Analysis

  • max time kernel
    149s
  • max time network
    144s
  • platform
    android_x86
  • resource
    android-x86-arm-20240221-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
  • submitted
    17-03-2024 04:25

General

  • Target

    cfebafeb5c1a62c3495aed8bfda152fc.apk

  • Size

    440KB

  • MD5

    cfebafeb5c1a62c3495aed8bfda152fc

  • SHA1

    ba4766491d7e28ca5eb1e7d57e6e372f191e0179

  • SHA256

    7e484bd8c420cb5a2d924506513c45599109c5329802607ece02345ad5c10456

  • SHA512

    55001d54d0c8a39dbfd640caa9f09a57006a7cd0369cf44abbd8c961f78de3f548fa14c485afbb8c27c2794e75acc5070e3c9091fd32442efaf06e4f6461606c

  • SSDEEP

    12288:VpfpB9k1zX+w6kx+7IrXRy+kv8em/MRmb:fsGkMIw+ka/MRM

Malware Config

Signatures

  • XLoader payload 2 IoCs
  • XLoader, MoqHao

    An Android banker and info stealer.

  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Reads the content of the MMS message. 1 TTPs 1 IoCs
  • Acquires the wake lock 1 IoCs

Processes

  • waazmb.kvuaig.pih.yru.nn.qsxsi
    1⤵
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Reads the content of the MMS message.
    • Acquires the wake lock
    PID:4199

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/waazmb.kvuaig.pih.yru.nn.qsxsi/files/d

    Filesize

    453KB

    MD5

    487c677e4bcf7ee31f810f456961f587

    SHA1

    b43794fef7a02d1014407331a7e99181380f947a

    SHA256

    98b5fcaccd6062ad1f2fe8f5dfe31d1b6773027f56951cc541432775e4dc15ed

    SHA512

    ad8f589e9a0846999881b435a8c69c913fa4efb7a1d9b0144b509da2e5c69a15b83f0d08ca7bf3935293c209d27a163f7c60ac81c055c21a64e3fd1406182b6e

  • /data/data/waazmb.kvuaig.pih.yru.nn.qsxsi/files/oat/d.cur.prof

    Filesize

    788B

    MD5

    1f3f79d5e628dbc63c4b5ed2cae52346

    SHA1

    0999d3533355621853580db7e4a796c13636eafb

    SHA256

    d8fce3061e9c239c7106bfde78404b9736dd5aa27fec3b08053e07c9df8d3773

    SHA512

    acff8a50605be5aa14896fb9f1f2ab7388c55cc797da8b522b5bb65c7caac62b713f4833f884e1d3be2783ca404742c07e020080e1c50740d90741293e7e6669