Extracted

• • Target

    1588c522940c98aa229e88470b9dbd58d85e79d6a235e7fcc54313a61887650b.bin

  • Size

    283KB

  • MD5

    f9d1fabb4ba2b34fd45e6744c3322d80

  • SHA1

    77f296ea6ac76f42c274aeaa3092cc9ce3c7574b

  • SHA256

    1588c522940c98aa229e88470b9dbd58d85e79d6a235e7fcc54313a61887650b

  • SHA512

    89d7bcef0356c347406f90f7181478b82d8af3d38b269fa3764e3859b58bc2261e0c72b7f121ee452649d12f17769f35ebe2ff9c41200e18230102e1f1eb1398

  • SSDEEP

    6144:ZcpjPKkl4ojRW+eL2GbtK/TgS8R8vVpydyEZGd17o5jnqLAm:8jik9js+eL2ys/Tv8R8vO9aposEm

  Score

  10^/10

  xloader_apkbankerevasioninfostealerransomwaretrojan

  • XLoader payload

  • XLoader, MoqHao

    An Android banker and info stealer.

    trojaninfostealerbankerxloader_apk

  • Acquires the wake lock.

  • Loads dropped Dex/Jar

    Runs executable file dropped to the device during analysis.

  • Reads information about phone network operator.

  • Requests disabling of battery optimizations (often used to enable hiding in the background).

    evasion

  • Uses Crypto APIs (Might try to encrypt user data).

    ransomware
  behavioral1