General
-
Target
5957c78abd7485b2b3483f605eb23d2c_JaffaCakes118
-
Size
35.1MB
-
Sample
241018-zqhc9sxglh
-
MD5
5957c78abd7485b2b3483f605eb23d2c
-
SHA1
eebe7a449e799dbfde9500083ea2beeae666333d
-
SHA256
5800ca90420adccd6ed2dcd4d50a055f7c1a40b680e859d8bb9eea2eb25edcc6
-
SHA512
8006444a71cc653ce71167f4f4dae7691036c22612d976bc88bb077b06ab8b86bf36a8416f07b14aae8500259726c917a9c64bf645238c43980bbafb1eecffdb
-
SSDEEP
786432:NO4faVkJb7rbYh3vlJb+0IT+7l0gTEJqvTgGX6fZrTDI/wq:EqaQ73Yh/jiT+HTZvT5CZDU
Static task
static1
Behavioral task
behavioral1
Sample
5957c78abd7485b2b3483f605eb23d2c_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
5957c78abd7485b2b3483f605eb23d2c_JaffaCakes118.apk
Resource
android-33-x64-arm64-20240624-en
Behavioral task
behavioral3
Sample
plugin_monkey.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral4
Sample
plugin_monkey.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral5
Sample
plugin_reader.apk
Resource
android-x86-arm-20240624-en
Malware Config
Targets
-
-
Target
5957c78abd7485b2b3483f605eb23d2c_JaffaCakes118
-
Size
35.1MB
-
MD5
5957c78abd7485b2b3483f605eb23d2c
-
SHA1
eebe7a449e799dbfde9500083ea2beeae666333d
-
SHA256
5800ca90420adccd6ed2dcd4d50a055f7c1a40b680e859d8bb9eea2eb25edcc6
-
SHA512
8006444a71cc653ce71167f4f4dae7691036c22612d976bc88bb077b06ab8b86bf36a8416f07b14aae8500259726c917a9c64bf645238c43980bbafb1eecffdb
-
SSDEEP
786432:NO4faVkJb7rbYh3vlJb+0IT+7l0gTEJqvTgGX6fZrTDI/wq:EqaQ73Yh/jiT+HTZvT5CZDU
Score7/10-
Queries information about running processes on the device
Application may abuse the framework's APIs to collect information about running processes on the device.
-
Queries the phone number (MSISDN for GSM devices)
-
Acquires the wake lock
-
Queries information about active data network
-
Queries information about the current Wi-Fi connection
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Reads information about phone network operator.
-
-
-
Target
plugin_monkey.apk
-
Size
3.5MB
-
MD5
8fa450e803af078dbac6c5105d907bbe
-
SHA1
a52cc6e01bcfc4f739798c207b6ba129efc96128
-
SHA256
568603e4a1fbcf8c3965cf67953a823017705cf05c9aba9943006986db394e5f
-
SHA512
e982e0fe8134b9c13894817c164d2d7609061099d255c2aab2336dda048608640fd32fdb8a39b8736352787fa6f94bc1bb72bf9cfb4d97311e99872ce7f3c4c2
-
SSDEEP
98304:UMZfXIy4WaA9dgaubuYbVtWmmUhsWmmUhZL:U4fYynZYvWmmrWmmSL
Score7/10-
Queries information about running processes on the device
Application may abuse the framework's APIs to collect information about running processes on the device.
-
Queries the phone number (MSISDN for GSM devices)
-
Queries information about active data network
-
Queries information about the current Wi-Fi connection
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries the unique device ID (IMEI, MEID, IMSI)
-
Listens for changes in the sensor environment (might be used to detect emulation)
-
-
-
Target
plugin_reader.apk
-
Size
13.4MB
-
MD5
e8b7908059ec0307faa6ab3c5ec1ba16
-
SHA1
65c197c1265c4df63deed038cf508dc21abb7dc3
-
SHA256
023a1f9e225e05ea1103b0015e763ebddd0663b6ea1f4d5c30bf5bedaad31daf
-
SHA512
9151b777fd9d070683051875e603b31a45f38e41efa889520f58fced1f3d49ededf2d6a63355c4621ea730af116dbd0d68b9b76be325651509bd333bfa0cf407
-
SSDEEP
393216:Mu39R/lZH51/TNR1uhVhvlJSIKneZYqtM5Qt9IT4Tx7UoUyC1g6o8:MkJb7rbYh3vlJb+0IT+7l0gT8
Score7/10-
Queries information about running processes on the device
Application may abuse the framework's APIs to collect information about running processes on the device.
-
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org
-
Queries information about active data network
-
Queries information about the current Wi-Fi connection
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Reads information about phone network operator.
-
MITRE ATT&CK Mobile v15
Defense Evasion
Hide Artifacts
1User Evasion
1Virtualization/Sandbox Evasion
1System Checks
1