xloader_apk | 861d1372c10d2696d07c13b796fa89ac7a4251d3e0e3071a7bb8e1ea4652f746 | Triage

Submit
Reports

Overview

overview

Static

static

7

861d1372c1...46.apk

android-11-x64

Resubmissions

21-09-2023 18:52

230921-xjktpshh7x 7

21-09-2023 18:48

230921-xf1qraca38 7

20-09-2023 22:01

230920-1xj14sch82 10

Sharing

General

Target

861d1372c10d2696d07c13b796fa89ac7a4251d3e0e3071a7bb8e1ea4652f746.bin
Size

283KB
Sample

230920-1xj14sch82
MD5

0fd002c57b06fda45e9a008b47385da8
SHA1

d2e225e0d4b74611039c58aa6efe79e4b457d6dc
SHA256

861d1372c10d2696d07c13b796fa89ac7a4251d3e0e3071a7bb8e1ea4652f746
SHA512

b62b01f9f55287883519999036e3600e6318fc8f73ee88285e0d4ea03c7e82b8506c263d5995ce791e0302e99a8c9ab1b31b6f5f6de62e8ed3a981c457e5a704
SSDEEP

6144:xaDTvL4dJdZ9xnSi7xvGCtpAg08Pp/wh7B3U0ZxXME8btHbX+sSrt:OQJ7KUoIpABGp4JBEEBM3bF6Z

Score

10^/10

xloader_apk android banker evasion infostealer ransomware stealth trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

861d1372c10d2696d07c13b796fa89ac7a4251d3e0e3071a7bb8e1ea4652f746.apk

Resource

android-x64-arm64-20230831-en

xloader_apk banker evasion infostealer ransomware stealth trojan

android-11-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

xloader_apk

C2

http://91.204.227.33:28899

DES_key

Targets

- Target
  
  861d1372c10d2696d07c13b796fa89ac7a4251d3e0e3071a7bb8e1ea4652f746.bin
- Size
  
  283KB
- MD5
  
  0fd002c57b06fda45e9a008b47385da8
- SHA1
  
  d2e225e0d4b74611039c58aa6efe79e4b457d6dc
- SHA256
  
  861d1372c10d2696d07c13b796fa89ac7a4251d3e0e3071a7bb8e1ea4652f746
- SHA512
  
  b62b01f9f55287883519999036e3600e6318fc8f73ee88285e0d4ea03c7e82b8506c263d5995ce791e0302e99a8c9ab1b31b6f5f6de62e8ed3a981c457e5a704
- SSDEEP
  
  6144:xaDTvL4dJdZ9xnSi7xvGCtpAg08Pp/wh7B3U0ZxXME8btHbX+sSrt:OQJ7KUoIpABGp4JBEEBM3bF6Z
Score

10^/10

xloader_apk banker evasion infostealer ransomware stealth trojan
- XLoader payload
- XLoader, MoqHao
  An Android banker and info stealer.
  trojan infostealer banker xloader_apk
- Removes its main activity from the application launcher
  stealth trojan
- Acquires the wake lock.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Reads information about phone network operator.
- Requests disabling of battery optimizations (often used to enable hiding in the background).
  evasion
- Uses Crypto APIs (Might try to encrypt user data).
  ransomware
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

xloader_apkbankerevasioninfostealerransomwarestealthtrojan

© 2018-2024

Terms | Privacy