General

  • Target

    0e62c8b0a0ad9c51c98e08d8aaed440e_JaffaCakes118

  • Size

    301KB

  • Sample

    240502-nrb24aab63

  • MD5

    0e62c8b0a0ad9c51c98e08d8aaed440e

  • SHA1

    df67c64e6fec7763837bd4611ac2e5137ed75989

  • SHA256

    6122993c0dab39f829216097bd0338b78f941fff7be5265e1067457e16d2173e

  • SHA512

    fa537eff2dfb9fb623d0ecf33a1fcd03f4405e7bf107f473d2936c3ab5e31cb854c733498c911d3344d0cb0f31f9b7eb9d7f2a9d4554d9701b6c774b2b515cdb

  • SSDEEP

    6144:xMzJnWtcly64NbaD7jaivZy/5kqGhwn3rF81l324FgZNJ3tfePnf8En:xMzJnWZCayZouMWl2Zrtof8En

Malware Config

Targets

    • Target

      0e62c8b0a0ad9c51c98e08d8aaed440e_JaffaCakes118

    • Size

      301KB

    • MD5

      0e62c8b0a0ad9c51c98e08d8aaed440e

    • SHA1

      df67c64e6fec7763837bd4611ac2e5137ed75989

    • SHA256

      6122993c0dab39f829216097bd0338b78f941fff7be5265e1067457e16d2173e

    • SHA512

      fa537eff2dfb9fb623d0ecf33a1fcd03f4405e7bf107f473d2936c3ab5e31cb854c733498c911d3344d0cb0f31f9b7eb9d7f2a9d4554d9701b6c774b2b515cdb

    • SSDEEP

      6144:xMzJnWtcly64NbaD7jaivZy/5kqGhwn3rF81l324FgZNJ3tfePnf8En:xMzJnWZCayZouMWl2Zrtof8En

    • XLoader payload

    • XLoader, MoqHao

      An Android banker and info stealer.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Removes its main activity from the application launcher

    • Requests changing the default SMS application.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

    • Queries the phone number (MSISDN for GSM devices)

    • Reads the content of the MMS message.

    • Registers a broadcast receiver at runtime (usually for listening for system events)

    • Acquires the wake lock

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

MITRE ATT&CK Mobile v15

Tasks