General
-
Target
6c7a4af10e0abdd124c8fb48ba05c298_JaffaCakes118
-
Size
431KB
-
Sample
240523-2hx5vsbf26
-
MD5
6c7a4af10e0abdd124c8fb48ba05c298
-
SHA1
d75f12dcd2894ddec82d3bb7ac85cf441510b875
-
SHA256
091ad4a8f74ba2d1c9313c3a67143ccc65ef6064417ca9b9451c79c315a0cc6f
-
SHA512
fdd0f163feb2384a6b5a492456b46683015c20290dd1c5b7d473819fab95023f868d40664d9920180948a4431f2195e530d156caebd9901be51ac719b6794748
-
SSDEEP
12288:m/Qjwv7zK1rains2F+u4kaa9FgILmxmvdVvlb7VbARJ3M:4ewTzK17ns24kZGAtBArM
Static task
static1
Behavioral task
behavioral1
Sample
6c7a4af10e0abdd124c8fb48ba05c298_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
6c7a4af10e0abdd124c8fb48ba05c298_JaffaCakes118.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral3
Sample
6c7a4af10e0abdd124c8fb48ba05c298_JaffaCakes118.apk
Resource
android-x64-arm64-20240514-en
Malware Config
Extracted
xloader_apk
http://91.204.227.39:28844
Targets
-
-
Target
6c7a4af10e0abdd124c8fb48ba05c298_JaffaCakes118
-
Size
431KB
-
MD5
6c7a4af10e0abdd124c8fb48ba05c298
-
SHA1
d75f12dcd2894ddec82d3bb7ac85cf441510b875
-
SHA256
091ad4a8f74ba2d1c9313c3a67143ccc65ef6064417ca9b9451c79c315a0cc6f
-
SHA512
fdd0f163feb2384a6b5a492456b46683015c20290dd1c5b7d473819fab95023f868d40664d9920180948a4431f2195e530d156caebd9901be51ac719b6794748
-
SSDEEP
12288:m/Qjwv7zK1rains2F+u4kaa9FgILmxmvdVvlb7VbARJ3M:4ewTzK17ns24kZGAtBArM
-
XLoader payload
-
Checks if the Android device is rooted.
-
Requests changing the default SMS application.
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries account information for other applications stored on the device
Application may abuse the framework's APIs to collect account information stored on the device.
-
Queries the phone number (MSISDN for GSM devices)
-
Reads the content of the MMS message.
-
Registers a broadcast receiver at runtime (usually for listening for system events)
-
Acquires the wake lock
-
Checks if the internet connection is available
-
Queries the unique device ID (IMEI, MEID, IMSI)
-
Reads information about phone network operator.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-