Overview

overview

10

Static

static

7

3f66c4095e...d3.apk

android-11-x64

10

Analysis

  • max time kernel
    3523567s
  • max time network
    162s
  • platform
    android_x64
  • resource
    android-x64-arm64-20230621-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20230621-enlocale:en-usos:android-11-x64system
  • submitted
    07/08/2023, 21:59

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    3f66c4095e1943b41aa881e1be34db4f3f338eacfd3cc25794e06bc6d83088d3.apk

  • Size

    283KB

  • MD5

    68a65c7b70c6bc96970a973ee5450415

  • SHA1

    166d6d5cef5a067aa2e96671af5026a42c77b708

  • SHA256

    3f66c4095e1943b41aa881e1be34db4f3f338eacfd3cc25794e06bc6d83088d3

  • SHA512

    950f529165a296475f8c230f0649a5e241503d6b4120b34879444a88c194a3b91905f8c7ac2b6322be9613882b58b0dbf39ffd53b8870f908f906c15e12c5eaf

  • SSDEEP

    6144:Rt4r6F9RtNAOXZ3UAmH9CjNqvbIRh9FCxMcuJz5yu+SiT:RtJjYOdNe9CAOh9FCx3cyuiT

Score
10/10
xloader_apkbankerevasioninfostealerransomwaretrojan

Malware Config

Extracted

Family

xloader_apk

C2

http://91.204.227.39:28844

DES_key

Signatures

  • XLoader payload 2 IoCs
  • XLoader, MoqHao

    An Android banker and info stealer.

    trojaninfostealerbankerxloader_apk
  • Acquires the wake lock. 1 IoCs
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Reads information about phone network operator.
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
    evasion
  • Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
    ransomware

Processes

  • txu.udmaz.mlu.ulrml
    1⤵
    • Acquires the wake lock.
    • Loads dropped Dex/Jar
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Uses Crypto APIs (Might try to encrypt user data).
    PID:4270

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /data/user/0/txu.udmaz.mlu.ulrml/files/b
          Filesize

          505KB

          MD5

          1948f47b3ea40b56b95c2afea1715414

          SHA1

          5c690f45283971be674c6d8a2e54175b0ecf55eb

          SHA256

          55e4054d9045b3a34d808883c387d64cbae6a402ba7551f1c7a19d6b2bcc5ae7

          SHA512

          8f3e40ff08f864901147cd60dd88191b9f792a746f0d923e3fea3a30f1ce951ec984013641b32ce1130b764f3d27974ac1a4a9d281090c8bbbff02808ffeb436

          Download Submit

        • /data/user/0/txu.udmaz.mlu.ulrml/files/b
          Filesize

          505KB

          MD5

          1948f47b3ea40b56b95c2afea1715414

          SHA1

          5c690f45283971be674c6d8a2e54175b0ecf55eb

          SHA256

          55e4054d9045b3a34d808883c387d64cbae6a402ba7551f1c7a19d6b2bcc5ae7

          SHA512

          8f3e40ff08f864901147cd60dd88191b9f792a746f0d923e3fea3a30f1ce951ec984013641b32ce1130b764f3d27974ac1a4a9d281090c8bbbff02808ffeb436

          Download Submit

        • /storage/emulated/0/.msg_device_id.txt
          Filesize

          36B

          MD5

          40f0ef0b6ed28906631dc151d994b61a

          SHA1

          1a68566acfd03c0fc006a9150f196f4a325e8478

          SHA256

          379ae13d7a88450b1fbe55ed4af7b253a5dfe11ac9e43884c12298a4da05b842

          SHA512

          c73e9bbccb73fe6b3103b624d9e9e8f8ae7d37cbbb01f5b9957962a378786839815343d6ab523271dc35c804b4f2d168d8ee589a259e3fcc5bb890a453dfb13f

          Download Submit