General

  • Target

    4b716cd1ce20fa61b8e38c71d8a781cc_JaffaCakes118

  • Size

    638KB

  • Sample

    241016-fbfrcatalh

  • MD5

    4b716cd1ce20fa61b8e38c71d8a781cc

  • SHA1

    53cbccb9946d815ac60452d504e32c5c3a7812ff

  • SHA256

    473fdaddeb52b5babb9f9a1a979c81235045e0500deb6760485e16f33f507c55

  • SHA512

    c22302a4542c31f5a164974efbc2ca245af98411d8be2b07ee8a42adfb0fe21f47bb436d7c3c174f19c2348ebdd6def1bdcc84c60c6f484c29e5bc9762f4dc21

  • SSDEEP

    12288:Z04GI+ToiBek1biPo1cH6U2EwBlgtEhhBCm5aZeFN9dIpsla:C4GIYlBepA1Y6UjwBXwZKqpL

Malware Config

Targets

    • Target

      4b716cd1ce20fa61b8e38c71d8a781cc_JaffaCakes118

    • Size

      638KB

    • MD5

      4b716cd1ce20fa61b8e38c71d8a781cc

    • SHA1

      53cbccb9946d815ac60452d504e32c5c3a7812ff

    • SHA256

      473fdaddeb52b5babb9f9a1a979c81235045e0500deb6760485e16f33f507c55

    • SHA512

      c22302a4542c31f5a164974efbc2ca245af98411d8be2b07ee8a42adfb0fe21f47bb436d7c3c174f19c2348ebdd6def1bdcc84c60c6f484c29e5bc9762f4dc21

    • SSDEEP

      12288:Z04GI+ToiBek1biPo1cH6U2EwBlgtEhhBCm5aZeFN9dIpsla:C4GIYlBepA1Y6UjwBXwZKqpL

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Obtains sensitive information copied to the device clipboard

      Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

    • Queries information about active data network

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Queries the mobile country code (MCC)

    • Queries the unique device ID (IMEI, MEID, IMSI)

    • Reads information about phone network operator.

MITRE ATT&CK Mobile v15

Tasks