General

  • Target

    a90703196a163e57f6a7206f53ffa7e0

  • Size

    445KB

  • Sample

    240227-nf634afd56

  • MD5

    a90703196a163e57f6a7206f53ffa7e0

  • SHA1

    fbf180de00c6a8bcf30150e23e158b1121e4f071

  • SHA256

    beed9a28dcd691ffcb9c5d26aa57a6c21bc0f172ac26ef045e304d4828e3d2c7

  • SHA512

    1c3dca98d455e95bfc52c5040a372ddc18ad4f317d80a9e88738ac34aca40b731d80045afbaa08ead84e5e51168549a1938d30fb85671aede7104e14dde44dd2

  • SSDEEP

    12288:ZlUJjy1te+M1SyD7DAEXqyqQnSMey7SQZyq:ZlUJj+rM1SyD7Duy5g8kq

Malware Config

Extracted

Family

xloader_apk

C2

http://91.204.227.39:28844

DES_key

Targets

    • Target

      a90703196a163e57f6a7206f53ffa7e0

    • Size

      445KB

    • MD5

      a90703196a163e57f6a7206f53ffa7e0

    • SHA1

      fbf180de00c6a8bcf30150e23e158b1121e4f071

    • SHA256

      beed9a28dcd691ffcb9c5d26aa57a6c21bc0f172ac26ef045e304d4828e3d2c7

    • SHA512

      1c3dca98d455e95bfc52c5040a372ddc18ad4f317d80a9e88738ac34aca40b731d80045afbaa08ead84e5e51168549a1938d30fb85671aede7104e14dde44dd2

    • SSDEEP

      12288:ZlUJjy1te+M1SyD7DAEXqyqQnSMey7SQZyq:ZlUJj+rM1SyD7Duy5g8kq

    • XLoader payload

    • XLoader, MoqHao

      An Android banker and info stealer.

    • Removes its main activity from the application launcher

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Reads the contacts stored on the device.

    • Reads the content of the MMS message.

    • Acquires the wake lock

    • Reads information about phone network operator.

MITRE ATT&CK Mobile v15

Tasks