General
-
Target
514a9dbd0084786c2cb0ab9793257929_JaffaCakes118
-
Size
429KB
-
Sample
240517-yzne7sha36
-
MD5
514a9dbd0084786c2cb0ab9793257929
-
SHA1
d0ab8bcb379d347bbe8e20fce440c0d6b2eb9f0c
-
SHA256
31d96a246ac25790fd0705a7de776dca8e5e46d3e3327ef4f6d2e0bd18240752
-
SHA512
24779cee769f2c716a271c63681aea74ce4054ed7bb1bbd5dcb9cea8ef232229d55145ac460a5e67800163bdb575b949afd92733b61c31f97ded41aecfbfa9a7
-
SSDEEP
12288:3e0VKjTLusbhzscFajtXDSVVf+vC5pLmf3IRJ3u:3ek4sFzG+65pLmwru
Static task
static1
Behavioral task
behavioral1
Sample
514a9dbd0084786c2cb0ab9793257929_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
514a9dbd0084786c2cb0ab9793257929_JaffaCakes118.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral3
Sample
514a9dbd0084786c2cb0ab9793257929_JaffaCakes118.apk
Resource
android-x64-arm64-20240514-en
Malware Config
Extracted
xloader_apk
http://91.204.227.39:28844
Targets
-
-
Target
514a9dbd0084786c2cb0ab9793257929_JaffaCakes118
-
Size
429KB
-
MD5
514a9dbd0084786c2cb0ab9793257929
-
SHA1
d0ab8bcb379d347bbe8e20fce440c0d6b2eb9f0c
-
SHA256
31d96a246ac25790fd0705a7de776dca8e5e46d3e3327ef4f6d2e0bd18240752
-
SHA512
24779cee769f2c716a271c63681aea74ce4054ed7bb1bbd5dcb9cea8ef232229d55145ac460a5e67800163bdb575b949afd92733b61c31f97ded41aecfbfa9a7
-
SSDEEP
12288:3e0VKjTLusbhzscFajtXDSVVf+vC5pLmf3IRJ3u:3ek4sFzG+65pLmwru
-
XLoader payload
-
Checks if the Android device is rooted.
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries account information for other applications stored on the device
Application may abuse the framework's APIs to collect account information stored on the device.
-
Queries information about the current Wi-Fi connection
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries the phone number (MSISDN for GSM devices)
-
Reads the content of the MMS message.
-
Registers a broadcast receiver at runtime (usually for listening for system events)
-
Acquires the wake lock
-
Checks if the internet connection is available
-
Queries the unique device ID (IMEI, MEID, IMSI)
-
Reads information about phone network operator.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-