General

  • Target

    5fcec0619ebbe9aafe799b49522168baf99aa2ed4d2eadacc0fba8ce63862f81

  • Size

    205KB

  • Sample

    210204-ndm3lvqrw2

  • MD5

    86ba5898244d287ac4a794732511fc0a

  • SHA1

    eba4290fabe1c490b7d817e9d3761ee2d8d41097

  • SHA256

    5fcec0619ebbe9aafe799b49522168baf99aa2ed4d2eadacc0fba8ce63862f81

  • SHA512

    0acf5757c45e89cb4b7ad0ef66c28861232f62b4fa393159bc38efad78f52116c324d95a6093626269a71dca2b88e98b7ce168da5c5ca4537796d8d156b203d8

Malware Config

Extracted

DES_key

Targets

    • Target

      5fcec0619ebbe9aafe799b49522168baf99aa2ed4d2eadacc0fba8ce63862f81

    • Size

      205KB

    • MD5

      86ba5898244d287ac4a794732511fc0a

    • SHA1

      eba4290fabe1c490b7d817e9d3761ee2d8d41097

    • SHA256

      5fcec0619ebbe9aafe799b49522168baf99aa2ed4d2eadacc0fba8ce63862f81

    • SHA512

      0acf5757c45e89cb4b7ad0ef66c28861232f62b4fa393159bc38efad78f52116c324d95a6093626269a71dca2b88e98b7ce168da5c5ca4537796d8d156b203d8

    • XLoader, MoqHao

      An Android banker and info stealer.

    • Removes its main activity from the application launcher

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Reads name of network operator

      Uses Android APIs to discover system information.

    • Uses Crypto APIs (Might try to encrypt user data).

MITRE ATT&CK Matrix

Tasks