General

  • Target

    8c614ab043f54eeca06c038cf686cdbb_JaffaCakes118

  • Size

    8.8MB

  • Sample

    241103-tvhlyaygqp

  • MD5

    8c614ab043f54eeca06c038cf686cdbb

  • SHA1

    6d0be6ce7f9caa0cb016fc0857c9baa8c8c24135

  • SHA256

    1fbb39f88a63f1bcfdf7b5b27bce1539ade87eb0e55a76acd03d6deda2439209

  • SHA512

    f085f806e02d56f1f1f10e29527106b344509573891d2dcc6d57f29437707b558bb29bab34919ceb9622f765ca0d2a2e2e9813f905f19db3b394949f41d2909b

  • SSDEEP

    196608:t/rCZs5OVQz9VeLgFz1EZB0GR9ixmKuTyl1+gwNBPQIP:tTcOVugFuH4Tuc1+FBPjP

Malware Config

Targets

    • Target

      8c614ab043f54eeca06c038cf686cdbb_JaffaCakes118

    • Size

      8.8MB

    • MD5

      8c614ab043f54eeca06c038cf686cdbb

    • SHA1

      6d0be6ce7f9caa0cb016fc0857c9baa8c8c24135

    • SHA256

      1fbb39f88a63f1bcfdf7b5b27bce1539ade87eb0e55a76acd03d6deda2439209

    • SHA512

      f085f806e02d56f1f1f10e29527106b344509573891d2dcc6d57f29437707b558bb29bab34919ceb9622f765ca0d2a2e2e9813f905f19db3b394949f41d2909b

    • SSDEEP

      196608:t/rCZs5OVQz9VeLgFz1EZB0GR9ixmKuTyl1+gwNBPQIP:tTcOVugFuH4Tuc1+FBPjP

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

    • Queries information about the current nearby Wi-Fi networks

      Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

    • Requests cell location

      Uses Android APIs to to get current cell location.

    • Acquires the wake lock

    • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

    • Queries information about active data network

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Queries the unique device ID (IMEI, MEID, IMSI)

    • Reads information about phone network operator.

    • Listens for changes in the sensor environment (might be used to detect emulation)

MITRE ATT&CK Mobile v15

Tasks