Analysis
-
max time kernel
149s -
max time network
144s -
platform
android_x86 -
resource
android-x86-arm-20240221-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system -
submitted
19-03-2024 07:01
Static task
static1
Behavioral task
behavioral1
Sample
d57dea71951a50c509b5ac98b3296f0c.apk
Resource
android-x86-arm-20240221-en
General
-
Target
d57dea71951a50c509b5ac98b3296f0c.apk
-
Size
441KB
-
MD5
d57dea71951a50c509b5ac98b3296f0c
-
SHA1
7e2f4d63dbf51491058f0040ef64477ee521d686
-
SHA256
7c2ce095afd68f2a6c4ac11b495f3e6c648d10d0af1379392b1e07a8c2e5bbcd
-
SHA512
850fa44c229c055ccef4be20c60647c5314af6eaa47bf64de01be0ae7b05609cdaad03d8363feaa732c12ecf484dfd9fcb632cbaccaa0d9722202e25392bed40
-
SSDEEP
12288:maEQueADcM5xAVzIJcX6jyybMQwwvruIOh11J:maipDcDzIBuQwMOTz
Malware Config
Signatures
-
XLoader payload 2 IoCs
Processes:
resource yara_rule /data/data/c.ao.wynwv/files/d family_xloader_apk /data/data/c.ao.wynwv/files/d family_xloader_apk2 -
XLoader, MoqHao
An Android banker and info stealer.
-
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
Processes:
c.ao.wynwvioc pid process /data/user/0/c.ao.wynwv/files/d 4239 c.ao.wynwv /data/user/0/c.ao.wynwv/files/d 4239 c.ao.wynwv -
Reads the content of the MMS message. 1 TTPs 1 IoCs
Processes:
c.ao.wynwvdescription ioc process URI accessed for read content://mms/ c.ao.wynwv -
Acquires the wake lock 1 IoCs
Processes:
c.ao.wynwvdescription ioc process Framework service call android.os.IPowerManager.acquireWakeLock c.ao.wynwv
Processes
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
453KB
MD56428e12b85d6a8b13047c03b638af740
SHA1a6c785d42dcf46457421a066e5dfbe77becc1130
SHA25645a16f45f7ecbe02bdfe4ae246a52b4b2252335fdfc71bbde069023cd014cbe1
SHA512f9f9d09d201ce6c2095dbc8f6b51945a5f0e364d8bcaad1499028d2ef9aaef356121913014f53ecff2ac2ef2c91ad73eb01e9643019a9316ff6b2d58d9f2b6c1
-
Filesize
791B
MD536a1389a9e4b6c5614fe8aa3d4316ab4
SHA1a5ba5ea7a45aae6c6910f7a2ca250fcc52dd77a0
SHA256f5421c980cf2e92a987bba5e0946c787050ebfc697afd54cfcf20ca18d835bfc
SHA5127a4d2c6e11b3ff02175503c6a9537f96f147713a87247c99c6826f8043ca38ee348b7c2abaf52b6c2c3f4c3d5d37c4d5ff18e82ab7d3610c03537a337baec9dd