Overview

overview

10

Static

static

6

d2110db05a...b7.apk

android-9-x86

10

Analysis

  • max time kernel
    150s
  • max time network
    135s
  • platform
    android_x86
  • resource
    android-x86-arm-20240221-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
  • submitted
    18-03-2024 00:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d2110db05a98311069c20b3ecc2814b7.apk

  • Size

    445KB

  • MD5

    d2110db05a98311069c20b3ecc2814b7

  • SHA1

    60441e5b7881d063e849452cbe4af37669f10e0e

  • SHA256

    305122d541f3736ce622ad4086235f86017bc56b0821ab409f8687b9b1bace5a

  • SHA512

    4b2910eaabc3618e34f98468413a9497e2d8880db804db1e2344ba3c958417603b5082a46c90d6ddb66fa146c8bb65299969ec0431733b20a358993189c22a5b

  • SSDEEP

    6144:vUSv4krzSXaIg1iJu10m5C7XrXDDUEW+3qyqPoQ+8QVbSda8lysdWINQZoFSF+Ax:vf1rOnqiJZD7DAEXqyqQnSMey7SQZyP0

Score
10/10
xloader_apkbankercollectiondiscoveryevasioninfostealerstealthtrojan

Malware Config

Extracted

Family

xloader_apk

C2

http://91.204.227.39:28844

DES_key

Signatures

  • XLoader payload 2 IoCs
  • XLoader, MoqHao

    An Android banker and info stealer.

    trojaninfostealerbankerxloader_apk
  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Reads the contacts stored on the device. 1 TTPs 1 IoCs
    collection
  • Reads the content of the MMS message. 1 TTPs 1 IoCs
    collection
  • Acquires the wake lock 1 IoCs
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes

  • a.vwoj.ssd
    1⤵
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Reads the contacts stored on the device.
    • Reads the content of the MMS message.
    • Acquires the wake lock
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4292

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/a.vwoj.ssd/files/d
    Filesize

    454KB

    MD5

    d28e6b862a1aee68793e1b022f18306a

    SHA1

    9044c8b066fc6610bb53b2fe4fec1c8b3e5ae985

    SHA256

    05d35fa20111813c4e3063181b5b90d7f13a03856e6104f1dfc64c735055c76a

    SHA512

    64d6105fc4a17057c184804a6214a99e4f96326af423fa11cd7cc89ea0cd1c9e67e43e91ecbaf8ccea6b3175a05dc1d2a3dd1cbd0830d921dfbfb738ec874526

    Download Submit
  • /data/data/a.vwoj.ssd/files/oat/d.cur.prof
    Filesize

    995B

    MD5

    de939ee83e8cc9b4d8c2fc2f5a422f46

    SHA1

    35006e75c7e82386b49b14def0cd6d90da34ae20

    SHA256

    2dc0d437cfb668bb3af67920a28a4484bcc3de56005e4e77f6158fc8a0902e44

    SHA512

    ee05a7e2584158a0419244c99f11d7a8de1604b58324e7e66074944139f35c0b0ae6c47a87a60cefa1110c10edf914307124b60a190da5f0468b7e21444d9637

    Download Submit
  • /storage/emulated/0/.msg_device_id.txt
    Filesize

    36B

    MD5

    10ef2cc86d9478a51b6573826f9f74f9

    SHA1

    3c853dde2d3f423c151d13b780cdbd24c57ea524

    SHA256

    21d58580d70a671d1dff028b1c5547eb786aea925c0ca4edc0bfd2faf2e1310b

    SHA512

    dd82a58a3762e88ab74106fa77dbf3305c1772ea743bf8a7f6c71443aa3119693bf114f5c22fd333140fac3b8d5811f7cb975d8472a21e9d383652f9aaa299d7

    Download Submit