General

  • Target

    4b355c6f124e5f6454109c2d58d21ae3_JaffaCakes118

  • Size

    1.3MB

  • Sample

    241016-dyre9avaql

  • MD5

    4b355c6f124e5f6454109c2d58d21ae3

  • SHA1

    cfcbf10f2f8169ec0092ef005108abab401d2555

  • SHA256

    c6ee0d569566c76f6b7e11c615e51a5056e07ae618eb930b82923738614fc5ba

  • SHA512

    9efe79db5075173cad4fab61bfabc28f91682eeaa1cdc2611d89d9753eaeb78e838f53b1d4344b683fa9bf5d7190a16938c18e2f91904629dfd88904516007ff

  • SSDEEP

    24576:eWQXoL0otaYtXMRCnEOn8wB7PvQ4jTo+j0jT+lq/13tdHbZKm51Ob83z:eSQ7Yt6CnEQfB7PvQ4j/YjT+lq/1XHNF

Malware Config

Targets

    • Target

      4b355c6f124e5f6454109c2d58d21ae3_JaffaCakes118

    • Size

      1.3MB

    • MD5

      4b355c6f124e5f6454109c2d58d21ae3

    • SHA1

      cfcbf10f2f8169ec0092ef005108abab401d2555

    • SHA256

      c6ee0d569566c76f6b7e11c615e51a5056e07ae618eb930b82923738614fc5ba

    • SHA512

      9efe79db5075173cad4fab61bfabc28f91682eeaa1cdc2611d89d9753eaeb78e838f53b1d4344b683fa9bf5d7190a16938c18e2f91904629dfd88904516007ff

    • SSDEEP

      24576:eWQXoL0otaYtXMRCnEOn8wB7PvQ4jTo+j0jT+lq/13tdHbZKm51Ob83z:eSQ7Yt6CnEQfB7PvQ4j/YjT+lq/1XHNF

    • Removes its main activity from the application launcher

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Queries account information for other applications stored on the device

      Application may abuse the framework's APIs to collect account information stored on the device.

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

    • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

    • Queries information about active data network

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Queries the unique device ID (IMEI, MEID, IMSI)

    • Reads information about phone network operator.

MITRE ATT&CK Mobile v15

Tasks