General

  • Target

    85cd09e9ec18a57642b688d48b693c59_JaffaCakes118

  • Size

    2.7MB

  • Sample

    241102-q9xsmaypep

  • MD5

    85cd09e9ec18a57642b688d48b693c59

  • SHA1

    a7ba8280e6a87098a457af857e97d279cfeb8027

  • SHA256

    8b38756b8c60c1b40553a8169f412eab623d936898a842b1f1f7dd9f657dbf4b

  • SHA512

    f4c2654a8fb740543774f28ba384da06ed9a6411a7e29758f5b5f70ac9fd29b6cd8277f9aa61b311bef05506259285ea4de65bfd91703692848d4449aa579be0

  • SSDEEP

    49152:4Bf12sNt1QUKxE1Iuv8wsB8cUWsOr0LnIkW54+XiYklUUBC8kuo9sWfzyqOLTj61:i8Q1Q81Iuv8wsOc9sOr0LnIn5pXiZ9zg

Malware Config

Targets

    • Target

      85cd09e9ec18a57642b688d48b693c59_JaffaCakes118

    • Size

      2.7MB

    • MD5

      85cd09e9ec18a57642b688d48b693c59

    • SHA1

      a7ba8280e6a87098a457af857e97d279cfeb8027

    • SHA256

      8b38756b8c60c1b40553a8169f412eab623d936898a842b1f1f7dd9f657dbf4b

    • SHA512

      f4c2654a8fb740543774f28ba384da06ed9a6411a7e29758f5b5f70ac9fd29b6cd8277f9aa61b311bef05506259285ea4de65bfd91703692848d4449aa579be0

    • SSDEEP

      49152:4Bf12sNt1QUKxE1Iuv8wsB8cUWsOr0LnIkW54+XiYklUUBC8kuo9sWfzyqOLTj61:i8Q1Q81Iuv8wsOc9sOr0LnIn5pXiZ9zg

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

    • Queries information about active data network

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Queries the mobile country code (MCC)

    • Reads information about phone network operator.

    • Target

      alipay_plugin_20130621msp.apk

    • Size

      354KB

    • MD5

      7b3353b143078dbafd37485f8136728e

    • SHA1

      f2d312754bb2c4854849381997561d09a90b4fb9

    • SHA256

      e86f24838e0aa5527adf3d129652bf70b67990989bf7e8c8d61c3356231ce1ac

    • SHA512

      0f326957abeebaed130da1f6ec7a53de5dd9671d6ae7d975f2b6172af4c323df81efd0f6d4b8a1e4197d5dd35d4419c658f1c936a404bbf9d7e73ee71a5e06f8

    • SSDEEP

      6144:Iv8DL7okgHi/BBs3dWcfihtB7+Y3Ju4g2Tf5C8EcPK+WvyQcy2fny43:Iv67gC/BBsNWfh3VcG5CLE8Rcy2fny43

    • Requests cell location

      Uses Android APIs to to get current cell location.

    • Queries information about active data network

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

MITRE ATT&CK Mobile v15

Tasks