General

  • Target

    8284038143d69e500966475211ad8cf6_JaffaCakes118

  • Size

    627KB

  • Sample

    241031-krs4tsvhjl

  • MD5

    8284038143d69e500966475211ad8cf6

  • SHA1

    df72995d2994cec9489c38d26fb1fd05026c0d0a

  • SHA256

    d9a10d7eb56dcc13240c368a6f6f2f44d9e13f339b026dbfc3cb8dcfb114d601

  • SHA512

    1d29fede2ede3137a20ae64766349193f36f0e12c8405eb68f0b6def9530c5b6ce3602ef39b9373fc067901e9f0e0eccc65753a1e31caeeb5a57ee77bbbccb0c

  • SSDEEP

    12288:LO4GI+ToiBeu1biPo1cH6sNcligqEhhBCm5aZeFN97eLxC6:C4GIYlBe3A1Y6sNcl5wZKXc

Malware Config

Targets

    • Target

      8284038143d69e500966475211ad8cf6_JaffaCakes118

    • Size

      627KB

    • MD5

      8284038143d69e500966475211ad8cf6

    • SHA1

      df72995d2994cec9489c38d26fb1fd05026c0d0a

    • SHA256

      d9a10d7eb56dcc13240c368a6f6f2f44d9e13f339b026dbfc3cb8dcfb114d601

    • SHA512

      1d29fede2ede3137a20ae64766349193f36f0e12c8405eb68f0b6def9530c5b6ce3602ef39b9373fc067901e9f0e0eccc65753a1e31caeeb5a57ee77bbbccb0c

    • SSDEEP

      12288:LO4GI+ToiBeu1biPo1cH6sNcligqEhhBCm5aZeFN97eLxC6:C4GIYlBe3A1Y6sNcl5wZKXc

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Obtains sensitive information copied to the device clipboard

      Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

    • Queries information about active data network

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Queries the mobile country code (MCC)

MITRE ATT&CK Mobile v15

Tasks