General

  • Target

    b5b566efa8a1e45b358be742f196f9f6d61c8037e717f8267a4a868802ecdf80.bin

  • Size

    360KB

  • Sample

    240310-11hx8acg66

  • MD5

    df7a1b23c9ed888c9963fbd94b3b0d69

  • SHA1

    26e98c68697d07be88b4e08516769dc7fcd97755

  • SHA256

    b5b566efa8a1e45b358be742f196f9f6d61c8037e717f8267a4a868802ecdf80

  • SHA512

    4132bb19184dcffb8a9dc92d6de8d71b55fb3f1b2331d5a4eabd4140eb669591b7eb9123eee97cb5296870dcbf3913d83779253f01ce6283e13766ed2b299140

  • SSDEEP

    6144:0iCiC7P8C486k/8YQ6pMdSARWBlii5cJCbU74Nmrblor9KGHHLv8H:/Cnz8C/h/8Qe/WBwi5cwMrblKH78H

Malware Config

Extracted

Family

xloader_apk

AES_key

Targets

    • Target

      b5b566efa8a1e45b358be742f196f9f6d61c8037e717f8267a4a868802ecdf80.bin

    • Size

      360KB

    • MD5

      df7a1b23c9ed888c9963fbd94b3b0d69

    • SHA1

      26e98c68697d07be88b4e08516769dc7fcd97755

    • SHA256

      b5b566efa8a1e45b358be742f196f9f6d61c8037e717f8267a4a868802ecdf80

    • SHA512

      4132bb19184dcffb8a9dc92d6de8d71b55fb3f1b2331d5a4eabd4140eb669591b7eb9123eee97cb5296870dcbf3913d83779253f01ce6283e13766ed2b299140

    • SSDEEP

      6144:0iCiC7P8C486k/8YQ6pMdSARWBlii5cJCbU74Nmrblor9KGHHLv8H:/Cnz8C/h/8Qe/WBwi5cwMrblKH78H

    • XLoader payload

    • XLoader, MoqHao

      An Android banker and info stealer.

    • Removes its main activity from the application launcher

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Reads the content of the MMS message.

    • Tries to add a device administrator.

    • Acquires the wake lock

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

MITRE ATT&CK Mobile v15

Tasks