General

  • Target

    9f67df984132114389a91b91343ca2a8

  • Size

    445KB

  • Sample

    240216-eq933ahf56

  • MD5

    9f67df984132114389a91b91343ca2a8

  • SHA1

    b3355955d543e67b910d4c0bc427b74ff105764c

  • SHA256

    25c2b5cbf23c223e845d599c10645234265c8449de3add6055ddacdbba4a1f8e

  • SHA512

    8b7437869601de037cc08d96ccc5bbc934a91dda60609cfd03f1bd1af5b43e7d740ea76e288a5e6e251cd033302f8a842210f52df1fa16c1621c12b48d14fd5a

  • SSDEEP

    12288:xnlTFvEBrM1SyD7DAEXqyqQnSMey7SQZy9:RvE9M1SyD7Duy5g8k9

Malware Config

Extracted

Family

xloader_apk

C2

http://91.204.227.39:28844

DES_key

Targets

    • Target

      9f67df984132114389a91b91343ca2a8

    • Size

      445KB

    • MD5

      9f67df984132114389a91b91343ca2a8

    • SHA1

      b3355955d543e67b910d4c0bc427b74ff105764c

    • SHA256

      25c2b5cbf23c223e845d599c10645234265c8449de3add6055ddacdbba4a1f8e

    • SHA512

      8b7437869601de037cc08d96ccc5bbc934a91dda60609cfd03f1bd1af5b43e7d740ea76e288a5e6e251cd033302f8a842210f52df1fa16c1621c12b48d14fd5a

    • SSDEEP

      12288:xnlTFvEBrM1SyD7DAEXqyqQnSMey7SQZy9:RvE9M1SyD7Duy5g8k9

    • XLoader payload

    • XLoader, MoqHao

      An Android banker and info stealer.

    • Removes its main activity from the application launcher

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Acquires the wake lock

    • Reads information about phone network operator.

MITRE ATT&CK Matrix

Tasks