Overview

overview

10

Static

static

6

230dc1092f...93.apk

android-9-x86

10

Analysis

  • max time kernel
    3328910s
  • max time network
    140s
  • platform
    android_x86
  • resource
    android-x86-arm-20231215-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
  • submitted
    31-12-2023 01:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    230dc1092f2db4bedf15cd5abfcfe893.apk

  • Size

    445KB

  • MD5

    230dc1092f2db4bedf15cd5abfcfe893

  • SHA1

    9052b0e2a2186c4151d85b9562a9a33e073c6092

  • SHA256

    624339883e6c717c756176cba1e3b12eaa096a84bbaa93726bce0a748e428afd

  • SHA512

    f24aaa57c09f59f67556dcb38a3740c47cc7abfd50b8074da8bbd5dfd38e7afe9f2af0881b46e7245b9ea8ec295eac6b2b6cad154d6da7a8d89ca7e2e954817d

  • SSDEEP

    12288:YWUv8psXBnCTAte+M1SyD7DAEXqyqQnSMey7SQZyZ:YWlpsXpCTArM1SyD7Duy5g8kZ

Score
10/10
xloader_apkbankerinfostealerstealthtrojan

Malware Config

Extracted

Family

xloader_apk

C2

http://91.204.227.39:28844

DES_key

Signatures

  • XLoader payload 2 IoCs
  • XLoader, MoqHao

    An Android banker and info stealer.

    trojaninfostealerbankerxloader_apk
  • Removes its main activity from the application launcher 1 IoCs
    stealthtrojan
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Acquires the wake lock 1 IoCs
  • Reads information about phone network operator.
  • Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes

  • a.mzjzsf.vjqicl
    1⤵
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Acquires the wake lock
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4246

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/a.mzjzsf.vjqicl/files/d
    Filesize

    454KB

    MD5

    d28e6b862a1aee68793e1b022f18306a

    SHA1

    9044c8b066fc6610bb53b2fe4fec1c8b3e5ae985

    SHA256

    05d35fa20111813c4e3063181b5b90d7f13a03856e6104f1dfc64c735055c76a

    SHA512

    64d6105fc4a17057c184804a6214a99e4f96326af423fa11cd7cc89ea0cd1c9e67e43e91ecbaf8ccea6b3175a05dc1d2a3dd1cbd0830d921dfbfb738ec874526

    Download Submit

  • /data/data/a.mzjzsf.vjqicl/files/oat/d.cur.prof
    Filesize

    988B

    MD5

    d1ba87089f11488975eee231938a6dd5

    SHA1

    31b12e6446d40ff2a7f235c3d19ee87461376b46

    SHA256

    de772e624e0e4c110e22079d7f25c05e07f2ce88698f3b0c191fc8237d8f5391

    SHA512

    004d995ce70805715221826abc0a4783c557456694cca6c68d6b667c84a5a75007757238108295a58d45520cbf20b0484589c9d38d0b69505bd6a62abfc41868

    Download Submit

  • /storage/emulated/0/.msg_device_id.txt
    Filesize

    36B

    MD5

    ab2225d7845dbc1b5676c5f5726d4fbc

    SHA1

    41dc0358948653cf025cb73f080cf1547c9e96c1

    SHA256

    a3b2c1c30abf0186b5e91150bcf0a98202764912fb0ac49105c596535c0dd324

    SHA512

    493b3cc6151b1276c0df66289a955667615d67f992a67172208922f1355ca1adeb332fd0cafa13dd54f4e013655c1f4dbd61b741ec911f5762b494d6f6b2e3b8

    Download Submit