General

  • Target

    a1d0e40d01723eabba7bfccdaf0339ae

  • Size

    445KB

  • Sample

    240224-n5a2ysba22

  • MD5

    a1d0e40d01723eabba7bfccdaf0339ae

  • SHA1

    3794506084b8196600cd693a987af7488d18722e

  • SHA256

    662a3944d0249cf1ea8af6e8441b8997c60d575bb25eebafdc5521bef90ef358

  • SHA512

    1db7092b623a62c0ed8c2cc8c9ebfacca676352ea7cb62239bccc903acd9a077b64e22870f7b7d5ea5a987b1c6a9e52df60ce34ba44d572dfa4c622eaf2ca293

  • SSDEEP

    12288:aedpt7w9WhU+HBTeMoVGD7DAEXqyqQnSMey7SQZy6:aedp+QhU+HNjfD7Duy5g8k6

Malware Config

Extracted

Family

xloader_apk

C2

http://91.204.227.39:28844

DES_key

Targets

    • Target

      a1d0e40d01723eabba7bfccdaf0339ae

    • Size

      445KB

    • MD5

      a1d0e40d01723eabba7bfccdaf0339ae

    • SHA1

      3794506084b8196600cd693a987af7488d18722e

    • SHA256

      662a3944d0249cf1ea8af6e8441b8997c60d575bb25eebafdc5521bef90ef358

    • SHA512

      1db7092b623a62c0ed8c2cc8c9ebfacca676352ea7cb62239bccc903acd9a077b64e22870f7b7d5ea5a987b1c6a9e52df60ce34ba44d572dfa4c622eaf2ca293

    • SSDEEP

      12288:aedpt7w9WhU+HBTeMoVGD7DAEXqyqQnSMey7SQZy6:aedp+QhU+HNjfD7Duy5g8k6

    • XLoader payload

    • XLoader, MoqHao

      An Android banker and info stealer.

    • Removes its main activity from the application launcher

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Reads the contacts stored on the device.

    • Reads the content of the MMS message.

    • Acquires the wake lock

MITRE ATT&CK Mobile v15

Tasks