General

  • Size

    510KB

  • Sample

    220706-pm7tmscgcp

  • MD5

    2e7acc13e9a9911cb5dd4057c5f0c343

  • SHA1

    293165e4734e4a7dfcac8887034526a0733eeefd

  • SHA256

    83ba2b1c0352ea9988edeb608abf2c037b1f30482bbc05c3ae79265bab7a44c9

  • SHA512

    7888e1f72d718683fb41221e1345e582def560e307dcc2354bedef420d20ecbc0ba40b147e6452c8ef39426b053b7232bd381d40866757ad16f99e65f82fd3ef

Malware Config

Targets

    • Target

      vlenqvvcpm.apk

    • Size

      510KB

    • MD5

      2e7acc13e9a9911cb5dd4057c5f0c343

    • SHA1

      293165e4734e4a7dfcac8887034526a0733eeefd

    • SHA256

      83ba2b1c0352ea9988edeb608abf2c037b1f30482bbc05c3ae79265bab7a44c9

    • SHA512

      7888e1f72d718683fb41221e1345e582def560e307dcc2354bedef420d20ecbc0ba40b147e6452c8ef39426b053b7232bd381d40866757ad16f99e65f82fd3ef

    • Detected royalmail phishing page

    • XLoader Payload

    • XLoader, MoqHao

      An Android banker and info stealer.

    • Acquires the wake lock.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Reads information about phone network operator.

    • Uses Crypto APIs (Might try to encrypt user data).

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Discovery

            Execution

              Exfiltration

                Impact

                  Initial Access

                    Lateral Movement

                      Persistence

                        Privilege Escalation