General
-
Target
57d01142f7b20dbc2ff3c5bba64c7e68_JaffaCakes118
-
Size
432KB
-
Sample
240519-bhzetaac4y
-
MD5
57d01142f7b20dbc2ff3c5bba64c7e68
-
SHA1
57578c9471269617563c6bb76e0fa7673bea76c5
-
SHA256
77af6a936ca74f2a6ce7e4f3f98f80fd039e83103bce95f8c20587d80b981589
-
SHA512
33873d77e3da803cf7810e3fc6650a7f2f709451671a7ade6d761f097e60a37e1bf78f1756f405d7843d2f70b882177c45cfcfd46fa44f04e3eb0ab2ce6fc8b3
-
SSDEEP
12288:BWgV3lpHNO048JxjY8Q0qDKeGzB8cS0LlBcGJHpk:BZa8JxjY8X8BKfc0k
Static task
static1
Behavioral task
behavioral1
Sample
57d01142f7b20dbc2ff3c5bba64c7e68_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
57d01142f7b20dbc2ff3c5bba64c7e68_JaffaCakes118.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral3
Sample
57d01142f7b20dbc2ff3c5bba64c7e68_JaffaCakes118.apk
Resource
android-x64-arm64-20240514-en
Malware Config
Extracted
xloader_apk
http://103.249.28.208:38876
Targets
-
-
Target
57d01142f7b20dbc2ff3c5bba64c7e68_JaffaCakes118
-
Size
432KB
-
MD5
57d01142f7b20dbc2ff3c5bba64c7e68
-
SHA1
57578c9471269617563c6bb76e0fa7673bea76c5
-
SHA256
77af6a936ca74f2a6ce7e4f3f98f80fd039e83103bce95f8c20587d80b981589
-
SHA512
33873d77e3da803cf7810e3fc6650a7f2f709451671a7ade6d761f097e60a37e1bf78f1756f405d7843d2f70b882177c45cfcfd46fa44f04e3eb0ab2ce6fc8b3
-
SSDEEP
12288:BWgV3lpHNO048JxjY8Q0qDKeGzB8cS0LlBcGJHpk:BZa8JxjY8X8BKfc0k
-
XLoader payload
-
Checks if the Android device is rooted.
-
Requests changing the default SMS application.
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries the phone number (MSISDN for GSM devices)
-
Reads the content of the MMS message.
-
Registers a broadcast receiver at runtime (usually for listening for system events)
-
Acquires the wake lock
-
Checks if the internet connection is available
-
Reads information about phone network operator.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-