General

  • Target

    5249a2f95a8c71ccc9ebb240d4ee9be8_JaffaCakes118

  • Size

    3.5MB

  • Sample

    241017-q8cq3atcpm

  • MD5

    5249a2f95a8c71ccc9ebb240d4ee9be8

  • SHA1

    b94375e52ed0577f3cbdfec13aa01590d73c5f67

  • SHA256

    7487720d131e66166b5e6d22849b3cd7597d61fc02c43f71fc05de82b9f817d8

  • SHA512

    2b80a94895dc557361eafb928c81a5f3b7d8717a05ebbbdbaa2b749d346084186e0dbbc640812144b73fee4a003008d28ee757178c5867152ed379b85b86d002

  • SSDEEP

    98304:W2rm9A+3XJaSNH6HtGKprsVQcKZk8VIVsb/mSQ:Wem93XJaSNHItGK2VQcULb/NQ

Malware Config

Targets

    • Target

      5249a2f95a8c71ccc9ebb240d4ee9be8_JaffaCakes118

    • Size

      3.5MB

    • MD5

      5249a2f95a8c71ccc9ebb240d4ee9be8

    • SHA1

      b94375e52ed0577f3cbdfec13aa01590d73c5f67

    • SHA256

      7487720d131e66166b5e6d22849b3cd7597d61fc02c43f71fc05de82b9f817d8

    • SHA512

      2b80a94895dc557361eafb928c81a5f3b7d8717a05ebbbdbaa2b749d346084186e0dbbc640812144b73fee4a003008d28ee757178c5867152ed379b85b86d002

    • SSDEEP

      98304:W2rm9A+3XJaSNH6HtGKprsVQcKZk8VIVsb/mSQ:Wem93XJaSNHItGK2VQcULb/NQ

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

    • Acquires the wake lock

    • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

    • Queries information about active data network

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Queries the mobile country code (MCC)

    • Reads information about phone network operator.

MITRE ATT&CK Mobile v15

Tasks