General

  • Target

    539e774bbb7a51996f23ab142f6957a9_JaffaCakes118

  • Size

    1.8MB

  • Sample

    241017-zetl6ayalr

  • MD5

    539e774bbb7a51996f23ab142f6957a9

  • SHA1

    d825f5ab72260bcbcf6765d250fb92226674c0f5

  • SHA256

    164356ec734c198324a43ea8ef7599cf36a998af58414ec3ea345a06f31deb6a

  • SHA512

    3dfc7f962bebd7828faec309cab24d98e8faa7cef3053dacc047c12ffffa1153328ff468a9709d5fa17f99f1eaaf59f8a977074909dfdc263180ac8a67946dbd

  • SSDEEP

    49152:ea/z4rZf7T9BALFSBfynKppzZpkoTOoPOYwQ8iCnt:eab4ptBfHpz/keFPOYwQ8iUt

Malware Config

Targets

    • Target

      539e774bbb7a51996f23ab142f6957a9_JaffaCakes118

    • Size

      1.8MB

    • MD5

      539e774bbb7a51996f23ab142f6957a9

    • SHA1

      d825f5ab72260bcbcf6765d250fb92226674c0f5

    • SHA256

      164356ec734c198324a43ea8ef7599cf36a998af58414ec3ea345a06f31deb6a

    • SHA512

      3dfc7f962bebd7828faec309cab24d98e8faa7cef3053dacc047c12ffffa1153328ff468a9709d5fa17f99f1eaaf59f8a977074909dfdc263180ac8a67946dbd

    • SSDEEP

      49152:ea/z4rZf7T9BALFSBfynKppzZpkoTOoPOYwQ8iCnt:eab4ptBfHpz/keFPOYwQ8iUt

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Queries the phone number (MSISDN for GSM devices)

    • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

    • Queries information about active data network

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Reads information about phone network operator.

MITRE ATT&CK Mobile v15

Tasks