Analysis
-
max time kernel
150s -
max time network
140s -
platform
android_x86 -
resource
android-x86-arm-20240221-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system -
submitted
03-04-2024 22:05
Static task
static1
Behavioral task
behavioral1
Sample
a7e1a12eb27b3ee2209dffa1a59f58c8_JaffaCakes118.apk
Resource
android-x86-arm-20240221-en
General
-
Target
a7e1a12eb27b3ee2209dffa1a59f58c8_JaffaCakes118.apk
-
Size
444KB
-
MD5
a7e1a12eb27b3ee2209dffa1a59f58c8
-
SHA1
bff82146d55983003e8da6b77a5bd8eee898ed72
-
SHA256
c92a7d2f90ed8bdc73a7ed3fef7bb98cc86b875a939c2b5d2b01ca6db71f98d8
-
SHA512
bdbbfbcb8a2744066026f0718bdb961a22f6e86b52cfb9e34368bfc7b95e3f07e4755e860c82f1a743223b82b1743c23ed6693f5ef3553f2955bbe270284f1f2
-
SSDEEP
12288:tf51spL11E3VShd+qr1svgrruWUwSkOLreoWfT:tf5sJ1iVS/fr1ugryWUwSkOXeoWL
Malware Config
Signatures
-
XLoader payload 2 IoCs
Processes:
resource yara_rule /data/data/dhzzc.bk.he.bsvqqc.fnb/files/d family_xloader_apk /data/data/dhzzc.bk.he.bsvqqc.fnb/files/d family_xloader_apk2 -
XLoader, MoqHao
An Android banker and info stealer.
-
Processes:
dhzzc.bk.he.bsvqqc.fnbpid process 4273 dhzzc.bk.he.bsvqqc.fnb -
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
Processes:
dhzzc.bk.he.bsvqqc.fnbioc pid process /data/user/0/dhzzc.bk.he.bsvqqc.fnb/files/d 4273 dhzzc.bk.he.bsvqqc.fnb /data/user/0/dhzzc.bk.he.bsvqqc.fnb/files/d 4273 dhzzc.bk.he.bsvqqc.fnb -
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
Processes:
dhzzc.bk.he.bsvqqc.fnbdescription ioc process Framework service call android.app.IActivityManager.setServiceForeground dhzzc.bk.he.bsvqqc.fnb -
Reads the content of the MMS message. 1 TTPs 1 IoCs
Processes:
dhzzc.bk.he.bsvqqc.fnbdescription ioc process URI accessed for read content://mms/ dhzzc.bk.he.bsvqqc.fnb -
Acquires the wake lock 1 IoCs
Processes:
dhzzc.bk.he.bsvqqc.fnbdescription ioc process Framework service call android.os.IPowerManager.acquireWakeLock dhzzc.bk.he.bsvqqc.fnb
Processes
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
453KB
MD5d7f0257d31574b862af05971f883fae0
SHA1252b1b03017de80d8fd70907cda39ce2bfadaddc
SHA256765119852dc93c3a5d397cbaa167ac148856dba9773062626ed4aeb9674f860c
SHA5123a53daaa693c0ee6904d737850d490a40035454931cebdbba865cefcd97df58e0c72e2ac33bbd4c1445f5d056193e81f113c0862d93acecbe74a0bcaa362eac5
-
Filesize
795B
MD50220dab6039fe8249592dfd8f15fda6f
SHA14040f26bc0928f87c723ea21eca9701af341afe7
SHA256a31326fa3fa904123310e77ce5c42c2e5cca6c56e0fe38aad7b2c51b1a0fdf9a
SHA512fa42f71b08f578725e2574244cff710e4210af3bbcb57cb3015d57e6f739669194c6768019671fd40e86e68fa8f02004ce1362137e18a6c6278e592447f513c5