General

  • Target

    f6a294d150c5c291e2f998a8cd4e4874_JaffaCakes118

  • Size

    13.6MB

  • Sample

    241216-bqf87sykeq

  • MD5

    f6a294d150c5c291e2f998a8cd4e4874

  • SHA1

    e118d7785f84eab2cbf9e3fce144c08e05f8df3b

  • SHA256

    71768a11c8503aef5ef025423e0dd41f526bb5ec27ddca2e128bb7c1ad033c82

  • SHA512

    41b5408de4470a95d565a80c5a5596a4b87edfa00a105fa7b683a4675b043d5d39c829d42db94b9835b626aed30a9c36fa16a9baf5d72619013d0d6b63186fa4

  • SSDEEP

    393216:P9Ow1aZ85fVGEAA9SVSEArrHnexhdPWACDIurRo951b7:EwnhA0SZ0i1C8c2N

Malware Config

Targets

    • Target

      f6a294d150c5c291e2f998a8cd4e4874_JaffaCakes118

    • Size

      13.6MB

    • MD5

      f6a294d150c5c291e2f998a8cd4e4874

    • SHA1

      e118d7785f84eab2cbf9e3fce144c08e05f8df3b

    • SHA256

      71768a11c8503aef5ef025423e0dd41f526bb5ec27ddca2e128bb7c1ad033c82

    • SHA512

      41b5408de4470a95d565a80c5a5596a4b87edfa00a105fa7b683a4675b043d5d39c829d42db94b9835b626aed30a9c36fa16a9baf5d72619013d0d6b63186fa4

    • SSDEEP

      393216:P9Ow1aZ85fVGEAA9SVSEArrHnexhdPWACDIurRo951b7:EwnhA0SZ0i1C8c2N

    • Checks if the Android device is rooted.

    • Removes its main activity from the application launcher

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Queries the phone number (MSISDN for GSM devices)

    • Acquires the wake lock

    • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

    • Queries information about active data network

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Reads information about phone network operator.

    • Tries to add a device administrator.

    • Checks the presence of a debugger

MITRE ATT&CK Mobile v15

Tasks