General
-
Target
fa87e920fe001725d695986ee420113f_JaffaCakes118
-
Size
436KB
-
Sample
240927-q9xgvsyaph
-
MD5
fa87e920fe001725d695986ee420113f
-
SHA1
9ba494c22cf4953715425a5419c2b11eb89a22c2
-
SHA256
123f315220500032f702e31d7071a964526402c820f918262f1fb52d097ee5db
-
SHA512
5e96371e437e6b3737ac1953f5562f45a77a36dc92726d6cc39b9afb844cdc7b91aa5f2c8bda21d600c87f8b772636cb4af7d2e257385d12c87547fe0f7a7590
-
SSDEEP
6144:p6bjDqOkgFokQ8l227Sxk+hdkQCffuUR5mo9LVQ6ILW0u+ZKN85mHQmyP:gX+V8/Q7HCuMxW68Hu+Z6KP
Static task
static1
Behavioral task
behavioral1
Sample
fa87e920fe001725d695986ee420113f_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
fa87e920fe001725d695986ee420113f_JaffaCakes118.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
fa87e920fe001725d695986ee420113f_JaffaCakes118.apk
Resource
android-x64-arm64-20240624-en
Malware Config
Extracted
xloader_apk
http://103.126.160.21:38866
Targets
-
-
Target
fa87e920fe001725d695986ee420113f_JaffaCakes118
-
Size
436KB
-
MD5
fa87e920fe001725d695986ee420113f
-
SHA1
9ba494c22cf4953715425a5419c2b11eb89a22c2
-
SHA256
123f315220500032f702e31d7071a964526402c820f918262f1fb52d097ee5db
-
SHA512
5e96371e437e6b3737ac1953f5562f45a77a36dc92726d6cc39b9afb844cdc7b91aa5f2c8bda21d600c87f8b772636cb4af7d2e257385d12c87547fe0f7a7590
-
SSDEEP
6144:p6bjDqOkgFokQ8l227Sxk+hdkQCffuUR5mo9LVQ6ILW0u+ZKN85mHQmyP:gX+V8/Q7HCuMxW68Hu+Z6KP
-
XLoader payload
-
Checks if the Android device is rooted.
-
Queries the phone number (MSISDN for GSM devices)
-
Reads the content of the MMS message.
-
Acquires the wake lock
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries information about active data network
-
Reads information about phone network operator.
-
Requests changing the default SMS application.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Defense Evasion
Download New Code at Runtime
1Foreground Persistence
1Hide Artifacts
2Suppress Application Icon
1User Evasion
1