General

  • Target

    a1d53e49a5a7d0fc69c69fa354f5abe9

  • Size

    445KB

  • Sample

    240224-n93yjabb53

  • MD5

    a1d53e49a5a7d0fc69c69fa354f5abe9

  • SHA1

    0d06599eba0e1eb94c7e7e16098f1d28e63d7813

  • SHA256

    f99b2ab4ec26b243b57829e67f99cd2c114f0320389859b14a18f3cf9ebc5eb2

  • SHA512

    e6b110ab107d0ced3c59504d00fb043bb8c4ab207c297bec29d4641858e1f634ad5296ace3ab31212a873cee9385e00c42a6ef55569d25f7747e8d2a9c1e4200

  • SSDEEP

    12288:DNXSV9PBD2WzMCte+M1SyD7DAEXqyqQnSMey7SQZyA:5y9PBysMCrM1SyD7Duy5g8kA

Malware Config

Extracted

Family

xloader_apk

C2

http://91.204.227.39:28844

DES_key

Targets

    • Target

      a1d53e49a5a7d0fc69c69fa354f5abe9

    • Size

      445KB

    • MD5

      a1d53e49a5a7d0fc69c69fa354f5abe9

    • SHA1

      0d06599eba0e1eb94c7e7e16098f1d28e63d7813

    • SHA256

      f99b2ab4ec26b243b57829e67f99cd2c114f0320389859b14a18f3cf9ebc5eb2

    • SHA512

      e6b110ab107d0ced3c59504d00fb043bb8c4ab207c297bec29d4641858e1f634ad5296ace3ab31212a873cee9385e00c42a6ef55569d25f7747e8d2a9c1e4200

    • SSDEEP

      12288:DNXSV9PBD2WzMCte+M1SyD7DAEXqyqQnSMey7SQZyA:5y9PBysMCrM1SyD7Duy5g8kA

    • XLoader payload

    • XLoader, MoqHao

      An Android banker and info stealer.

    • Removes its main activity from the application launcher

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Reads the content of the MMS message.

    • Acquires the wake lock

    • Reads information about phone network operator.

MITRE ATT&CK Mobile v15

Tasks