General

  • Target

    8023846d6c00b3be67e1c190a067f0de824b39e503702821854b5132558a4f28.bin

  • Size

    360KB

  • Sample

    240310-11h8zscg68

  • MD5

    ced9a1e51cf95c4be785199dd917cf23

  • SHA1

    007e5872e2f112901a3ba3e08cf737d232fadaca

  • SHA256

    8023846d6c00b3be67e1c190a067f0de824b39e503702821854b5132558a4f28

  • SHA512

    b928dfc3e982b3ce4fc486c122ee278f15ad0d96259e60d5a04e14bf69fae6c2862c4dc1262c31fc5932e5a3c4eb12d71245c55f83269f84c67af149f33bdb8f

  • SSDEEP

    6144:OzDCNKKFT3OC0bWZbsrHAhDAn0OMybYrotA2aKzsof2cxi72IMqByRKOhr/Vx0ee:eDCNKq0as0Ohbcoe2zLI2IMqROVt+Th

Malware Config

Extracted

Family

xloader_apk

AES_key

Targets

    • Target

      8023846d6c00b3be67e1c190a067f0de824b39e503702821854b5132558a4f28.bin

    • Size

      360KB

    • MD5

      ced9a1e51cf95c4be785199dd917cf23

    • SHA1

      007e5872e2f112901a3ba3e08cf737d232fadaca

    • SHA256

      8023846d6c00b3be67e1c190a067f0de824b39e503702821854b5132558a4f28

    • SHA512

      b928dfc3e982b3ce4fc486c122ee278f15ad0d96259e60d5a04e14bf69fae6c2862c4dc1262c31fc5932e5a3c4eb12d71245c55f83269f84c67af149f33bdb8f

    • SSDEEP

      6144:OzDCNKKFT3OC0bWZbsrHAhDAn0OMybYrotA2aKzsof2cxi72IMqByRKOhr/Vx0ee:eDCNKq0as0Ohbcoe2zLI2IMqROVt+Th

    • XLoader payload

    • XLoader, MoqHao

      An Android banker and info stealer.

    • Removes its main activity from the application launcher

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Reads the content of the MMS message.

    • Tries to add a device administrator.

    • Acquires the wake lock

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

MITRE ATT&CK Mobile v15

Tasks