General
-
Target
2877b27f1b6c7db466351618dda4f05d6a15e9a26028f3fc064fa144ec3a1850
-
Size
2.4MB
-
Sample
220320-2e69csgffl
-
MD5
e39505e65aec6835f680c902e1c8f7d8
-
SHA1
8b2984b8838067903ee3ff95d8a6823106216296
-
SHA256
2877b27f1b6c7db466351618dda4f05d6a15e9a26028f3fc064fa144ec3a1850
-
SHA512
19911ed73419450a03ad541f7164a5db05a93e2c63d894ab79fdc50409d77696bdc203155640361d5f12de1929f234d5b2da84ebf4c59306876d725221310887
Static task
static1
Behavioral task
behavioral1
Sample
2877b27f1b6c7db466351618dda4f05d6a15e9a26028f3fc064fa144ec3a1850.apk
Resource
android-x64-arm64-20220310-en
Malware Config
Extracted
xenomorph
simpleyo5.tk
simpleyo5.cf
kart12sec.ga
kart12sec.gq
Extracted
xenomorph
-
PackageNames
com.android.vending
com.google.android.gm
-
URLs
https://homeandofficedeal.com/local/multi/com.android.vending.html
https://homeandofficedeal.com/local/multi/com.google.android.gm.html
Targets
-
-
Target
2877b27f1b6c7db466351618dda4f05d6a15e9a26028f3fc064fa144ec3a1850
-
Size
2.4MB
-
MD5
e39505e65aec6835f680c902e1c8f7d8
-
SHA1
8b2984b8838067903ee3ff95d8a6823106216296
-
SHA256
2877b27f1b6c7db466351618dda4f05d6a15e9a26028f3fc064fa144ec3a1850
-
SHA512
19911ed73419450a03ad541f7164a5db05a93e2c63d894ab79fdc50409d77696bdc203155640361d5f12de1929f234d5b2da84ebf4c59306876d725221310887
Score10/10-
Xenomorph
Xenomorph is an Android banking trojan that is seemingly tied with AlienBot.
-
Makes use of the framework's Accessibility service.
-
Acquires the wake lock.
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Uses Crypto APIs (Might try to encrypt user data).
-