General
-
Target
34995c29033f780c2e0508d82cc1f420_JaffaCakes118
-
Size
436KB
-
Sample
240511-pp85gsga6x
-
MD5
34995c29033f780c2e0508d82cc1f420
-
SHA1
cdc753a41d5cf9f3cc74b9c59aacca797e3ee5f4
-
SHA256
2e551fcc7fd099750b28778bb73a233c08c70f97db0be95aa14a9aa4df4ed0ee
-
SHA512
2252e368ff2578a1cd9c1577c6930ada85ef59f95828dc17d520041f43eb5779672e4d98b89395da70c856d07abc02c14d7e9db42175fa984d1f90d7f17aa7a5
-
SSDEEP
12288:RvBXI4EDwOtOckYHiQAvGtXKEDH3tQg7q0woQVNOi68:snDrkpYfAO8ED97u0xSOW
Static task
static1
Behavioral task
behavioral1
Sample
34995c29033f780c2e0508d82cc1f420_JaffaCakes118.apk
Resource
android-x86-arm-20240506-en
Behavioral task
behavioral2
Sample
34995c29033f780c2e0508d82cc1f420_JaffaCakes118.apk
Resource
android-x64-20240506-en
Behavioral task
behavioral3
Sample
34995c29033f780c2e0508d82cc1f420_JaffaCakes118.apk
Resource
android-x64-arm64-20240506-en
Malware Config
Extracted
xloader_apk
http://45.114.129.49:28866
Targets
-
-
Target
34995c29033f780c2e0508d82cc1f420_JaffaCakes118
-
Size
436KB
-
MD5
34995c29033f780c2e0508d82cc1f420
-
SHA1
cdc753a41d5cf9f3cc74b9c59aacca797e3ee5f4
-
SHA256
2e551fcc7fd099750b28778bb73a233c08c70f97db0be95aa14a9aa4df4ed0ee
-
SHA512
2252e368ff2578a1cd9c1577c6930ada85ef59f95828dc17d520041f43eb5779672e4d98b89395da70c856d07abc02c14d7e9db42175fa984d1f90d7f17aa7a5
-
SSDEEP
12288:RvBXI4EDwOtOckYHiQAvGtXKEDH3tQg7q0woQVNOi68:snDrkpYfAO8ED97u0xSOW
-
XLoader payload
-
Requests changing the default SMS application.
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries the phone number (MSISDN for GSM devices)
-
Reads the content of the MMS message.
-
Registers a broadcast receiver at runtime (usually for listening for system events)
-
Acquires the wake lock
-
Checks if the internet connection is available
-
Reads information about phone network operator.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-