General

  • Target

    9cdc5049d4ddfff6a1877a1aeae024ae

  • Size

    445KB

  • Sample

    240215-d84tbsgc85

  • MD5

    9cdc5049d4ddfff6a1877a1aeae024ae

  • SHA1

    49378eb3148f9c990bce4065b48863d45b05ad31

  • SHA256

    c589766f1573135a977bc4e8c3f7479b1dfff59f6bea8fa2586d2d4e65ca66d1

  • SHA512

    3d1d706f07b0f014a78cccebcf706d7624c89ec852a25de513a4ff5018c8b0d2ca87077969c806f05976009891c70bc62c8b1031330a0a8c2171c1fe7d1f390a

  • SSDEEP

    6144:tXcitzOUQYSc9R1P43DG/gm5C7XrXDDUEW+3qyqPoQ+8QVbSda8lysdWINQZoFSS:tX7UU7RGxD7DAEXqyqQnSMey7SQZyz

Malware Config

Extracted

Family

xloader_apk

C2

http://91.204.227.39:28844

DES_key

Targets

    • Target

      9cdc5049d4ddfff6a1877a1aeae024ae

    • Size

      445KB

    • MD5

      9cdc5049d4ddfff6a1877a1aeae024ae

    • SHA1

      49378eb3148f9c990bce4065b48863d45b05ad31

    • SHA256

      c589766f1573135a977bc4e8c3f7479b1dfff59f6bea8fa2586d2d4e65ca66d1

    • SHA512

      3d1d706f07b0f014a78cccebcf706d7624c89ec852a25de513a4ff5018c8b0d2ca87077969c806f05976009891c70bc62c8b1031330a0a8c2171c1fe7d1f390a

    • SSDEEP

      6144:tXcitzOUQYSc9R1P43DG/gm5C7XrXDDUEW+3qyqPoQ+8QVbSda8lysdWINQZoFSS:tX7UU7RGxD7DAEXqyqQnSMey7SQZyz

    • XLoader payload

    • XLoader, MoqHao

      An Android banker and info stealer.

    • Removes its main activity from the application launcher

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Acquires the wake lock

    • Reads information about phone network operator.

MITRE ATT&CK Matrix

Tasks