General

  • Target

    50066ec70c0fceac4ce35db59af9fd3b_JaffaCakes118

  • Size

    11.0MB

  • Sample

    241017-bfemmaxblp

  • MD5

    50066ec70c0fceac4ce35db59af9fd3b

  • SHA1

    034831dd478f8fc07339625be29c52096361c5c8

  • SHA256

    5c2e5d7ea9655ce93316bdfa2825e1e800a5219ba23cec04fd590a4b115d1f36

  • SHA512

    e73a98c1d5e689f7dea88528242dfc6a312be4fe1d95e9e1f947d8f6ec9dcb58906e4f9d2e711e7ddd5364efa9a7e216ef8ef7d4aa1d6fbe02eda8e7b3c6307d

  • SSDEEP

    196608:Yc2gs4xXXG5EMnR9J8HEfOUJdhEr1TzZYxNpoAveNU1bO6Tx971mA5+6g7Qu:YmRxXXyn72UOrUpvveNU1i6Tx970T66

Malware Config

Targets

    • Target

      50066ec70c0fceac4ce35db59af9fd3b_JaffaCakes118

    • Size

      11.0MB

    • MD5

      50066ec70c0fceac4ce35db59af9fd3b

    • SHA1

      034831dd478f8fc07339625be29c52096361c5c8

    • SHA256

      5c2e5d7ea9655ce93316bdfa2825e1e800a5219ba23cec04fd590a4b115d1f36

    • SHA512

      e73a98c1d5e689f7dea88528242dfc6a312be4fe1d95e9e1f947d8f6ec9dcb58906e4f9d2e711e7ddd5364efa9a7e216ef8ef7d4aa1d6fbe02eda8e7b3c6307d

    • SSDEEP

      196608:Yc2gs4xXXG5EMnR9J8HEfOUJdhEr1TzZYxNpoAveNU1bO6Tx971mA5+6g7Qu:YmRxXXyn72UOrUpvveNU1i6Tx970T66

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

    • Queries information about the current nearby Wi-Fi networks

      Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

    • Queries the phone number (MSISDN for GSM devices)

    • Reads the contacts stored on the device.

    • Reads the content of SMS inbox messages.

    • Requests cell location

      Uses Android APIs to to get current cell location.

    • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

    • Queries information about active data network

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Reads information about phone network operator.

MITRE ATT&CK Mobile v15

Tasks