Analysis
-
max time kernel
149s -
max time network
144s -
platform
android_x86 -
resource
android-x86-arm-20240221-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system -
submitted
17-03-2024 04:25
Static task
static1
Behavioral task
behavioral1
Sample
cfebafeb5c1a62c3495aed8bfda152fc.apk
Resource
android-x86-arm-20240221-en
General
-
Target
cfebafeb5c1a62c3495aed8bfda152fc.apk
-
Size
440KB
-
MD5
cfebafeb5c1a62c3495aed8bfda152fc
-
SHA1
ba4766491d7e28ca5eb1e7d57e6e372f191e0179
-
SHA256
7e484bd8c420cb5a2d924506513c45599109c5329802607ece02345ad5c10456
-
SHA512
55001d54d0c8a39dbfd640caa9f09a57006a7cd0369cf44abbd8c961f78de3f548fa14c485afbb8c27c2794e75acc5070e3c9091fd32442efaf06e4f6461606c
-
SSDEEP
12288:VpfpB9k1zX+w6kx+7IrXRy+kv8em/MRmb:fsGkMIw+ka/MRM
Malware Config
Signatures
-
XLoader payload 2 IoCs
Processes:
resource yara_rule /data/data/waazmb.kvuaig.pih.yru.nn.qsxsi/files/d family_xloader_apk /data/data/waazmb.kvuaig.pih.yru.nn.qsxsi/files/d family_xloader_apk2 -
XLoader, MoqHao
An Android banker and info stealer.
-
Processes:
waazmb.kvuaig.pih.yru.nn.qsxsipid process 4199 waazmb.kvuaig.pih.yru.nn.qsxsi -
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
Processes:
waazmb.kvuaig.pih.yru.nn.qsxsiioc pid process /data/user/0/waazmb.kvuaig.pih.yru.nn.qsxsi/files/d 4199 waazmb.kvuaig.pih.yru.nn.qsxsi /data/user/0/waazmb.kvuaig.pih.yru.nn.qsxsi/files/d 4199 waazmb.kvuaig.pih.yru.nn.qsxsi -
Reads the content of the MMS message. 1 TTPs 1 IoCs
Processes:
waazmb.kvuaig.pih.yru.nn.qsxsidescription ioc process URI accessed for read content://mms/ waazmb.kvuaig.pih.yru.nn.qsxsi -
Acquires the wake lock 1 IoCs
Processes:
waazmb.kvuaig.pih.yru.nn.qsxsidescription ioc process Framework service call android.os.IPowerManager.acquireWakeLock waazmb.kvuaig.pih.yru.nn.qsxsi
Processes
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
453KB
MD5487c677e4bcf7ee31f810f456961f587
SHA1b43794fef7a02d1014407331a7e99181380f947a
SHA25698b5fcaccd6062ad1f2fe8f5dfe31d1b6773027f56951cc541432775e4dc15ed
SHA512ad8f589e9a0846999881b435a8c69c913fa4efb7a1d9b0144b509da2e5c69a15b83f0d08ca7bf3935293c209d27a163f7c60ac81c055c21a64e3fd1406182b6e
-
Filesize
788B
MD51f3f79d5e628dbc63c4b5ed2cae52346
SHA10999d3533355621853580db7e4a796c13636eafb
SHA256d8fce3061e9c239c7106bfde78404b9736dd5aa27fec3b08053e07c9df8d3773
SHA512acff8a50605be5aa14896fb9f1f2ab7388c55cc797da8b522b5bb65c7caac62b713f4833f884e1d3be2783ca404742c07e020080e1c50740d90741293e7e6669