General

  • Target

    863b5d822c6390e8b6792cea54e8409e_JaffaCakes118

  • Size

    1.3MB

  • Sample

    241102-s53jesxqb1

  • MD5

    863b5d822c6390e8b6792cea54e8409e

  • SHA1

    b48d1847c3cea63b96f086037fd835c4b67ddc16

  • SHA256

    422bf6379d0212d2ba8241a9d92a8eaca4771c9a8571bf2d5ca6952b3727cb8b

  • SHA512

    a1bc0008c5fbc07584274657549da9e5edf870132c644b206739d866124754c100556c20552f05185e55c6519b0526e94211ec819b8f571e3a9372f0fcb8d127

  • SSDEEP

    24576:Z1j2s9BVJkc6QIgwHHcA7ln4vRpYIKw/NwfyXuISvThoYU2:PKs9B96QI58ceRpYIKy6fyXg7hoU

Malware Config

Targets

    • Target

      863b5d822c6390e8b6792cea54e8409e_JaffaCakes118

    • Size

      1.3MB

    • MD5

      863b5d822c6390e8b6792cea54e8409e

    • SHA1

      b48d1847c3cea63b96f086037fd835c4b67ddc16

    • SHA256

      422bf6379d0212d2ba8241a9d92a8eaca4771c9a8571bf2d5ca6952b3727cb8b

    • SHA512

      a1bc0008c5fbc07584274657549da9e5edf870132c644b206739d866124754c100556c20552f05185e55c6519b0526e94211ec819b8f571e3a9372f0fcb8d127

    • SSDEEP

      24576:Z1j2s9BVJkc6QIgwHHcA7ln4vRpYIKw/NwfyXuISvThoYU2:PKs9B96QI58ceRpYIKy6fyXg7hoU

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Requests cell location

      Uses Android APIs to to get current cell location.

    • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

    • Queries information about active data network

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Queries the mobile country code (MCC)

    • Reads information about phone network operator.

MITRE ATT&CK Mobile v15

Tasks