Analysis
-
max time kernel
2194707s -
platform
android_x86 -
resource
android-x86-arm -
submitted
15-10-2021 07:15
Static task
static1
Behavioral task
behavioral1
Sample
kuronekoyamato.apk
Resource
android-x86-arm
General
-
Target
kuronekoyamato.apk
-
Size
444KB
-
MD5
d3cca23661c1dbed873738b5b3139c17
-
SHA1
b898615a181e439b4a70bafa751a9161fc23b6fc
-
SHA256
7ddb396891451029c2974391c477e943b373eb78f0f5ac56a80e1e887913a65b
-
SHA512
62d3694d91be6bf4f4e7c3746c06cf39ae1eb70f78b693fb096b4ee7fb2f74ddba03738f9e23b09dd080fa87fc4a0076be98526025550c2a2d113642e11ac67e
Malware Config
Signatures
-
XLoader Payload 2 IoCs
Processes:
resource yara_rule /data/user/0/eatjh.yxhlvf.zqqwk.cy.miy/files/d family_xloader_apk /data/user/0/eatjh.yxhlvf.zqqwk.cy.miy/files/d family_xloader_apk -
XLoader, MoqHao
An Android banker and info stealer.
-
Loads dropped Dex/Jar 2 IoCs
Runs executable file dropped to the device during analysis.
Processes:
eatjh.yxhlvf.zqqwk.cy.miyioc pid process /data/user/0/eatjh.yxhlvf.zqqwk.cy.miy/files/d 4948 eatjh.yxhlvf.zqqwk.cy.miy /data/user/0/eatjh.yxhlvf.zqqwk.cy.miy/files/d 4948 eatjh.yxhlvf.zqqwk.cy.miy -
Uses reflection 2 IoCs
Processes:
eatjh.yxhlvf.zqqwk.cy.miydescription pid process Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE 4948 eatjh.yxhlvf.zqqwk.cy.miy Invokes method android.telephony.SignalStrength.getLevel 4948 eatjh.yxhlvf.zqqwk.cy.miy
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/user/0/eatjh.yxhlvf.zqqwk.cy.miy/files/dMD5
d7f0257d31574b862af05971f883fae0
SHA1252b1b03017de80d8fd70907cda39ce2bfadaddc
SHA256765119852dc93c3a5d397cbaa167ac148856dba9773062626ed4aeb9674f860c
SHA5123a53daaa693c0ee6904d737850d490a40035454931cebdbba865cefcd97df58e0c72e2ac33bbd4c1445f5d056193e81f113c0862d93acecbe74a0bcaa362eac5
-
/data/user/0/eatjh.yxhlvf.zqqwk.cy.miy/files/dMD5
d7f0257d31574b862af05971f883fae0
SHA1252b1b03017de80d8fd70907cda39ce2bfadaddc
SHA256765119852dc93c3a5d397cbaa167ac148856dba9773062626ed4aeb9674f860c
SHA5123a53daaa693c0ee6904d737850d490a40035454931cebdbba865cefcd97df58e0c72e2ac33bbd4c1445f5d056193e81f113c0862d93acecbe74a0bcaa362eac5
-
/data/user/0/eatjh.yxhlvf.zqqwk.cy.miy/files/d
-
/data/user/0/eatjh.yxhlvf.zqqwk.cy.miy/files/d.x86.flockMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
/data/user/0/eatjh.yxhlvf.zqqwk.cy.miy/files/oat/d.cur.profMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
/data/user/0/eatjh.yxhlvf.zqqwk.cy.miy/shared_prefs/pref.xmlMD5
bca3495b57fd5ca74271fa78104b9a14
SHA1d7d218789d55bda316022c9114b249e47dd8ac75
SHA256defc80ad579f09a5a54e2c76cbf05316b5354837e64806a4001bcee78b0ed623
SHA5123aea211e40a1355dd9ef0c412499b7525ff6c39b720f4c6be01978501b1adcb7a3749b60e0b5b7b2e1f214c172e1a3896c98d8f930409f55392197b4345b63a8
-
/data/user/0/eatjh.yxhlvf.zqqwk.cy.miy/shared_prefs/pref.xmlMD5
4a45bfe6b3acfe91ce6ffc4b805544cb
SHA1e8db71155978e6ff898ace575d5f415aae3c5297
SHA2561a6a5b718fecef5407042b81e9dbb936fd7c38aa6c5f85704c1b37db874478c2
SHA512556c795cae9debbcb91f0cd97e85634409ce7b8af3db05331f1da072162e68f9fd5f2e7781fab7bbe1710a6d1b69a254de6502027a1f77b2ee551229fafe5436