General

  • Target

    8ad995f9b2dce21af0d67a441fec47fc_JaffaCakes118

  • Size

    4.2MB

  • Sample

    241103-lvntys1frk

  • MD5

    8ad995f9b2dce21af0d67a441fec47fc

  • SHA1

    797bb5006d12c871aab36384f76cda94a7837bd3

  • SHA256

    f3f9450133271213ef65b0743341f94bfb69846284e9060375148456f95f2c17

  • SHA512

    fafcbba0a375a97511d4e8d8e746622f64ee6399bf22717db8a60482ae3d7ec3076070afb6f4b8d6d927c7f5ada85bdca374471380f6925d337d4ebb96df49c1

  • SSDEEP

    98304:qfAtL8Y1e5EfywYOxiRkGfr7+C+nt+9DMg9B6Bem57+rCYdzsO:BL8YiFwnEr7IgMGrl+YdzsO

Malware Config

Targets

    • Target

      8ad995f9b2dce21af0d67a441fec47fc_JaffaCakes118

    • Size

      4.2MB

    • MD5

      8ad995f9b2dce21af0d67a441fec47fc

    • SHA1

      797bb5006d12c871aab36384f76cda94a7837bd3

    • SHA256

      f3f9450133271213ef65b0743341f94bfb69846284e9060375148456f95f2c17

    • SHA512

      fafcbba0a375a97511d4e8d8e746622f64ee6399bf22717db8a60482ae3d7ec3076070afb6f4b8d6d927c7f5ada85bdca374471380f6925d337d4ebb96df49c1

    • SSDEEP

      98304:qfAtL8Y1e5EfywYOxiRkGfr7+C+nt+9DMg9B6Bem57+rCYdzsO:BL8YiFwnEr7IgMGrl+YdzsO

    • Checks if the Android device is rooted.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

    • Requests cell location

      Uses Android APIs to to get current cell location.

    • Acquires the wake lock

    • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

    • Queries information about active data network

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Reads information about phone network operator.

MITRE ATT&CK Mobile v15

Tasks