General

  • Target

    4fb6927b3601ac7a98ec2cceaa115474_JaffaCakes118

  • Size

    17.1MB

  • Sample

    241016-3xwq1stenl

  • MD5

    4fb6927b3601ac7a98ec2cceaa115474

  • SHA1

    398f29ee0bd5e96e9e618c73c25a72ab01075172

  • SHA256

    d58b783d002062d8ec9b32e3ff089060f0aeb5038efcf6127417271660244fc1

  • SHA512

    d86975828a245de4ca4ad54ad5c8215816a3315c1e70c4f1dcc37a39d776e3994eb87c4a3446299c7ef2933176f52c930a472f1a217fbfd857ae28b705a5827d

  • SSDEEP

    196608:aMAUyIsdATjO8eBjxpfwdk8pi04Y0O8eEO8epu0ENY8go7Kds2A/C0iMKbInAbB2:C9dWjO3Iji04Y0OiOIYlgn/CNlT1Hhbo

Malware Config

Targets

    • Target

      4fb6927b3601ac7a98ec2cceaa115474_JaffaCakes118

    • Size

      17.1MB

    • MD5

      4fb6927b3601ac7a98ec2cceaa115474

    • SHA1

      398f29ee0bd5e96e9e618c73c25a72ab01075172

    • SHA256

      d58b783d002062d8ec9b32e3ff089060f0aeb5038efcf6127417271660244fc1

    • SHA512

      d86975828a245de4ca4ad54ad5c8215816a3315c1e70c4f1dcc37a39d776e3994eb87c4a3446299c7ef2933176f52c930a472f1a217fbfd857ae28b705a5827d

    • SSDEEP

      196608:aMAUyIsdATjO8eBjxpfwdk8pi04Y0O8eEO8epu0ENY8go7Kds2A/C0iMKbInAbB2:C9dWjO3Iji04Y0OiOIYlgn/CNlT1Hhbo

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

    • Queries information about the current nearby Wi-Fi networks

      Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

    • Requests cell location

      Uses Android APIs to to get current cell information.

    • Requests cell location

      Uses Android APIs to to get current cell location.

    • Acquires the wake lock

    • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

    • Queries information about active data network

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Reads information about phone network operator.

MITRE ATT&CK Mobile v15

Tasks