General
-
Target
487abd92a6412fc35a9518bd4c49f5d7_JaffaCakes118
-
Size
14.1MB
-
Sample
241015-se7qfsvepq
-
MD5
487abd92a6412fc35a9518bd4c49f5d7
-
SHA1
094d5889f17421b96bd4fc383fc5932a29ecb7b5
-
SHA256
f995985d847a78ff1987d7c60786d5372cc8a107b2a9816c5843851e355eb300
-
SHA512
ff9d4dca41fe0e409756d482949887a0c8f1593e83953248c3e3857ed1b7a91a7d5415ddfe58ba2e787627162c1140f5b6097751fab8780f0d9cfca7d65957ec
-
SSDEEP
393216:wYS4HEep5BViqsS5vLwuUT0pvWPRtqOJePLkhI3:RSinpjgqvvLPr1WzNJejkhA
Behavioral task
behavioral1
Sample
487abd92a6412fc35a9518bd4c49f5d7_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
487abd92a6412fc35a9518bd4c49f5d7_JaffaCakes118.apk
Resource
android-x64-arm64-20240624-en
Malware Config
Targets
-
-
Target
487abd92a6412fc35a9518bd4c49f5d7_JaffaCakes118
-
Size
14.1MB
-
MD5
487abd92a6412fc35a9518bd4c49f5d7
-
SHA1
094d5889f17421b96bd4fc383fc5932a29ecb7b5
-
SHA256
f995985d847a78ff1987d7c60786d5372cc8a107b2a9816c5843851e355eb300
-
SHA512
ff9d4dca41fe0e409756d482949887a0c8f1593e83953248c3e3857ed1b7a91a7d5415ddfe58ba2e787627162c1140f5b6097751fab8780f0d9cfca7d65957ec
-
SSDEEP
393216:wYS4HEep5BViqsS5vLwuUT0pvWPRtqOJePLkhI3:RSinpjgqvvLPr1WzNJejkhA
-
Checks if the Android device is rooted.
-
Queries information about running processes on the device
Application may abuse the framework's APIs to collect information about running processes on the device.
-
Queries the phone number (MSISDN for GSM devices)
-
Acquires the wake lock
-
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries information about active data network
-
Queries information about the current Wi-Fi connection
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Reads information about phone network operator.
-
Requests accessing notifications (often used to intercept notifications before users become aware).
-
Tries to add a device administrator.
-
Checks the presence of a debugger
-
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Privilege Escalation
Abuse Elevation Control Mechanism
1Device Administrator Permissions
1Defense Evasion
Foreground Persistence
1Hide Artifacts
1Suppress Application Icon
1Virtualization/Sandbox Evasion
1System Checks
1