Queries the unique device ID (IMEI, MEID, IMSI)

    • Reads information about phone network operator.

MITRE ATT&CK Mobile v15

Tasks