Resubmissions

21-09-2023 18:52

230921-xjktpshh7x 7

21-09-2023 18:48

230921-xf1qraca38 7

20-09-2023 22:01

230920-1xj14sch82 10

General

  • Target

    861d1372c10d2696d07c13b796fa89ac7a4251d3e0e3071a7bb8e1ea4652f746.bin

  • Size

    283KB

  • Sample

    230920-1xj14sch82

  • MD5

    0fd002c57b06fda45e9a008b47385da8

  • SHA1

    d2e225e0d4b74611039c58aa6efe79e4b457d6dc

  • SHA256

    861d1372c10d2696d07c13b796fa89ac7a4251d3e0e3071a7bb8e1ea4652f746

  • SHA512

    b62b01f9f55287883519999036e3600e6318fc8f73ee88285e0d4ea03c7e82b8506c263d5995ce791e0302e99a8c9ab1b31b6f5f6de62e8ed3a981c457e5a704

  • SSDEEP

    6144:xaDTvL4dJdZ9xnSi7xvGCtpAg08Pp/wh7B3U0ZxXME8btHbX+sSrt:OQJ7KUoIpABGp4JBEEBM3bF6Z

Malware Config

Extracted

Family

xloader_apk

C2

http://91.204.227.33:28899

DES_key

Targets

    • Target

      861d1372c10d2696d07c13b796fa89ac7a4251d3e0e3071a7bb8e1ea4652f746.bin

    • Size

      283KB

    • MD5

      0fd002c57b06fda45e9a008b47385da8

    • SHA1

      d2e225e0d4b74611039c58aa6efe79e4b457d6dc

    • SHA256

      861d1372c10d2696d07c13b796fa89ac7a4251d3e0e3071a7bb8e1ea4652f746

    • SHA512

      b62b01f9f55287883519999036e3600e6318fc8f73ee88285e0d4ea03c7e82b8506c263d5995ce791e0302e99a8c9ab1b31b6f5f6de62e8ed3a981c457e5a704

    • SSDEEP

      6144:xaDTvL4dJdZ9xnSi7xvGCtpAg08Pp/wh7B3U0ZxXME8btHbX+sSrt:OQJ7KUoIpABGp4JBEEBM3bF6Z

    • XLoader payload

    • XLoader, MoqHao

      An Android banker and info stealer.

    • Removes its main activity from the application launcher

    • Acquires the wake lock.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Reads information about phone network operator.

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

    • Uses Crypto APIs (Might try to encrypt user data).

MITRE ATT&CK Matrix

Tasks