xloader_apk | 5d3f8e7e845db3f3cd0dff7e0b7125979d9b087edfc6d8a4bfb9879602c5cbdd | Triage

Submit
Reports

Overview

overview

Static

static

7

5d3f8e7e84...dd.apk

android-11-x64

Sharing

Copy URL Twitter E-mail

General

Target

5d3f8e7e845db3f3cd0dff7e0b7125979d9b087edfc6d8a4bfb9879602c5cbdd.bin
Size

283KB
Sample

230825-1y7tkagf9w
MD5

332c27bf469aecb5ccec15d019c23a80
SHA1

e2bc3031376c5f5a4336b5cf177f0116fce847b4
SHA256

5d3f8e7e845db3f3cd0dff7e0b7125979d9b087edfc6d8a4bfb9879602c5cbdd
SHA512

4b32724efd0532a4b9e00149a24cba67518c7b3aa96666b9a3e11bf1c506844ac89770d2d18a260fb20282aa965c9c55869cd79734583ab644ddc59be5cfeb23
SSDEEP

6144:vPZaBXwy+eQ1lSsfTx3sB09ptgPU/vvrFUt+d68P65sv/DLE7yVLQ6Y:nZuXwyN4Bd8B0PtgSvRrHP102VU

Score

10^/10

xloader_apk android banker evasion infostealer ransomware stealth trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

5d3f8e7e845db3f3cd0dff7e0b7125979d9b087edfc6d8a4bfb9879602c5cbdd.apk

Resource

android-x64-arm64-20230824-en

xloader_apk banker evasion infostealer ransomware stealth trojan

android-11-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

xloader_apk

C2

http://91.204.227.33:28899

DES_key

Targets

- Target
  
  5d3f8e7e845db3f3cd0dff7e0b7125979d9b087edfc6d8a4bfb9879602c5cbdd.bin
- Size
  
  283KB
- MD5
  
  332c27bf469aecb5ccec15d019c23a80
- SHA1
  
  e2bc3031376c5f5a4336b5cf177f0116fce847b4
- SHA256
  
  5d3f8e7e845db3f3cd0dff7e0b7125979d9b087edfc6d8a4bfb9879602c5cbdd
- SHA512
  
  4b32724efd0532a4b9e00149a24cba67518c7b3aa96666b9a3e11bf1c506844ac89770d2d18a260fb20282aa965c9c55869cd79734583ab644ddc59be5cfeb23
- SSDEEP
  
  6144:vPZaBXwy+eQ1lSsfTx3sB09ptgPU/vvrFUt+d68P65sv/DLE7yVLQ6Y:nZuXwyN4Bd8B0PtgSvRrHP102VU
Score

10^/10

xloader_apk banker evasion infostealer ransomware stealth trojan
- XLoader payload
- XLoader, MoqHao
  An Android banker and info stealer.
  trojan infostealer banker xloader_apk
- Removes its main activity from the application launcher
  stealth trojan
- Acquires the wake lock.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Reads information about phone network operator.
- Requests disabling of battery optimizations (often used to enable hiding in the background).
  evasion
- Uses Crypto APIs (Might try to encrypt user data).
  ransomware
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

xloader_apkbankerevasioninfostealerransomwarestealthtrojan

© 2018-2025

Terms | Privacy