General

  • Target

    487abd92a6412fc35a9518bd4c49f5d7_JaffaCakes118

  • Size

    14.1MB

  • Sample

    241015-se7qfsvepq

  • MD5

    487abd92a6412fc35a9518bd4c49f5d7

  • SHA1

    094d5889f17421b96bd4fc383fc5932a29ecb7b5

  • SHA256

    f995985d847a78ff1987d7c60786d5372cc8a107b2a9816c5843851e355eb300

  • SHA512

    ff9d4dca41fe0e409756d482949887a0c8f1593e83953248c3e3857ed1b7a91a7d5415ddfe58ba2e787627162c1140f5b6097751fab8780f0d9cfca7d65957ec

  • SSDEEP

    393216:wYS4HEep5BViqsS5vLwuUT0pvWPRtqOJePLkhI3:RSinpjgqvvLPr1WzNJejkhA

Malware Config

Targets

    • Target

      487abd92a6412fc35a9518bd4c49f5d7_JaffaCakes118

    • Size

      14.1MB

    • MD5

      487abd92a6412fc35a9518bd4c49f5d7

    • SHA1

      094d5889f17421b96bd4fc383fc5932a29ecb7b5

    • SHA256

      f995985d847a78ff1987d7c60786d5372cc8a107b2a9816c5843851e355eb300

    • SHA512

      ff9d4dca41fe0e409756d482949887a0c8f1593e83953248c3e3857ed1b7a91a7d5415ddfe58ba2e787627162c1140f5b6097751fab8780f0d9cfca7d65957ec

    • SSDEEP

      393216:wYS4HEep5BViqsS5vLwuUT0pvWPRtqOJePLkhI3:RSinpjgqvvLPr1WzNJejkhA

    • Checks if the Android device is rooted.

    • Removes its main activity from the application launcher

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

    • Queries the phone number (MSISDN for GSM devices)

    • Acquires the wake lock

    • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

    • Queries information about active data network

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Reads information about phone network operator.

    • Requests accessing notifications (often used to intercept notifications before users become aware).

    • Tries to add a device administrator.

    • Checks the presence of a debugger

MITRE ATT&CK Mobile v15

Tasks