Analysis
-
max time kernel
579182s -
max time network
184s -
platform
android_x86 -
resource
android-x86_arm -
submitted
02-12-2020 08:12
General
-
Target
zKwKlSnUuQeZa.apk
-
Size
218KB
-
MD5
212c1bc0fd51bc8c839d01cfd56f1b9b
-
SHA1
96d5735d08fa051d93a7d67d5ce4484f52acba07
-
SHA256
3cb7aec0318711c507da8cb40885e1b01571d5df9b3d63f6316eb230ece35a97
-
SHA512
67bda7312c49ffcfe949b049fb4e22b37ee4748f041029f5cf736bcd007d686611f0617f8142e236a1c00a927a52a2770576f7885d2f8e1e2086c2089aab7520
Score
10/10
Malware Config
Extracted
DES_key
Signatures
-
XLoader, MoqHao
An Android banker and info stealer.
-
Removes its main activity from the application launcher 1 IoCs
-
Loads dropped Dex/Jar 2 IoCs
Runs executable file dropped to the device during analysis.
-
Reads name of network operator 1 IoCs
Uses Android APIs to discover system information.
-
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
-
Suspicious use of android.app.ApplicationPackageManager.getInstalledPackages 2 IoCs
-
Suspicious use of android.net.wifi.WifiInfo.getMacAddress 6 IoCs
-
Suspicious use of android.os.PowerManager$WakeLock.acquire 1 IoCs
-
Suspicious use of android.telephony.TelephonyManager.getLine1Number 7 IoCs
-
Uses reflection 12 IoCs
Processes
-
yhvc.uluqt.djovl1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Reads name of network operator
- Uses Crypto APIs (Might try to encrypt user data).
- Suspicious use of android.app.ApplicationPackageManager.getInstalledPackages
- Suspicious use of android.net.wifi.WifiInfo.getMacAddress
- Suspicious use of android.os.PowerManager$WakeLock.acquire
- Suspicious use of android.telephony.TelephonyManager.getLine1Number
- Uses reflection