General

  • Target

    77e48aa91c679c794a08773b918519b19593d69509665137805656fd0f890869.bin

  • Size

    360KB

  • Sample

    240208-14648add85

  • MD5

    b934428dbbbb255287c76a4c5c90a20e

  • SHA1

    b4f7807d7d40c31d6caf6b5877827c53b823eb5a

  • SHA256

    77e48aa91c679c794a08773b918519b19593d69509665137805656fd0f890869

  • SHA512

    39a21128555be4ab79cb8c9e7833d5ce28d0cf5e5c4e68ddfbd40be31b4e44f1996040ead5b809cfd3991c3fcfd88b6ec9c292a99bc3cfb80b5c5e912c006e44

  • SSDEEP

    6144:vF2c2DoXkIU8ri4u0RZTP3eIVAEDNMfkLWzEcHyB+YdekRPNtAU/P51Ac73IvD38:dUDoXkIUtdYTPrvNBcfYd1Ntf1/0L3i/

Malware Config

Extracted

Family

xloader_apk

AES_key

Targets

    • Target

      77e48aa91c679c794a08773b918519b19593d69509665137805656fd0f890869.bin

    • Size

      360KB

    • MD5

      b934428dbbbb255287c76a4c5c90a20e

    • SHA1

      b4f7807d7d40c31d6caf6b5877827c53b823eb5a

    • SHA256

      77e48aa91c679c794a08773b918519b19593d69509665137805656fd0f890869

    • SHA512

      39a21128555be4ab79cb8c9e7833d5ce28d0cf5e5c4e68ddfbd40be31b4e44f1996040ead5b809cfd3991c3fcfd88b6ec9c292a99bc3cfb80b5c5e912c006e44

    • SSDEEP

      6144:vF2c2DoXkIU8ri4u0RZTP3eIVAEDNMfkLWzEcHyB+YdekRPNtAU/P51Ac73IvD38:dUDoXkIUtdYTPrvNBcfYd1Ntf1/0L3i/

    • XLoader payload

    • XLoader, MoqHao

      An Android banker and info stealer.

    • Removes its main activity from the application launcher

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Tries to add a device administrator.

    • Acquires the wake lock

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

MITRE ATT&CK Matrix

Tasks