xloader_apk | 8ab3838036c063385a4c34bf90499f1e513ccaf0a3c9f640af5b5a3191421aaa

Analysis

max time kernel
2474987s
max time network
142s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
20/12/2023, 06:16

Target

8ab3838036c063385a4c34bf90499f1e513ccaf0a3c9f640af5b5a3191421aaa.apk
Size

357KB
MD5

a6d710e931f8eb3341c0e0160daeda66
SHA1

aa0e800ec9516365d01b557dab7a68d1c78baac7
SHA256

8ab3838036c063385a4c34bf90499f1e513ccaf0a3c9f640af5b5a3191421aaa
SHA512

253b01a07df55603184e1a5760cf0a1cd38bb360d80e11047ed9a2aeb2aead2ac7c04a45f308dcff011b15ed139c62acd66191eb69138cf6136fb26e2aa0b628
SSDEEP

6144:ZTSY3HRyKolMuoQPvqKlfC39MmIGdIckDdbKGdezt5akMEdAAXMI++sfOL71l:ZL6bqKlC30vdTd0t5IEdA6MIDn1l

Score

10^/10

XLoader payload 2 IoCs

resource	yara_rule
behavioral1/files/fstream-1.dat	family_xloader_apk
behavioral1/files/fstream-1.dat	family_xloader_apk2

XLoader, MoqHao
An Android banker and info stealer.
trojan infostealer banker xloader_apk

Removes its main activity from the application launcher 1 IoCs

pid	Process
4266	lfjntr.pm.yymh.ixf

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/lfjntr.pm.yymh.ixf/files/d	4266	lfjntr.pm.yymh.ixf
/data/user/0/lfjntr.pm.yymh.ixf/files/d	4266	lfjntr.pm.yymh.ixf

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	lfjntr.pm.yymh.ixf

/data/data/lfjntr.pm.yymh.ixf/files/d

Filesize
453KB

MD5
d7f0257d31574b862af05971f883fae0

SHA1
252b1b03017de80d8fd70907cda39ce2bfadaddc

SHA256
765119852dc93c3a5d397cbaa167ac148856dba9773062626ed4aeb9674f860c

SHA512
3a53daaa693c0ee6904d737850d490a40035454931cebdbba865cefcd97df58e0c72e2ac33bbd4c1445f5d056193e81f113c0862d93acecbe74a0bcaa362eac5

Download Submit