General
-
Target
dcb88fb46c8d030c6f92dff0cd5e4c2f5bdf223070f2596c86a454f1adf00729
-
Size
2.0MB
-
Sample
220315-qe95gadbgr
-
MD5
4043d73d75d220738d77843ff9be0247
-
SHA1
4dcad01a821c3fd994b4b968b9a67c6f75181fcc
-
SHA256
dcb88fb46c8d030c6f92dff0cd5e4c2f5bdf223070f2596c86a454f1adf00729
-
SHA512
d8ed2f6ff17ef048bfb78ce2c9a465a29dcd3f9f4b3e88e36c1c5cb31c588ce08fc27306002b0f5a785d15d486e5838823e8d7a0b3d2f9ad97b6f1f2a485234d
Malware Config
Extracted
xenomorph
simpleyo5.tk
simpleyo5.cf
kart12sec.ga
kart12sec.gq
Extracted
xenomorph
-
PackageNames
com.android.vending
com.google.android.gm
-
URLs
https://homeandofficedeal.com/local/multi/com.android.vending.html
https://homeandofficedeal.com/local/multi/com.google.android.gm.html
Targets
-
-
Target
dcb88fb46c8d030c6f92dff0cd5e4c2f5bdf223070f2596c86a454f1adf00729
-
Size
2.0MB
-
MD5
4043d73d75d220738d77843ff9be0247
-
SHA1
4dcad01a821c3fd994b4b968b9a67c6f75181fcc
-
SHA256
dcb88fb46c8d030c6f92dff0cd5e4c2f5bdf223070f2596c86a454f1adf00729
-
SHA512
d8ed2f6ff17ef048bfb78ce2c9a465a29dcd3f9f4b3e88e36c1c5cb31c588ce08fc27306002b0f5a785d15d486e5838823e8d7a0b3d2f9ad97b6f1f2a485234d
Score10/10-
Xenomorph
Xenomorph is an Android banking trojan that is seemingly tied with AlienBot.
-
Makes use of the framework's Accessibility service.
-
Acquires the wake lock.
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Removes a system notification.
-
Uses Crypto APIs (Might try to encrypt user data).
-