Analysis
-
max time kernel
149s -
max time network
138s -
platform
android_x86 -
resource
android-x86-arm-20240221-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system -
submitted
04-04-2024 17:15
Static task
static1
Behavioral task
behavioral1
Sample
be19ba6e627b0cb5a1e4acb7c725a240_JaffaCakes118.apk
Resource
android-x86-arm-20240221-en
General
-
Target
be19ba6e627b0cb5a1e4acb7c725a240_JaffaCakes118.apk
-
Size
444KB
-
MD5
be19ba6e627b0cb5a1e4acb7c725a240
-
SHA1
5f4b437ce703ad85ec0d52a83a8f96c2f9491c29
-
SHA256
dc2c8a143099b03f2de31b05cf02a7dc68e88b330c8f5a7f9536c69963293380
-
SHA512
89b376176d63554c620fc42195cd03dbdcf371351fde90bf4ccfb6f2362373d8cf283190b67b0d3e8f3fb1604955749f779ba8fd47473f23b8e81bccd82ba663
-
SSDEEP
12288:wbVQmt51spL11E3VShd+qr1svgrruW/a/xDRQqtGlU:w5QI5sJ1iVS/fr1ugryWmR9Qm
Malware Config
Signatures
-
XLoader payload 2 IoCs
Processes:
resource yara_rule /data/data/oss.epbbyl.enul.tf.pidj/files/d family_xloader_apk /data/data/oss.epbbyl.enul.tf.pidj/files/d family_xloader_apk2 -
XLoader, MoqHao
An Android banker and info stealer.
-
Processes:
oss.epbbyl.enul.tf.pidjpid process 4278 oss.epbbyl.enul.tf.pidj -
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
Processes:
oss.epbbyl.enul.tf.pidjioc pid process /data/user/0/oss.epbbyl.enul.tf.pidj/files/d 4278 oss.epbbyl.enul.tf.pidj /data/user/0/oss.epbbyl.enul.tf.pidj/files/d 4278 oss.epbbyl.enul.tf.pidj -
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
Processes:
oss.epbbyl.enul.tf.pidjdescription ioc process Framework service call android.app.IActivityManager.setServiceForeground oss.epbbyl.enul.tf.pidj -
Reads the content of the MMS message. 1 TTPs 1 IoCs
Processes:
oss.epbbyl.enul.tf.pidjdescription ioc process URI accessed for read content://mms/ oss.epbbyl.enul.tf.pidj -
Acquires the wake lock 1 IoCs
Processes:
oss.epbbyl.enul.tf.pidjdescription ioc process Framework service call android.os.IPowerManager.acquireWakeLock oss.epbbyl.enul.tf.pidj
Processes
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
453KB
MD5d7f0257d31574b862af05971f883fae0
SHA1252b1b03017de80d8fd70907cda39ce2bfadaddc
SHA256765119852dc93c3a5d397cbaa167ac148856dba9773062626ed4aeb9674f860c
SHA5123a53daaa693c0ee6904d737850d490a40035454931cebdbba865cefcd97df58e0c72e2ac33bbd4c1445f5d056193e81f113c0862d93acecbe74a0bcaa362eac5
-
Filesize
796B
MD5fba9c7135c88d8ef2761f79ca00583be
SHA100e8d2a6681259d2bdefa1b6e0a9656f617dad17
SHA256d69d3416186a55279ea42fafe22f154bda4e8a2d2d9a736eea07af6b16f7aa69
SHA512de2bf232acc8c4c53d3fce320a554283c91f9f46cf1ecdb7f0d0effb9663a17d25f57baa6b7dd05d96e75e0fb5e1279d3b974276f28f15f804cdef893f3d0de7