Overview

overview

10

Static

static

6

f1c1ef7355...18.apk

android-9-x86

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f1c1ef7355d3ad37a8fdebc2716cbe4e_JaffaCakes118

  • Size

    445KB

  • Sample

    240415-x9sl8sge5z

  • MD5

    f1c1ef7355d3ad37a8fdebc2716cbe4e

  • SHA1

    b82ab7ce847abe2b1fc92f91c97d67773fd49cfa

  • SHA256

    9f34a0f5d16f203eef15bdb01a953c22016ad7f252bce4d781fc4028035bce07

  • SHA512

    333fa4d51a5919acba2f7f703eef3d3d73601f153163741f8968d7bf027b7c7e45338a2140e0bce127e35a67711280471288e132903d8786c6c13dcd3b1fc7e2

  • SSDEEP

    12288:QkOrBFJ5YXxzE2vIIte+M1SyD7DAEXqyqQnSMey7SQZy0:QPVFnYXxzjwIrM1SyD7Duy5g8k0

Score
10/10
xloader_apkandroidbankercollectiondiscoveryevasioninfostealerpersistencestealthtrojan

Malware Config

Extracted

Family

xloader_apk

C2

http://91.204.227.39:28844

DES_key

Targets

    • Target

      f1c1ef7355d3ad37a8fdebc2716cbe4e_JaffaCakes118

    • Size

      445KB

    • MD5

      f1c1ef7355d3ad37a8fdebc2716cbe4e

    • SHA1

      b82ab7ce847abe2b1fc92f91c97d67773fd49cfa

    • SHA256

      9f34a0f5d16f203eef15bdb01a953c22016ad7f252bce4d781fc4028035bce07

    • SHA512

      333fa4d51a5919acba2f7f703eef3d3d73601f153163741f8968d7bf027b7c7e45338a2140e0bce127e35a67711280471288e132903d8786c6c13dcd3b1fc7e2

    • SSDEEP

      12288:QkOrBFJ5YXxzE2vIIte+M1SyD7DAEXqyqQnSMey7SQZy0:QPVFnYXxzjwIrM1SyD7Duy5g8k0

    Score
    10/10
    xloader_apkbankercollectiondiscoveryevasioninfostealerpersistencestealthtrojan

    • XLoader payload

    • XLoader, MoqHao

      An Android banker and info stealer.

      trojaninfostealerbankerxloader_apk

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Removes its main activity from the application launcher

      stealthtrojanevasion

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

      evasionpersistence

    • Queries account information for other applications stored on the device.

      Application may abuse the framework's APIs to collect account information stored on the device.

      collection

    • Reads the content of the MMS message.

      collection

    • Acquires the wake lock

    behavioral1

MITRE ATT&CK Matrix

Tasks