General
-
Target
8ee9328dac4ab56e3ca7480ff75bf981_JaffaCakes118
-
Size
431KB
-
Sample
240602-wer7jshh6v
-
MD5
8ee9328dac4ab56e3ca7480ff75bf981
-
SHA1
1dcdfbd2acd9f60e7d1c5d6de558f3d597aed160
-
SHA256
800063e698230a540277e370d2ff393229f33dd1117da9b52be98912adb40e31
-
SHA512
abda5cef3adabb700b192f3eb62f6336c134b6fce5a9fad519f0960dfa8ade42bf4105d89a3b7d69af80af67da348b05863febf577e3990730d8fb1f73a19a1f
-
SSDEEP
12288:AISOdjX7N0HgSziADpDwQtUHFYo1lCYI8akScVEOZnpCI:A+siobMxPDakSc3ZnpCI
Static task
static1
Behavioral task
behavioral1
Sample
8ee9328dac4ab56e3ca7480ff75bf981_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
8ee9328dac4ab56e3ca7480ff75bf981_JaffaCakes118.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral3
Sample
8ee9328dac4ab56e3ca7480ff75bf981_JaffaCakes118.apk
Resource
android-x64-arm64-20240514-en
Malware Config
Extracted
xloader_apk
http://91.204.227.39:28844
Targets
-
-
Target
8ee9328dac4ab56e3ca7480ff75bf981_JaffaCakes118
-
Size
431KB
-
MD5
8ee9328dac4ab56e3ca7480ff75bf981
-
SHA1
1dcdfbd2acd9f60e7d1c5d6de558f3d597aed160
-
SHA256
800063e698230a540277e370d2ff393229f33dd1117da9b52be98912adb40e31
-
SHA512
abda5cef3adabb700b192f3eb62f6336c134b6fce5a9fad519f0960dfa8ade42bf4105d89a3b7d69af80af67da348b05863febf577e3990730d8fb1f73a19a1f
-
SSDEEP
12288:AISOdjX7N0HgSziADpDwQtUHFYo1lCYI8akScVEOZnpCI:A+siobMxPDakSc3ZnpCI
-
XLoader payload
-
Checks if the Android device is rooted.
-
Requests changing the default SMS application.
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries account information for other applications stored on the device
Application may abuse the framework's APIs to collect account information stored on the device.
-
Queries information about the current Wi-Fi connection
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries the phone number (MSISDN for GSM devices)
-
Reads the content of the MMS message.
-
Registers a broadcast receiver at runtime (usually for listening for system events)
-
Acquires the wake lock
-
Checks if the internet connection is available
-
Queries the unique device ID (IMEI, MEID, IMSI)
-
Reads information about phone network operator.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-