Overview

overview

10

Static

static

7

vlenqvvcpm.apk

android_x86

10

Analysis

  • max time kernel
    3548696s
  • max time network
    599s
  • platform
    android_x86
  • resource
    android-x86-arm-20220621-en
  • submitted
    06-07-2022 12:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    vlenqvvcpm.apk

  • Size

    510KB

  • MD5

    2e7acc13e9a9911cb5dd4057c5f0c343

  • SHA1

    293165e4734e4a7dfcac8887034526a0733eeefd

  • SHA256

    83ba2b1c0352ea9988edeb608abf2c037b1f30482bbc05c3ae79265bab7a44c9

  • SHA512

    7888e1f72d718683fb41221e1345e582def560e307dcc2354bedef420d20ecbc0ba40b147e6452c8ef39426b053b7232bd381d40866757ad16f99e65f82fd3ef

Score
10/10
xloader_apkbankerroyalmailinfostealerphishingransomwaretrojan

Malware Config

Signatures

  • Detected royalmail phishing page
    phishingroyalmail
  • XLoader Payload 3 IoCs
  • XLoader, MoqHao

    An Android banker and info stealer.

    trojaninfostealerbankerxloader_apk
  • Acquires the wake lock. 1 IoCs
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Reads information about phone network operator.
  • Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
    ransomware

Processes

  • zfi.kkvwej.cby.hpyz
    1⤵
    • Acquires the wake lock.
    • Loads dropped Dex/Jar
    • Uses Crypto APIs (Might try to encrypt user data).
    PID:4045

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/zfi.kkvwej.cby.hpyz/files/b
    Filesize

    508KB

    MD5

    c630f2f2e68b7780adb917cb1ecc9943

    SHA1

    cc1fbf1d6f9ffe19136f35f6e1437e9de02a9380

    SHA256

    0c7b7b25177b785cdef73fe2c2df9782d8c1e6e4988045115e4689a33a06432e

    SHA512

    b253e517b640d0f2d355d70402404e291e1e6f8154a635fc0eb0b2e797c11a237e525a4957555b5ba13af120576286ec6b0cac183609fe4e61d38882e4fefa93

    Download Submit
  • /data/user/0/zfi.kkvwej.cby.hpyz/files/b
    Filesize

    508KB

    MD5

    c630f2f2e68b7780adb917cb1ecc9943

    SHA1

    cc1fbf1d6f9ffe19136f35f6e1437e9de02a9380

    SHA256

    0c7b7b25177b785cdef73fe2c2df9782d8c1e6e4988045115e4689a33a06432e

    SHA512

    b253e517b640d0f2d355d70402404e291e1e6f8154a635fc0eb0b2e797c11a237e525a4957555b5ba13af120576286ec6b0cac183609fe4e61d38882e4fefa93

    Download Submit
  • /data/user/0/zfi.kkvwej.cby.hpyz/files/b
    Filesize

    508KB

    MD5

    c630f2f2e68b7780adb917cb1ecc9943

    SHA1

    cc1fbf1d6f9ffe19136f35f6e1437e9de02a9380

    SHA256

    0c7b7b25177b785cdef73fe2c2df9782d8c1e6e4988045115e4689a33a06432e

    SHA512

    b253e517b640d0f2d355d70402404e291e1e6f8154a635fc0eb0b2e797c11a237e525a4957555b5ba13af120576286ec6b0cac183609fe4e61d38882e4fefa93

    Download Submit
  • /data/user/0/zfi.kkvwej.cby.hpyz/files/b.x86.flock
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    Download Submit
  • /data/user/0/zfi.kkvwej.cby.hpyz/files/oat/b.cur.prof
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    Download Submit
  • /storage/emulated/0/.msg_device_id.txt
    Filesize

    36B

    MD5

    2ace02eea4a6211ccacee049116814cd

    SHA1

    5389b05282b9e2b70754e3c45d77782ab1cdcddb

    SHA256

    7b25656fd853fd2573d1a14b7fe647bc34e36e5b3082220ba674e62c6394f187

    SHA512

    d54d447179dc23edf79e91bd9298202bdbfc1e1f48aefd9d184d8db625f831bfd36ca86e175ccc37bb1676d59f4f231199d5d1712b89f0767e98b070656e5aa5

    Download Submit