xloader_apk | 4f1acc510c51b925ad03d68199e67499205581f316f0d2ec8dbed23ce8b3c058 | Triage

Submit
Reports

Overview

overview

Static

static

6

4f1acc510c...58.apk

android-13-x64

Sharing

General

Target

4f1acc510c51b925ad03d68199e67499205581f316f0d2ec8dbed23ce8b3c058.bin
Size

283KB
Sample

240407-1xefmaff9z
MD5

ac23f6f70c83562c104408d9c23ce490
SHA1

b9e21f3cd8c52ef65c0cc5335ce2264c539b2ffa
SHA256

4f1acc510c51b925ad03d68199e67499205581f316f0d2ec8dbed23ce8b3c058
SHA512

5078a03f0909c2a6fa15b9c58043d8977f2f6999ddc09305df29fe60b545b64c772a3c0d777b8f6050a8d8ab5cda52c4e1bb5b9215eb869ba2b3df2483629035
SSDEEP

6144:yWZ6munmRZ5DRKX8yJmnTxhnYtyXSxxbZL07QavEE7BAYBxnf7Ucpzq9R+Bo8/y7:lgm5DG8tTxhnYtyiXlacEdAKRc9sC5Z

Score

10^/10

xloader_apk android banker collection discovery evasion infostealer persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

4f1acc510c51b925ad03d68199e67499205581f316f0d2ec8dbed23ce8b3c058.apk

Resource

android-33-x64-arm64-20240229-en

xloader_apk banker collection discovery evasion infostealer persistence trojan

android-13-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  4f1acc510c51b925ad03d68199e67499205581f316f0d2ec8dbed23ce8b3c058.bin
- Size
  
  283KB
- MD5
  
  ac23f6f70c83562c104408d9c23ce490
- SHA1
  
  b9e21f3cd8c52ef65c0cc5335ce2264c539b2ffa
- SHA256
  
  4f1acc510c51b925ad03d68199e67499205581f316f0d2ec8dbed23ce8b3c058
- SHA512
  
  5078a03f0909c2a6fa15b9c58043d8977f2f6999ddc09305df29fe60b545b64c772a3c0d777b8f6050a8d8ab5cda52c4e1bb5b9215eb869ba2b3df2483629035
- SSDEEP
  
  6144:yWZ6munmRZ5DRKX8yJmnTxhnYtyXSxxbZL07QavEE7BAYBxnf7Ucpzq9R+Bo8/y7:lgm5DG8tTxhnYtyiXlacEdAKRc9sC5Z
Score

10^/10

xloader_apk banker collection discovery evasion infostealer persistence trojan
- XLoader payload
- XLoader, MoqHao
  An Android banker and info stealer.
  trojan infostealer banker xloader_apk
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Queries the phone number (MSISDN for GSM devices)
  discovery
- Reads the content of the MMS message.
  collection
- Acquires the wake lock
- Requests disabling of battery optimizations (often used to enable hiding in the background).
  evasion
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

xloader_apkbankercollectiondiscoveryevasioninfostealerpersistencetrojan

© 2018-2024

Terms | Privacy