General

  • Target

    d94e9df3682a7f594a556e252a1822714dc99cc2e8087ba4f5fff1dd8df95459.bin

  • Size

    442KB

  • Sample

    240219-1z8ggsed2t

  • MD5

    af2dc5e4387b890b298b07b1e41024be

  • SHA1

    7240912949070a867e5423254d3203c11ad01f0f

  • SHA256

    d94e9df3682a7f594a556e252a1822714dc99cc2e8087ba4f5fff1dd8df95459

  • SHA512

    9066c55c1523c5f40e84a1a4dfd2e172409d5449c99bb3a723134a0ee3239c32989a767104eb0271dedb60953c843bed9fe207a125799c3b60305d44fd20ff29

  • SSDEEP

    12288:olNVjgNC47d2INTG4+g1Luj5Nt/q30zlThgU:qjgN3HX1SjvgOlThX

Malware Config

Extracted

Family

xloader_apk

C2

http://45.114.129.49:28866

DES_key

Targets

    • Target

      d94e9df3682a7f594a556e252a1822714dc99cc2e8087ba4f5fff1dd8df95459.bin

    • Size

      442KB

    • MD5

      af2dc5e4387b890b298b07b1e41024be

    • SHA1

      7240912949070a867e5423254d3203c11ad01f0f

    • SHA256

      d94e9df3682a7f594a556e252a1822714dc99cc2e8087ba4f5fff1dd8df95459

    • SHA512

      9066c55c1523c5f40e84a1a4dfd2e172409d5449c99bb3a723134a0ee3239c32989a767104eb0271dedb60953c843bed9fe207a125799c3b60305d44fd20ff29

    • SSDEEP

      12288:olNVjgNC47d2INTG4+g1Luj5Nt/q30zlThgU:qjgN3HX1SjvgOlThX

    • XLoader payload

    • XLoader, MoqHao

      An Android banker and info stealer.

    • Removes its main activity from the application launcher

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Acquires the wake lock

    • Reads information about phone network operator.

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

MITRE ATT&CK Matrix

Tasks