Overview

overview

10

Static

static

6

fafab38476...18.apk

android-9-x86

10

fafab38476...18.apk

android-10-x64

10

fafab38476...18.apk

android-11-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    154s
  • platform
    android-9_x86
  • resource
    android-x86-arm-20240910-en
  • resource tags

    arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
  • submitted
    27-09-2024 22:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fafab384768cb4b1b9c1f13de6720faf_JaffaCakes118.apk

  • Size

    427KB

  • MD5

    fafab384768cb4b1b9c1f13de6720faf

  • SHA1

    b61b575b3764aa4b260bb46dfb2c653d72b94415

  • SHA256

    b67262d26e6fbe7dca7543245edf7f748507c4cacf1dbc6ef3d16d39c63dc0cd

  • SHA512

    e657d455ee9de135a46d87af0007e2ec6b629418eb8ffadeb2efb6d6b5fb7dbfa51a6a2ce5011b7ddadafd7e44d04781d8b86a25e451bfec11c9d7442a8e4bf9

  • SSDEEP

    12288:OpH3tUmxd3dgVlnPlE2nMz5CiPUjUHJJZ7on:03tUmTd+9nnSAiPUjUHrZs

Score
10/10
xloader_apkbankercollectiondiscoveryevasionimpactinfostealerpersistencestealthtrojan

Malware Config

Extracted

Family

xloader_apk

C2

http://103.249.28.208:38876

DES_key

Signatures

Processes

  • com.cusx.ujrz
    1⤵
    • Checks if the Android device is rooted.
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Reads the content of the MMS message.
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Queries information about active data network
    • Requests changing the default SMS application.
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4222
    • ping -c 4 103.249.28.208
      2⤵
        PID:4411

    Network

    MITRE ATT&CK Mobile v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • /data/data/com.cusx.ujrz/files/dex
      Filesize

      764KB

      MD5

      9ef682a5daa6666a6e69a38c37a635b5

      SHA1

      602bba780bf668e0b8d3870fe8ca28e128d1f78c

      SHA256

      1ad70cde19de653276cf7af790d4ad5117f88a5ada3c2bd2d981a0b6206c2dcc

      SHA512

      84e90344c9afea40a540100ba944d6d3d979cd7279e4ec9082638a4a28ae1cb14e8b1de84f18742a0c46ae4f9bb0944c13ebba9e9e8751dfd58f34995c9ff2b2

      Download Submit

    • /data/data/com.cusx.ujrz/files/oat/dex.cur.prof
      Filesize

      1004B

      MD5

      e3fc3e5d9bc1fe7a4205f1f06279a551

      SHA1

      234e10a1ab5a46a054616d9499636a5f13762271

      SHA256

      f7504a5054f6b24272360a28436fb1cce5f12fde8f486d96ed64fe5980e0a40e

      SHA512

      e93078e1c556ce5c137b27bf1ae8253d4f3b2daa6257c42c973a88d2132eb87df9322e49de5584d9620ed828fbfdade8c21aa8b434c93bdb4a55ffa9e87c421b

      Download Submit

    • /data/data/com.cusx.ujrz/files/oat/dex.cur.prof
      Filesize

      1KB

      MD5

      177a2f0f01727664b8a2535b4d2aa64f

      SHA1

      a638988a238c378c51bd32edb3178b6959b0e019

      SHA256

      9b9979bf08264ff702e3333b39e8b2d11e8945cf0a05cc3d96423a812f423ed0

      SHA512

      0ee09bc3056aefcfa0837ad766d7fc1086b77c0d6181e050fcae77b097dba534db84b5aedbdce911501d4c9dd720540ff1baaa9ee90976eadd90b6b969e1a0f9

      Download Submit