Analysis

  • max time kernel
    149s
  • max time network
    144s
  • platform
    android_x86
  • resource
    android-x86-arm-20240221-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
  • submitted
    19-03-2024 07:01

General

  • Target

    d57dea71951a50c509b5ac98b3296f0c.apk

  • Size

    441KB

  • MD5

    d57dea71951a50c509b5ac98b3296f0c

  • SHA1

    7e2f4d63dbf51491058f0040ef64477ee521d686

  • SHA256

    7c2ce095afd68f2a6c4ac11b495f3e6c648d10d0af1379392b1e07a8c2e5bbcd

  • SHA512

    850fa44c229c055ccef4be20c60647c5314af6eaa47bf64de01be0ae7b05609cdaad03d8363feaa732c12ecf484dfd9fcb632cbaccaa0d9722202e25392bed40

  • SSDEEP

    12288:maEQueADcM5xAVzIJcX6jyybMQwwvruIOh11J:maipDcDzIBuQwMOTz

Malware Config

Signatures

  • XLoader payload 2 IoCs
  • XLoader, MoqHao

    An Android banker and info stealer.

  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Reads the content of the MMS message. 1 TTPs 1 IoCs
  • Acquires the wake lock 1 IoCs

Processes

  • c.ao.wynwv
    1⤵
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Reads the content of the MMS message.
    • Acquires the wake lock
    PID:4239

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/c.ao.wynwv/files/d

    Filesize

    453KB

    MD5

    6428e12b85d6a8b13047c03b638af740

    SHA1

    a6c785d42dcf46457421a066e5dfbe77becc1130

    SHA256

    45a16f45f7ecbe02bdfe4ae246a52b4b2252335fdfc71bbde069023cd014cbe1

    SHA512

    f9f9d09d201ce6c2095dbc8f6b51945a5f0e364d8bcaad1499028d2ef9aaef356121913014f53ecff2ac2ef2c91ad73eb01e9643019a9316ff6b2d58d9f2b6c1

  • /data/data/c.ao.wynwv/files/oat/d.cur.prof

    Filesize

    791B

    MD5

    36a1389a9e4b6c5614fe8aa3d4316ab4

    SHA1

    a5ba5ea7a45aae6c6910f7a2ca250fcc52dd77a0

    SHA256

    f5421c980cf2e92a987bba5e0946c787050ebfc697afd54cfcf20ca18d835bfc

    SHA512

    7a4d2c6e11b3ff02175503c6a9537f96f147713a87247c99c6826f8043ca38ee348b7c2abaf52b6c2c3f4c3d5d37c4d5ff18e82ab7d3610c03537a337baec9dd