Analysis
-
max time kernel
2193242s -
platform
android_x86 -
resource
android-x86-arm -
submitted
15-10-2021 06:50
Static task
static1
Behavioral task
behavioral1
Sample
kuronekoyamato.apk
Resource
android-x86-arm
General
-
Target
kuronekoyamato.apk
-
Size
444KB
-
MD5
be19ba6e627b0cb5a1e4acb7c725a240
-
SHA1
5f4b437ce703ad85ec0d52a83a8f96c2f9491c29
-
SHA256
dc2c8a143099b03f2de31b05cf02a7dc68e88b330c8f5a7f9536c69963293380
-
SHA512
89b376176d63554c620fc42195cd03dbdcf371351fde90bf4ccfb6f2362373d8cf283190b67b0d3e8f3fb1604955749f779ba8fd47473f23b8e81bccd82ba663
Malware Config
Signatures
-
XLoader Payload 3 IoCs
Processes:
resource yara_rule /data/user/0/oss.epbbyl.enul.tf.pidj/files/d family_xloader_apk /data/user/0/oss.epbbyl.enul.tf.pidj/files/d family_xloader_apk /data/user/0/oss.epbbyl.enul.tf.pidj/files/d family_xloader_apk -
XLoader, MoqHao
An Android banker and info stealer.
-
Loads dropped Dex/Jar 2 IoCs
Runs executable file dropped to the device during analysis.
Processes:
oss.epbbyl.enul.tf.pidjioc pid process /data/user/0/oss.epbbyl.enul.tf.pidj/files/d 4897 oss.epbbyl.enul.tf.pidj /data/user/0/oss.epbbyl.enul.tf.pidj/files/d 4897 oss.epbbyl.enul.tf.pidj -
Uses reflection 2 IoCs
Processes:
oss.epbbyl.enul.tf.pidjdescription pid process Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE 4897 oss.epbbyl.enul.tf.pidj Invokes method android.telephony.SignalStrength.getLevel 4897 oss.epbbyl.enul.tf.pidj
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/user/0/oss.epbbyl.enul.tf.pidj/files/dMD5
d7f0257d31574b862af05971f883fae0
SHA1252b1b03017de80d8fd70907cda39ce2bfadaddc
SHA256765119852dc93c3a5d397cbaa167ac148856dba9773062626ed4aeb9674f860c
SHA5123a53daaa693c0ee6904d737850d490a40035454931cebdbba865cefcd97df58e0c72e2ac33bbd4c1445f5d056193e81f113c0862d93acecbe74a0bcaa362eac5
-
/data/user/0/oss.epbbyl.enul.tf.pidj/files/dMD5
6a30bf28c979768882279759a89b8ab3
SHA1feea03b8bf5f9f14b5c012a8d9994df885733982
SHA25651642ad2aac7102abfa15696dd00b778d9994ca696da29d5c92d8a15300255a2
SHA51256dc008fbeccdf815e7ff35261ab9d78732a1ee3461e9045c7f30aa01accd81e432e0a4315a42cc4c689d560cb155f28ccb94cfc67e6a89d4a4be9604ec004ae
-
/data/user/0/oss.epbbyl.enul.tf.pidj/files/dMD5
d7f0257d31574b862af05971f883fae0
SHA1252b1b03017de80d8fd70907cda39ce2bfadaddc
SHA256765119852dc93c3a5d397cbaa167ac148856dba9773062626ed4aeb9674f860c
SHA5123a53daaa693c0ee6904d737850d490a40035454931cebdbba865cefcd97df58e0c72e2ac33bbd4c1445f5d056193e81f113c0862d93acecbe74a0bcaa362eac5
-
/data/user/0/oss.epbbyl.enul.tf.pidj/files/d.x86.flockMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
/data/user/0/oss.epbbyl.enul.tf.pidj/files/oat/d.cur.profMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
/data/user/0/oss.epbbyl.enul.tf.pidj/shared_prefs/pref.xmlMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
/data/user/0/oss.epbbyl.enul.tf.pidj/shared_prefs/pref.xmlMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e