General

  • Target

    891afd4d2a9a4ad05999fac7a2fbdb70_JaffaCakes118

  • Size

    1.3MB

  • Sample

    241103-ch92zssblj

  • MD5

    891afd4d2a9a4ad05999fac7a2fbdb70

  • SHA1

    75d3c4543016557ce86f607370251b0a6acefa72

  • SHA256

    8f158f63346c64b37df519177aac8f1576a0f56922d84a47b346cc3800dadf57

  • SHA512

    8d5fb979cbc5ed4a0f4a7e22808b003b35c6e13f9817f498169a02b0d26aba9ef6f5d73a540c10672db7d3efe31fa65748885dff40ef9fda66c7f0f614b7afc0

  • SSDEEP

    24576:JyE6LYr+1x/0nzUuHJL957o+IwjcHEq/13tdHbZKm51Ob835:NKj/qvLnXVjcHEq/1XHNKmjbJ

Malware Config

Targets

    • Target

      891afd4d2a9a4ad05999fac7a2fbdb70_JaffaCakes118

    • Size

      1.3MB

    • MD5

      891afd4d2a9a4ad05999fac7a2fbdb70

    • SHA1

      75d3c4543016557ce86f607370251b0a6acefa72

    • SHA256

      8f158f63346c64b37df519177aac8f1576a0f56922d84a47b346cc3800dadf57

    • SHA512

      8d5fb979cbc5ed4a0f4a7e22808b003b35c6e13f9817f498169a02b0d26aba9ef6f5d73a540c10672db7d3efe31fa65748885dff40ef9fda66c7f0f614b7afc0

    • SSDEEP

      24576:JyE6LYr+1x/0nzUuHJL957o+IwjcHEq/13tdHbZKm51Ob835:NKj/qvLnXVjcHEq/1XHNKmjbJ

    • Removes its main activity from the application launcher

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Queries account information for other applications stored on the device

      Application may abuse the framework's APIs to collect account information stored on the device.

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

    • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

    • Queries information about active data network

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Queries the unique device ID (IMEI, MEID, IMSI)

    • Reads information about phone network operator.

MITRE ATT&CK Mobile v15

Tasks