General

  • Target

    8f600bc8ddcfbd10838b03910d48c6e7_JaffaCakes118

  • Size

    18.0MB

  • Sample

    241104-f3b78stpbt

  • MD5

    8f600bc8ddcfbd10838b03910d48c6e7

  • SHA1

    e6d22ad0bb3c13e737a62c8419ff1e09b53bb6b2

  • SHA256

    448cf0e560a48e143800f68008f288c5b782862ba54a48cb044b869ac107d043

  • SHA512

    dab921fc2d44b1caf1f22057324e673de27bfa85dbba2927dece4c3e117bfa1c871ca10d97bafbe5b7b7c724268b7de7966679a1d2de6b2e29a8f2fc7549da8e

  • SSDEEP

    393216:+NKMf1mAplwBcHUcd+r2tF9Ya3g7gf/dgSRYe3u9:+NKMf0ApyqHLF9Twc2SWeS

Malware Config

Targets

    • Target

      8f600bc8ddcfbd10838b03910d48c6e7_JaffaCakes118

    • Size

      18.0MB

    • MD5

      8f600bc8ddcfbd10838b03910d48c6e7

    • SHA1

      e6d22ad0bb3c13e737a62c8419ff1e09b53bb6b2

    • SHA256

      448cf0e560a48e143800f68008f288c5b782862ba54a48cb044b869ac107d043

    • SHA512

      dab921fc2d44b1caf1f22057324e673de27bfa85dbba2927dece4c3e117bfa1c871ca10d97bafbe5b7b7c724268b7de7966679a1d2de6b2e29a8f2fc7549da8e

    • SSDEEP

      393216:+NKMf1mAplwBcHUcd+r2tF9Ya3g7gf/dgSRYe3u9:+NKMf0ApyqHLF9Twc2SWeS

    • Checks if the Android device is rooted.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

    • Queries information about the current nearby Wi-Fi networks

      Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

    • Requests cell location

      Uses Android APIs to to get current cell location.

    • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

    • Queries information about active data network

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Queries the unique device ID (IMEI, MEID, IMSI)

    • Reads information about phone network operator.

    • Listens for changes in the sensor environment (might be used to detect emulation)

MITRE ATT&CK Mobile v15

Tasks