Overview

overview

10

Static

static

7

4ff47c3193...f2.apk

android-11-x64

10

Resubmissions

19/08/2023, 08:07

230819-jz7rhsge85 7

19/08/2023, 08:07

230819-jzy5daab3w 7

17/08/2023, 22:00

230817-1wm2dafd5y 10

Analysis

  • max time kernel
    92647s
  • max time network
    159s
  • platform
    android_x64
  • resource
    android-x64-arm64-20230621-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20230621-enlocale:en-usos:android-11-x64system
  • submitted
    17/08/2023, 22:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4ff47c3193d8de98f38199c1beba42f799146cbceaa5a71ddb9a3e908601fcf2.apk

  • Size

    282KB

  • MD5

    1df97962d03b5e4c188f50daf2b17e6f

  • SHA1

    13af3bb01080c05449c895ac900079e837d34711

  • SHA256

    4ff47c3193d8de98f38199c1beba42f799146cbceaa5a71ddb9a3e908601fcf2

  • SHA512

    41368a9f8c448818b634182cc487b06fdb9c619cccf5a5aefa5745b302f58c23170b495fdeb48794c749c257014ecebdd392c946a7df8cf72c7814a355d95d6f

  • SSDEEP

    6144:0wPZaBXwy+eQ1lSsxMTx3sB09ptgPU/vvrFUt+d68P65sv/DLE7yVLQ4:0sZuXwyN4jMd8B0PtgSvRrHP102Vf

Score
10/10
xloader_apkbankerevasioninfostealerransomwaretrojan

Malware Config

Extracted

Family

xloader_apk

C2

http://91.204.227.33:28899

DES_key

Signatures

  • XLoader payload 2 IoCs
  • XLoader, MoqHao

    An Android banker and info stealer.

    trojaninfostealerbankerxloader_apk
  • Acquires the wake lock. 1 IoCs
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Reads information about phone network operator.
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
    evasion
  • Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
    ransomware

Processes

  • xdeey.buo.jxjc.ikdih
    1⤵
    • Acquires the wake lock.
    • Loads dropped Dex/Jar
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Uses Crypto APIs (Might try to encrypt user data).
    PID:4312

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/xdeey.buo.jxjc.ikdih/files/b
    Filesize

    505KB

    MD5

    37084c92cb78f08298b4ff2d5f7a78c6

    SHA1

    3b59865fc0d10f16b7705bc51af7ca1cf948441a

    SHA256

    8ee144a6930c4e868acd384c31785ba5dd3b45e5dda85acf99179732ca56c4de

    SHA512

    5f0007e0821ce1c9156733cc74b92eaa0f9fc3e853362986bb93d04c83a829625d21a09db225d26a4d6ff0bd0b75aad220b172b50ff0b8aa750c50642dee83d6

    Download Submit

  • /data/user/0/xdeey.buo.jxjc.ikdih/files/b
    Filesize

    505KB

    MD5

    37084c92cb78f08298b4ff2d5f7a78c6

    SHA1

    3b59865fc0d10f16b7705bc51af7ca1cf948441a

    SHA256

    8ee144a6930c4e868acd384c31785ba5dd3b45e5dda85acf99179732ca56c4de

    SHA512

    5f0007e0821ce1c9156733cc74b92eaa0f9fc3e853362986bb93d04c83a829625d21a09db225d26a4d6ff0bd0b75aad220b172b50ff0b8aa750c50642dee83d6

    Download Submit

  • /storage/emulated/0/.msg_device_id.txt
    Filesize

    36B

    MD5

    f3bb1b332f331a4444b991c6435b0fbd

    SHA1

    9471c178bdc1b1812d28d346faebb44712c204ca

    SHA256

    5f574d1d11737aeeea66ecf28a07e2098e9de7e0d8f95434feacc996a4a100d9

    SHA512

    d882d8cdae21de5d7165e4d4e002a41a1f9c41894b5cc70999d0f7a11ff4354b5c6472a1773a6ef27a3ecc4d32dc51f653d5af618ab87f3130b5ac3ae33e48ce

    Download Submit