General

  • Target

    ad3b1896ffab2827edc5032f3cc170df

  • Size

    445KB

  • Sample

    240229-aqrt9sha5w

  • MD5

    ad3b1896ffab2827edc5032f3cc170df

  • SHA1

    b21f198a45795796ca65aa6ec29c9f84aa9f4167

  • SHA256

    3577c432688e74c30e6cc55cd794684d05f2d4528b992f366ec57f27e847a843

  • SHA512

    eafa4c7e24cea5724e8fe18a8b7ec666ed8fbe406c2de55c521d87df9fef7563fb2e92969358181be1fa5f9166d3cabaec27f506b09faeba1974468b13129445

  • SSDEEP

    12288:1vk12+i3SFLTaD7DAEXqyqQnSMey7SQZy+:ti2+i3SFfaD7Duy5g8k+

Malware Config

Extracted

Family

xloader_apk

C2

http://91.204.227.39:28844

DES_key

Targets

    • Target

      ad3b1896ffab2827edc5032f3cc170df

    • Size

      445KB

    • MD5

      ad3b1896ffab2827edc5032f3cc170df

    • SHA1

      b21f198a45795796ca65aa6ec29c9f84aa9f4167

    • SHA256

      3577c432688e74c30e6cc55cd794684d05f2d4528b992f366ec57f27e847a843

    • SHA512

      eafa4c7e24cea5724e8fe18a8b7ec666ed8fbe406c2de55c521d87df9fef7563fb2e92969358181be1fa5f9166d3cabaec27f506b09faeba1974468b13129445

    • SSDEEP

      12288:1vk12+i3SFLTaD7DAEXqyqQnSMey7SQZy+:ti2+i3SFfaD7Duy5g8k+

    • XLoader payload

    • XLoader, MoqHao

      An Android banker and info stealer.

    • Removes its main activity from the application launcher

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Reads the contacts stored on the device.

    • Reads the content of the MMS message.

    • Acquires the wake lock

    • Reads information about phone network operator.

MITRE ATT&CK Mobile v15

Tasks