General

  • Target

    d5b1af21de4169965ae61c5ea35f51e5fe599609034ebc731fa9e4c37fd49e03.bin

  • Size

    364KB

  • Sample

    240208-146hpabg9x

  • MD5

    c14f6ed6f39dbba16cd9d8b3de21a24c

  • SHA1

    752716a7384b069334f767566d229b8e92119e2d

  • SHA256

    d5b1af21de4169965ae61c5ea35f51e5fe599609034ebc731fa9e4c37fd49e03

  • SHA512

    4d2c600ecf1da86d733381215d69f42fc5c20e742fef03e41149dd7a1f0b7f3fb9800360f229ad7461c1def1e6c3b34d4c4e2330daf588ab4392923473b14561

  • SSDEEP

    6144:fV9RNptPJ3UkhInSSpCruz7npcv5CRbC/G53Mt1dc6J+LteIPrNaTmp3Nxfu1Hbn:fV9pRJ3Uh+az76v5CIs8tjc6J+Ltbyim

Malware Config

Extracted

Family

xloader_apk

AES_key

Targets

    • Target

      d5b1af21de4169965ae61c5ea35f51e5fe599609034ebc731fa9e4c37fd49e03.bin

    • Size

      364KB

    • MD5

      c14f6ed6f39dbba16cd9d8b3de21a24c

    • SHA1

      752716a7384b069334f767566d229b8e92119e2d

    • SHA256

      d5b1af21de4169965ae61c5ea35f51e5fe599609034ebc731fa9e4c37fd49e03

    • SHA512

      4d2c600ecf1da86d733381215d69f42fc5c20e742fef03e41149dd7a1f0b7f3fb9800360f229ad7461c1def1e6c3b34d4c4e2330daf588ab4392923473b14561

    • SSDEEP

      6144:fV9RNptPJ3UkhInSSpCruz7npcv5CRbC/G53Mt1dc6J+LteIPrNaTmp3Nxfu1Hbn:fV9pRJ3Uh+az76v5CIs8tjc6J+Ltbyim

    • XLoader payload

    • XLoader, MoqHao

      An Android banker and info stealer.

    • Removes its main activity from the application launcher

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Tries to add a device administrator.

    • Acquires the wake lock

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

MITRE ATT&CK Matrix

Tasks