General

  • Target

    5206349eb404d2354beeff09e62e7490_JaffaCakes118

  • Size

    1.2MB

  • Sample

    241017-pfvkqsxajd

  • MD5

    5206349eb404d2354beeff09e62e7490

  • SHA1

    06cc6f9c9a209cafca7b9a23b98e4313244694f9

  • SHA256

    85337950be8c219d72af0798f0ef27430606398131f28454149a8d06732d6d82

  • SHA512

    d3c2c9312be0343837d8e1998b3481b20cc42fce6b062760589f67f09e152df27c6ce7f8e2746fe9f17691cea89d3b1f2944f8a3402ffcd6167b04ba1de25925

  • SSDEEP

    24576:4XUkwar9ymhCgd5nbfDlnBFJd3sSZk4K+aXQcM6V:YU129ymhCKbDllJssI+avMi

Malware Config

Targets

    • Target

      5206349eb404d2354beeff09e62e7490_JaffaCakes118

    • Size

      1.2MB

    • MD5

      5206349eb404d2354beeff09e62e7490

    • SHA1

      06cc6f9c9a209cafca7b9a23b98e4313244694f9

    • SHA256

      85337950be8c219d72af0798f0ef27430606398131f28454149a8d06732d6d82

    • SHA512

      d3c2c9312be0343837d8e1998b3481b20cc42fce6b062760589f67f09e152df27c6ce7f8e2746fe9f17691cea89d3b1f2944f8a3402ffcd6167b04ba1de25925

    • SSDEEP

      24576:4XUkwar9ymhCgd5nbfDlnBFJd3sSZk4K+aXQcM6V:YU129ymhCKbDllJssI+avMi

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Queries the phone number (MSISDN for GSM devices)

    • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

    • Queries information about active data network

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Queries the mobile country code (MCC)

    • Reads information about phone network operator.

MITRE ATT&CK Mobile v15

Tasks