General

  • Target

    8fc19bbed44eb1dc19225aec5b93c9a4_JaffaCakes118

  • Size

    1.3MB

  • Sample

    241104-hngwaaxbkn

  • MD5

    8fc19bbed44eb1dc19225aec5b93c9a4

  • SHA1

    e1a0b251301de389d626054eb55a1926d2b59fdb

  • SHA256

    dbe399b6d210be56338c3b46550d745d720edbbde02bd3d58deaebb63740d88c

  • SHA512

    72aeea9c1757ec640b25c53599fb644e156d691d091577ef802d093798a11538d635d8f5574db6438b3dde8b82840b669b6d0a4654273f444ac2901688c434af

  • SSDEEP

    24576:IuWloL0otaYtXM5nCcC7ZwS3oqrytfW3Rjbo+KQjix6q/13tdHbZKm51Ob83o:PQ7Ytu5CFwS3oQwfW3Rj3Hjix6q/1XHk

Malware Config

Targets

    • Target

      8fc19bbed44eb1dc19225aec5b93c9a4_JaffaCakes118

    • Size

      1.3MB

    • MD5

      8fc19bbed44eb1dc19225aec5b93c9a4

    • SHA1

      e1a0b251301de389d626054eb55a1926d2b59fdb

    • SHA256

      dbe399b6d210be56338c3b46550d745d720edbbde02bd3d58deaebb63740d88c

    • SHA512

      72aeea9c1757ec640b25c53599fb644e156d691d091577ef802d093798a11538d635d8f5574db6438b3dde8b82840b669b6d0a4654273f444ac2901688c434af

    • SSDEEP

      24576:IuWloL0otaYtXM5nCcC7ZwS3oqrytfW3Rjbo+KQjix6q/13tdHbZKm51Ob83o:PQ7Ytu5CFwS3oQwfW3Rj3Hjix6q/1XHk

    • Removes its main activity from the application launcher

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Queries account information for other applications stored on the device

      Application may abuse the framework's APIs to collect account information stored on the device.

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

    • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

    • Queries information about active data network

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Queries the unique device ID (IMEI, MEID, IMSI)

    • Reads information about phone network operator.

MITRE ATT&CK Mobile v15

Tasks