Overview

overview

10

Static

static

6

2ad7d7b0c1...89.apk

android-9-x86

10

Analysis

  • max time kernel
    3669780s
  • max time network
    132s
  • platform
    android_x86
  • resource
    android-x86-arm-20231215-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
  • submitted
    31/12/2023, 05:55

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2ad7d7b0c1022141e9c3c789c8c5f089.apk

  • Size

    445KB

  • MD5

    2ad7d7b0c1022141e9c3c789c8c5f089

  • SHA1

    c8dfaa89d7186415fc1e00ab152e22326430446e

  • SHA256

    15654b31de9af6e3c344618a08bf597555c2927519557702112d313dba61734f

  • SHA512

    691b0a0c2f9c7e604840213c7b8148110e929bba315b8cc47474019ca0dbec00e0a49412ac602b9cde30bde66d7a0e0a14df9ace333bf056ef60a205c1ad744c

  • SSDEEP

    12288:tKqm0TeWHKn6D7DAEXqyqQnSMey7SQZyn:tKx0TeWqn6D7Duy5g8kn

Score
10/10
xloader_apkbankerinfostealerstealthtrojan

Malware Config

Extracted

Family

xloader_apk

C2

http://91.204.227.39:28844

DES_key

Signatures

  • XLoader payload 2 IoCs
  • XLoader, MoqHao

    An Android banker and info stealer.

    trojaninfostealerbankerxloader_apk
  • Removes its main activity from the application launcher 1 IoCs
    stealthtrojan
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Acquires the wake lock 1 IoCs
  • Reads information about phone network operator.
  • Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes

  • h.yoft.clm
    1⤵
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Acquires the wake lock
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4253

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /data/data/h.yoft.clm/files/d
          Filesize

          454KB

          MD5

          d28e6b862a1aee68793e1b022f18306a

          SHA1

          9044c8b066fc6610bb53b2fe4fec1c8b3e5ae985

          SHA256

          05d35fa20111813c4e3063181b5b90d7f13a03856e6104f1dfc64c735055c76a

          SHA512

          64d6105fc4a17057c184804a6214a99e4f96326af423fa11cd7cc89ea0cd1c9e67e43e91ecbaf8ccea6b3175a05dc1d2a3dd1cbd0830d921dfbfb738ec874526

          Download Submit

        • /data/data/h.yoft.clm/files/oat/d.cur.prof
          Filesize

          1KB

          MD5

          b18bcb16edbc62a52c520c06e20ee7cb

          SHA1

          c9d0fe492b208b84a30afcb9ccf9d6b06ea08367

          SHA256

          4ef83587a465eb285b1d58b0f93c9e7ee02522621ac719b07f1c7b32866a2639

          SHA512

          3370b91fc4ab82b51a5b41840665a51aeda6d21085d1e0dfe258935f17f0b557ddfb5a2a90d8bd4ef56b0f16be3b80321d3f74021778b2cf855235436cb514b6

          Download Submit

        • /storage/emulated/0/.msg_device_id.txt
          Filesize

          36B

          MD5

          d2936811b4733aa5819b04e59cae27ba

          SHA1

          2923007c2a2121aead2376c8a76754749a90405a

          SHA256

          80ee96b7e49c4464769e383042655537c65b3f8a4ef828412efa130d14991e4e

          SHA512

          b6d053e6f3b31cc8689f70c83f45eb85522ca55422cbe938b134f23731c46b15c59fd3c3d9a63dbecbafffb5c331259dc3a2e75fa5f3d34f02f3a08230473b1c

          Download Submit