xloader_apk | 4ff47c3193d8de98f38199c1beba42f799146cbceaa5a71ddb9a3e908601fcf2 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

7

4ff47c3193...f2.apk

android-11-x64

Resubmissions

19/08/2023, 08:07

230819-jz7rhsge85 7

19/08/2023, 08:07

230819-jzy5daab3w 7

17/08/2023, 22:00

230817-1wm2dafd5y 10

Sharing

General

Target

4ff47c3193d8de98f38199c1beba42f799146cbceaa5a71ddb9a3e908601fcf2.bin
Size

282KB
Sample

230817-1wm2dafd5y
MD5

1df97962d03b5e4c188f50daf2b17e6f
SHA1

13af3bb01080c05449c895ac900079e837d34711
SHA256

4ff47c3193d8de98f38199c1beba42f799146cbceaa5a71ddb9a3e908601fcf2
SHA512

41368a9f8c448818b634182cc487b06fdb9c619cccf5a5aefa5745b302f58c23170b495fdeb48794c749c257014ecebdd392c946a7df8cf72c7814a355d95d6f
SSDEEP

6144:0wPZaBXwy+eQ1lSsxMTx3sB09ptgPU/vvrFUt+d68P65sv/DLE7yVLQ4:0sZuXwyN4jMd8B0PtgSvRrHP102Vf

Score

10^/10

xloader_apk android banker evasion infostealer ransomware trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

4ff47c3193d8de98f38199c1beba42f799146cbceaa5a71ddb9a3e908601fcf2.apk

Resource

android-x64-arm64-20230621-en

xloader_apk banker evasion infostealer ransomware trojan

android-11-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

xloader_apk

C2

http://91.204.227.33:28899

DES_key

Targets

- Target
  
  4ff47c3193d8de98f38199c1beba42f799146cbceaa5a71ddb9a3e908601fcf2.bin
- Size
  
  282KB
- MD5
  
  1df97962d03b5e4c188f50daf2b17e6f
- SHA1
  
  13af3bb01080c05449c895ac900079e837d34711
- SHA256
  
  4ff47c3193d8de98f38199c1beba42f799146cbceaa5a71ddb9a3e908601fcf2
- SHA512
  
  41368a9f8c448818b634182cc487b06fdb9c619cccf5a5aefa5745b302f58c23170b495fdeb48794c749c257014ecebdd392c946a7df8cf72c7814a355d95d6f
- SSDEEP
  
  6144:0wPZaBXwy+eQ1lSsxMTx3sB09ptgPU/vvrFUt+d68P65sv/DLE7yVLQ4:0sZuXwyN4jMd8B0PtgSvRrHP102Vf
Score

10^/10

xloader_apk banker evasion infostealer ransomware trojan
- XLoader payload
- XLoader, MoqHao
  An Android banker and info stealer.
  trojan infostealer banker xloader_apk
- Acquires the wake lock.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Reads information about phone network operator.
- Requests disabling of battery optimizations (often used to enable hiding in the background).
  evasion
- Uses Crypto APIs (Might try to encrypt user data).
  ransomware
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

xloader_apkbankerevasioninfostealerransomwaretrojan

© 2018-2025

Terms | Privacy