Analysis
-
max time kernel
150s -
max time network
139s -
platform
android_x86 -
resource
android-x86-arm-20240221-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system -
submitted
17-03-2024 08:13
Static task
static1
Behavioral task
behavioral1
Sample
d05f96b3aab83be5732f07276568b5ff.apk
Resource
android-x86-arm-20240221-en
General
-
Target
d05f96b3aab83be5732f07276568b5ff.apk
-
Size
445KB
-
MD5
d05f96b3aab83be5732f07276568b5ff
-
SHA1
b8fe26ffa2f03eaf755833837f2525fd17ea49a8
-
SHA256
c4bb20855e33752dba0aadf468a84b6a67a15bf5744bf04da603fa20127aa59f
-
SHA512
fb63b78e7c96207a1da42ccb5cfdc8a3a0f1d7d6cabcadb7516b298e2f302ece8e7f538206950a42d548ccd686fdb8f4cd0ee7e2b2cfc8240dbfe4670e0a6e9a
-
SSDEEP
12288:dWGuQ/Hj8gCNw72iCTD7DAEXqyqQnSMey7SQZyJ:dfdjaARmD7Duy5g8kJ
Malware Config
Extracted
xloader_apk
http://91.204.227.39:28844
Signatures
-
XLoader payload 2 IoCs
Processes:
resource yara_rule /data/user/0/y.oujqjl.crh/files/d family_xloader_apk /data/user/0/y.oujqjl.crh/files/d family_xloader_apk2 -
XLoader, MoqHao
An Android banker and info stealer.
-
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
Processes:
y.oujqjl.crhioc pid process /data/user/0/y.oujqjl.crh/files/d 4178 y.oujqjl.crh /data/user/0/y.oujqjl.crh/files/d 4178 y.oujqjl.crh -
Reads the contacts stored on the device. 1 TTPs 1 IoCs
Processes:
y.oujqjl.crhdescription ioc process URI accessed for read content://com.android.contacts/raw_contacts y.oujqjl.crh -
Reads the content of the MMS message. 1 TTPs 1 IoCs
Processes:
y.oujqjl.crhdescription ioc process URI accessed for read content://mms/ y.oujqjl.crh -
Acquires the wake lock 1 IoCs
Processes:
y.oujqjl.crhdescription ioc process Framework service call android.os.IPowerManager.acquireWakeLock y.oujqjl.crh -
Reads information about phone network operator. 1 TTPs
-
Uses Crypto APIs (Might try to encrypt user data) 1 IoCs
Processes:
y.oujqjl.crhdescription ioc process Framework API call javax.crypto.Cipher.doFinal y.oujqjl.crh
Processes
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD58cf3e83fcf5617f953492380765cc68a
SHA1d306346cd4b42a67c7ba9d3792d0e5af5699a6b7
SHA25641614b12f859ac623801aca86c2af0648bf50c2d34fdf42f27f02a409cc15003
SHA51225307db453ba9024ea3094244422abed53b58c81c3bc4e41ede7833db88e5b75e54e109eb0fb0f0828a13184a57583b93f24df1e4fff8e0451d95b7c18f9e5ae
-
Filesize
454KB
MD5d28e6b862a1aee68793e1b022f18306a
SHA19044c8b066fc6610bb53b2fe4fec1c8b3e5ae985
SHA25605d35fa20111813c4e3063181b5b90d7f13a03856e6104f1dfc64c735055c76a
SHA51264d6105fc4a17057c184804a6214a99e4f96326af423fa11cd7cc89ea0cd1c9e67e43e91ecbaf8ccea6b3175a05dc1d2a3dd1cbd0830d921dfbfb738ec874526
-
Filesize
36B
MD5740bc6018513036b3e491b5d9667020c
SHA17a6c7c0b5b8d81e77d6416f4c9b4ae49ce2ac5e4
SHA256025dcbdf2cc807a7cb51179913a82a11e45b301b5a4b1e82e414a0afb8cbba3a
SHA5125fb25d866d781f79ba19fe1e87880d382c5d0d8706a13289c597fdde0db80d463728cad2daca7bdcfcdd955f174388c379c2a663053ba61a484aa04a1dedb4f0