General

  • Target

    5957c78abd7485b2b3483f605eb23d2c_JaffaCakes118

  • Size

    35.1MB

  • Sample

    241018-zqhc9sxglh

  • MD5

    5957c78abd7485b2b3483f605eb23d2c

  • SHA1

    eebe7a449e799dbfde9500083ea2beeae666333d

  • SHA256

    5800ca90420adccd6ed2dcd4d50a055f7c1a40b680e859d8bb9eea2eb25edcc6

  • SHA512

    8006444a71cc653ce71167f4f4dae7691036c22612d976bc88bb077b06ab8b86bf36a8416f07b14aae8500259726c917a9c64bf645238c43980bbafb1eecffdb

  • SSDEEP

    786432:NO4faVkJb7rbYh3vlJb+0IT+7l0gTEJqvTgGX6fZrTDI/wq:EqaQ73Yh/jiT+HTZvT5CZDU

Malware Config

Targets

    • Target

      5957c78abd7485b2b3483f605eb23d2c_JaffaCakes118

    • Size

      35.1MB

    • MD5

      5957c78abd7485b2b3483f605eb23d2c

    • SHA1

      eebe7a449e799dbfde9500083ea2beeae666333d

    • SHA256

      5800ca90420adccd6ed2dcd4d50a055f7c1a40b680e859d8bb9eea2eb25edcc6

    • SHA512

      8006444a71cc653ce71167f4f4dae7691036c22612d976bc88bb077b06ab8b86bf36a8416f07b14aae8500259726c917a9c64bf645238c43980bbafb1eecffdb

    • SSDEEP

      786432:NO4faVkJb7rbYh3vlJb+0IT+7l0gTEJqvTgGX6fZrTDI/wq:EqaQ73Yh/jiT+HTZvT5CZDU

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

    • Queries the phone number (MSISDN for GSM devices)

    • Acquires the wake lock

    • Queries information about active data network

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Reads information about phone network operator.

    • Target

      plugin_monkey.apk

    • Size

      3.5MB

    • MD5

      8fa450e803af078dbac6c5105d907bbe

    • SHA1

      a52cc6e01bcfc4f739798c207b6ba129efc96128

    • SHA256

      568603e4a1fbcf8c3965cf67953a823017705cf05c9aba9943006986db394e5f

    • SHA512

      e982e0fe8134b9c13894817c164d2d7609061099d255c2aab2336dda048608640fd32fdb8a39b8736352787fa6f94bc1bb72bf9cfb4d97311e99872ce7f3c4c2

    • SSDEEP

      98304:UMZfXIy4WaA9dgaubuYbVtWmmUhsWmmUhZL:U4fYynZYvWmmrWmmSL

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

    • Queries the phone number (MSISDN for GSM devices)

    • Queries information about active data network

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Queries the unique device ID (IMEI, MEID, IMSI)

    • Listens for changes in the sensor environment (might be used to detect emulation)

    • Target

      plugin_reader.apk

    • Size

      13.4MB

    • MD5

      e8b7908059ec0307faa6ab3c5ec1ba16

    • SHA1

      65c197c1265c4df63deed038cf508dc21abb7dc3

    • SHA256

      023a1f9e225e05ea1103b0015e763ebddd0663b6ea1f4d5c30bf5bedaad31daf

    • SHA512

      9151b777fd9d070683051875e603b31a45f38e41efa889520f58fced1f3d49ededf2d6a63355c4621ea730af116dbd0d68b9b76be325651509bd333bfa0cf407

    • SSDEEP

      393216:Mu39R/lZH51/TNR1uhVhvlJSIKneZYqtM5Qt9IT4Tx7UoUyC1g6o8:MkJb7rbYh3vlJb+0IT+7l0gT8

    Score
    7/10
    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

    • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

    • Queries information about active data network

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Reads information about phone network operator.

MITRE ATT&CK Mobile v15

Tasks