General

  • Target

    ce74c920506c6006b18c9cc27a5f7a30b52ee33a57cb22f078b1f6a9979f0603.bin

  • Size

    364KB

  • Sample

    240310-11gp6acg64

  • MD5

    cc15fdd145964cb34fa18aafd8e42fb4

  • SHA1

    f3f75ad89c63e952d184a1e494edd062a1024ee0

  • SHA256

    ce74c920506c6006b18c9cc27a5f7a30b52ee33a57cb22f078b1f6a9979f0603

  • SHA512

    310355ffaed2579333310ac8bfe11f0cbae3988aba16c7063ee89d97b10d32a3912a8d549f3aa42cf0c3315b80c163e4528c9cfadf2db8c0e0fe9890ef8822f3

  • SSDEEP

    6144:sUrevYG99H3c0IL04BOpffusAVQWyDe7VinzWcYpM1vE1hOWppvI0zXhmo5xN6Ay:sfv59XAfsAVQWD7VSG0WpxDhdv4Ay

Malware Config

Extracted

Family

xloader_apk

AES_key

Targets

    • Target

      ce74c920506c6006b18c9cc27a5f7a30b52ee33a57cb22f078b1f6a9979f0603.bin

    • Size

      364KB

    • MD5

      cc15fdd145964cb34fa18aafd8e42fb4

    • SHA1

      f3f75ad89c63e952d184a1e494edd062a1024ee0

    • SHA256

      ce74c920506c6006b18c9cc27a5f7a30b52ee33a57cb22f078b1f6a9979f0603

    • SHA512

      310355ffaed2579333310ac8bfe11f0cbae3988aba16c7063ee89d97b10d32a3912a8d549f3aa42cf0c3315b80c163e4528c9cfadf2db8c0e0fe9890ef8822f3

    • SSDEEP

      6144:sUrevYG99H3c0IL04BOpffusAVQWyDe7VinzWcYpM1vE1hOWppvI0zXhmo5xN6Ay:sfv59XAfsAVQWD7VSG0WpxDhdv4Ay

    • XLoader payload

    • XLoader, MoqHao

      An Android banker and info stealer.

    • Removes its main activity from the application launcher

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Reads the content of the MMS message.

    • Tries to add a device administrator.

    • Acquires the wake lock

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

MITRE ATT&CK Mobile v15

Tasks