General
-
Target
ffdac644009fb0f4b565f28f8c25d402_JaffaCakes118
-
Size
445KB
-
Sample
240421-wpbbsage35
-
MD5
ffdac644009fb0f4b565f28f8c25d402
-
SHA1
cf4cf495ebcc3605273824a4c93e312f27b6f198
-
SHA256
b5a3a633ddd31e523e4d0665d8c915f9ef7be81eb841211621380fac301c70eb
-
SHA512
91e58cf1f6cf375c80364eaacffabbe93abebc149169cd94e5cd98b8663bd2927e77612d13fca4048c910a6fe8faeff6e1381bacdb828a78ef6a9d0697ae5cf9
-
SSDEEP
6144:sVQgxr5v9JJJufcmakf910m5C7XrXDDUEW+3qyqPoQ+8QVbSda8lysdWINQZoFSL:ropifcmakfcD7DAEXqyqQnSMey7SQZym
Malware Config
Extracted
xloader_apk
http://91.204.227.39:28844
Targets
-
-
Target
ffdac644009fb0f4b565f28f8c25d402_JaffaCakes118
-
Size
445KB
-
MD5
ffdac644009fb0f4b565f28f8c25d402
-
SHA1
cf4cf495ebcc3605273824a4c93e312f27b6f198
-
SHA256
b5a3a633ddd31e523e4d0665d8c915f9ef7be81eb841211621380fac301c70eb
-
SHA512
91e58cf1f6cf375c80364eaacffabbe93abebc149169cd94e5cd98b8663bd2927e77612d13fca4048c910a6fe8faeff6e1381bacdb828a78ef6a9d0697ae5cf9
-
SSDEEP
6144:sVQgxr5v9JJJufcmakf910m5C7XrXDDUEW+3qyqPoQ+8QVbSda8lysdWINQZoFSL:ropifcmakfcD7DAEXqyqQnSMey7SQZym
Score10/10-
XLoader payload
-
XLoader, MoqHao
An Android banker and info stealer.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
-
Removes its main activity from the application launcher
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries account information for other applications stored on the device
Application may abuse the framework's APIs to collect account information stored on the device.
-
Reads the content of the MMS message.
-
Registers a broadcast receiver at runtime (usually for listening for system events)
-
Acquires the wake lock
-