Overview

overview

10

Static

static

7

861d1372c1...46.apk

android-11-x64

10

Resubmissions

21-09-2023 18:52

230921-xjktpshh7x 7

21-09-2023 18:48

230921-xf1qraca38 7

20-09-2023 22:01

230920-1xj14sch82 10

Analysis

  • max time kernel
    3030436s
  • max time network
    161s
  • platform
    android_x64
  • resource
    android-x64-arm64-20230831-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20230831-enlocale:en-usos:android-11-x64system
  • submitted
    20-09-2023 22:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    861d1372c10d2696d07c13b796fa89ac7a4251d3e0e3071a7bb8e1ea4652f746.apk

  • Size

    283KB

  • MD5

    0fd002c57b06fda45e9a008b47385da8

  • SHA1

    d2e225e0d4b74611039c58aa6efe79e4b457d6dc

  • SHA256

    861d1372c10d2696d07c13b796fa89ac7a4251d3e0e3071a7bb8e1ea4652f746

  • SHA512

    b62b01f9f55287883519999036e3600e6318fc8f73ee88285e0d4ea03c7e82b8506c263d5995ce791e0302e99a8c9ab1b31b6f5f6de62e8ed3a981c457e5a704

  • SSDEEP

    6144:xaDTvL4dJdZ9xnSi7xvGCtpAg08Pp/wh7B3U0ZxXME8btHbX+sSrt:OQJ7KUoIpABGp4JBEEBM3bF6Z

Score
10/10
xloader_apkbankerevasioninfostealerransomwarestealthtrojan

Malware Config

Extracted

Family

xloader_apk

C2

http://91.204.227.33:28899

DES_key

Signatures

  • XLoader payload 2 IoCs
  • XLoader, MoqHao

    An Android banker and info stealer.

    trojaninfostealerbankerxloader_apk
  • Removes its main activity from the application launcher 1 IoCs
    stealthtrojan
  • Acquires the wake lock. 1 IoCs
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Reads information about phone network operator.
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
    evasion
  • Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
    ransomware

Processes

  • xmzyo.wkls.zcav.drmqdz
    1⤵
    • Removes its main activity from the application launcher
    • Acquires the wake lock.
    • Loads dropped Dex/Jar
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Uses Crypto APIs (Might try to encrypt user data).
    PID:4512

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/xmzyo.wkls.zcav.drmqdz/files/b
    Filesize

    505KB

    MD5

    37084c92cb78f08298b4ff2d5f7a78c6

    SHA1

    3b59865fc0d10f16b7705bc51af7ca1cf948441a

    SHA256

    8ee144a6930c4e868acd384c31785ba5dd3b45e5dda85acf99179732ca56c4de

    SHA512

    5f0007e0821ce1c9156733cc74b92eaa0f9fc3e853362986bb93d04c83a829625d21a09db225d26a4d6ff0bd0b75aad220b172b50ff0b8aa750c50642dee83d6

    Download Submit

  • /data/user/0/xmzyo.wkls.zcav.drmqdz/files/b
    Filesize

    505KB

    MD5

    37084c92cb78f08298b4ff2d5f7a78c6

    SHA1

    3b59865fc0d10f16b7705bc51af7ca1cf948441a

    SHA256

    8ee144a6930c4e868acd384c31785ba5dd3b45e5dda85acf99179732ca56c4de

    SHA512

    5f0007e0821ce1c9156733cc74b92eaa0f9fc3e853362986bb93d04c83a829625d21a09db225d26a4d6ff0bd0b75aad220b172b50ff0b8aa750c50642dee83d6

    Download Submit

  • /data/user/0/xmzyo.wkls.zcav.drmqdz/files/oat/b.cur.prof
    Filesize

    907B

    MD5

    987b2a3febe09683831ac8f5f02ac17d

    SHA1

    60df5539a1f9367a23750122fcd4ad02d12ab227

    SHA256

    f307170af0f76a7ae8b89e64d0b6d0a0549e8780358f8e1d28591a2d1c3fd1f6

    SHA512

    d474d070ad2aeb5dbf9621b7f923e0b7ae37c06bc8144a5697e9760747a963b3bfa11ff54faa32bb9900e6fe180b568bb663926b49f8736648523404bc54fa00

    Download Submit

  • /storage/emulated/0/.msg_device_id.txt
    Filesize

    36B

    MD5

    507ef8be6d7ede7272621f59285ef099

    SHA1

    43a66013b186a3fc50f3d9bfcb8ae6994d588774

    SHA256

    3292dbfd822da268c996f9bd4d92c7901f5754813c824be7b5849a70966e82c7

    SHA512

    fdf0ef0f3f864ced51ee30f1fb5b87d4769a27c0f46a5917029b1d1ef477d41c34f596899bfb5de8f35b04a565d004721bae7c0c3daba5389230343b989124a4

    Download Submit