General
-
Target
1eddd9d9f2e88b5e61421bc9e7aa831a_JaffaCakes118
-
Size
436KB
-
Sample
240507-a2cjqaaf4x
-
MD5
1eddd9d9f2e88b5e61421bc9e7aa831a
-
SHA1
be501b9f6fe606a4aa7f28c500afa28892dbf636
-
SHA256
9d2a607c8bb4fc9bb551fbc585aaf057d884acb43a22aee65124bffd72219d8b
-
SHA512
7aab28e313ec8462eccee25f3d930b3408fde325a8a52c44c32985c545b6f39d9f982f5545ca44e7fd8a1e3fd19ad03854bc6868205e3356aaec38e395bba8b5
-
SSDEEP
12288:+5wLOEWMR7vjK9eMXk4h3DhlJ8r2RN7q0woQVNOi6r:hWMRO7n3DJ++u0xSOd
Static task
static1
Behavioral task
behavioral1
Sample
1eddd9d9f2e88b5e61421bc9e7aa831a_JaffaCakes118.apk
Resource
android-x86-arm-20240506-en
Behavioral task
behavioral2
Sample
1eddd9d9f2e88b5e61421bc9e7aa831a_JaffaCakes118.apk
Resource
android-x64-20240506-en
Behavioral task
behavioral3
Sample
1eddd9d9f2e88b5e61421bc9e7aa831a_JaffaCakes118.apk
Resource
android-x64-arm64-20240506-en
Malware Config
Extracted
xloader_apk
http://45.114.129.49:28866
Targets
-
-
Target
1eddd9d9f2e88b5e61421bc9e7aa831a_JaffaCakes118
-
Size
436KB
-
MD5
1eddd9d9f2e88b5e61421bc9e7aa831a
-
SHA1
be501b9f6fe606a4aa7f28c500afa28892dbf636
-
SHA256
9d2a607c8bb4fc9bb551fbc585aaf057d884acb43a22aee65124bffd72219d8b
-
SHA512
7aab28e313ec8462eccee25f3d930b3408fde325a8a52c44c32985c545b6f39d9f982f5545ca44e7fd8a1e3fd19ad03854bc6868205e3356aaec38e395bba8b5
-
SSDEEP
12288:+5wLOEWMR7vjK9eMXk4h3DhlJ8r2RN7q0woQVNOi6r:hWMRO7n3DJ++u0xSOd
-
XLoader payload
-
Requests changing the default SMS application.
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries the phone number (MSISDN for GSM devices)
-
Reads the content of the MMS message.
-
Registers a broadcast receiver at runtime (usually for listening for system events)
-
Acquires the wake lock
-
Checks if the internet connection is available
-
Reads information about phone network operator.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Defense Evasion
Download New Code at Runtime
1Foreground Persistence
1Hide Artifacts
2Suppress Application Icon
1User Evasion
1