General
-
Target
6af8683c314fd060631e4789b7a793e73d209d87918f3112e8903a090940237d
-
Size
1.9MB
-
Sample
220315-qe9tpsbec4
-
MD5
1a5d505ba25689bfe85b14b47072141b
-
SHA1
cf86ffaec68c120b6b38e9bc90b0a910f1a4a207
-
SHA256
6af8683c314fd060631e4789b7a793e73d209d87918f3112e8903a090940237d
-
SHA512
76a932dca1d74ac1963cd9d7726258e13d0cf8c4e1ff567fafec22184d35d65e0c43a97609651f4e4b048c76b011474bf80667ab3c704c4478736c8b87271108
Malware Config
Extracted
xenomorph
simpleyo5.tk
simpleyo5.cf
kart12sec.ga
kart12sec.gq
Extracted
xenomorph
-
PackageNames
com.android.vending
com.google.android.gm
-
URLs
https://homeandofficedeal.com/local/multi/com.android.vending.html
https://homeandofficedeal.com/local/multi/com.google.android.gm.html
Targets
-
-
Target
6af8683c314fd060631e4789b7a793e73d209d87918f3112e8903a090940237d
-
Size
1.9MB
-
MD5
1a5d505ba25689bfe85b14b47072141b
-
SHA1
cf86ffaec68c120b6b38e9bc90b0a910f1a4a207
-
SHA256
6af8683c314fd060631e4789b7a793e73d209d87918f3112e8903a090940237d
-
SHA512
76a932dca1d74ac1963cd9d7726258e13d0cf8c4e1ff567fafec22184d35d65e0c43a97609651f4e4b048c76b011474bf80667ab3c704c4478736c8b87271108
Score10/10-
Xenomorph
Xenomorph is an Android banking trojan that is seemingly tied with AlienBot.
-
Makes use of the framework's Accessibility service.
-
Acquires the wake lock.
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Removes a system notification.
-
Uses Crypto APIs (Might try to encrypt user data).
-