General

  • Target

    88ab128505f0973a81e819817ada115d_JaffaCakes118

  • Size

    28.9MB

  • Sample

    241103-apq7cayqaz

  • MD5

    88ab128505f0973a81e819817ada115d

  • SHA1

    032e109b13a8220d33448c8ab6ab86f550153008

  • SHA256

    3991f66d3be74eb1224989d23ded59249df338100f1c6329f9a7eb0f10eeb925

  • SHA512

    c08df9a8541daacd32e607e3dad19c2318fa11c3d39c7de284f171a7c9ca3a1017549dc38a0e9ab8fbb58bc21d7692bd2c3fb54a55487e5a92fe0424cdd804d5

  • SSDEEP

    393216:NTaOwoe1tNh1QN8CwS3Vmstm2TscXm9qsZYlSJBSF0p8EFp5h0lfwuj3:NTwz7rQtjTV8qGKCd0lfPj3

Malware Config

Targets

    • Target

      88ab128505f0973a81e819817ada115d_JaffaCakes118

    • Size

      28.9MB

    • MD5

      88ab128505f0973a81e819817ada115d

    • SHA1

      032e109b13a8220d33448c8ab6ab86f550153008

    • SHA256

      3991f66d3be74eb1224989d23ded59249df338100f1c6329f9a7eb0f10eeb925

    • SHA512

      c08df9a8541daacd32e607e3dad19c2318fa11c3d39c7de284f171a7c9ca3a1017549dc38a0e9ab8fbb58bc21d7692bd2c3fb54a55487e5a92fe0424cdd804d5

    • SSDEEP

      393216:NTaOwoe1tNh1QN8CwS3Vmstm2TscXm9qsZYlSJBSF0p8EFp5h0lfwuj3:NTwz7rQtjTV8qGKCd0lfPj3

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

    • Queries information about the current nearby Wi-Fi networks

      Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

    • Requests cell location

      Uses Android APIs to to get current cell information.

    • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

    • Queries information about active data network

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Reads information about phone network operator.

    • Requests dangerous framework permissions

    • Listens for changes in the sensor environment (might be used to detect emulation)

MITRE ATT&CK Mobile v15

Tasks