General

  • Target

    05d363fb48f98a0f3aaca6c384f39538b63b8b1eb64f765fbc8ed71026f1b51e.bin

  • Size

    205KB

  • Sample

    210208-538fcaqkgn

  • MD5

    4dd0787204003936e737678bf0fb108d

  • SHA1

    066ed392e9e5de40c66ec7c9deffac9015c453f7

  • SHA256

    05d363fb48f98a0f3aaca6c384f39538b63b8b1eb64f765fbc8ed71026f1b51e

  • SHA512

    ab6d09adb0eea630ce73950d796bcc8ce1c20fba56e82404485a5dc4896e40b4ad33df46fbfd74a3c4b779d3f84793fff97ecf6085df671f6bc9468deac8281d

Malware Config

Extracted

DES_key

Targets

    • Target

      05d363fb48f98a0f3aaca6c384f39538b63b8b1eb64f765fbc8ed71026f1b51e.bin

    • Size

      205KB

    • MD5

      4dd0787204003936e737678bf0fb108d

    • SHA1

      066ed392e9e5de40c66ec7c9deffac9015c453f7

    • SHA256

      05d363fb48f98a0f3aaca6c384f39538b63b8b1eb64f765fbc8ed71026f1b51e

    • SHA512

      ab6d09adb0eea630ce73950d796bcc8ce1c20fba56e82404485a5dc4896e40b4ad33df46fbfd74a3c4b779d3f84793fff97ecf6085df671f6bc9468deac8281d

    • XLoader, MoqHao

      An Android banker and info stealer.

    • Removes its main activity from the application launcher

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Reads name of network operator

      Uses Android APIs to discover system information.

    • Uses Crypto APIs (Might try to encrypt user data).

MITRE ATT&CK Matrix

Tasks