General
-
Target
51dc5a1433ef001a0dcc1ee07a872bebbf1f8d2fd7cb7513cdf67d9ed39a25c3.bin
-
Size
205KB
-
Sample
240425-1yd69afg5t
-
MD5
69fd2782a1bce0c725d16480706c389b
-
SHA1
00cf551ca1c0f3c13c3b8643693271a80ae64aa7
-
SHA256
51dc5a1433ef001a0dcc1ee07a872bebbf1f8d2fd7cb7513cdf67d9ed39a25c3
-
SHA512
f160981b23f65a7bbba3987fb3635c5ecd0e7b2f599aee948c5422271d1c04d6a535f0f12182b7fab13f204a7ae93f6bda053e4b986a1bc945e9694f389ccc8e
-
SSDEEP
3072:X0ODFFFm2wSb9M8bgcUFGLL85iZNaK6s65SE5xNoLTYj4cXuXnU0/I7GuM4Z:fxmau9ZFYLZEK6v5SEloLsj4Y0UUIi4Z
Static task
static1
Behavioral task
behavioral1
Sample
51dc5a1433ef001a0dcc1ee07a872bebbf1f8d2fd7cb7513cdf67d9ed39a25c3.apk
Resource
android-x86-arm-20240221-en
Behavioral task
behavioral2
Sample
51dc5a1433ef001a0dcc1ee07a872bebbf1f8d2fd7cb7513cdf67d9ed39a25c3.apk
Resource
android-x64-20240221-en
Behavioral task
behavioral3
Sample
51dc5a1433ef001a0dcc1ee07a872bebbf1f8d2fd7cb7513cdf67d9ed39a25c3.apk
Resource
android-x64-arm64-20240221-en
Malware Config
Extracted
xloader_apk
http://91.204.227.39:28844
Targets
-
-
Target
51dc5a1433ef001a0dcc1ee07a872bebbf1f8d2fd7cb7513cdf67d9ed39a25c3.bin
-
Size
205KB
-
MD5
69fd2782a1bce0c725d16480706c389b
-
SHA1
00cf551ca1c0f3c13c3b8643693271a80ae64aa7
-
SHA256
51dc5a1433ef001a0dcc1ee07a872bebbf1f8d2fd7cb7513cdf67d9ed39a25c3
-
SHA512
f160981b23f65a7bbba3987fb3635c5ecd0e7b2f599aee948c5422271d1c04d6a535f0f12182b7fab13f204a7ae93f6bda053e4b986a1bc945e9694f389ccc8e
-
SSDEEP
3072:X0ODFFFm2wSb9M8bgcUFGLL85iZNaK6s65SE5xNoLTYj4cXuXnU0/I7GuM4Z:fxmau9ZFYLZEK6v5SEloLsj4Y0UUIi4Z
-
XLoader payload
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries account information for other applications stored on the device
Application may abuse the framework's APIs to collect account information stored on the device.
-
Queries the phone number (MSISDN for GSM devices)
-
Reads the content of the MMS message.
-
Registers a broadcast receiver at runtime (usually for listening for system events)
-
Acquires the wake lock
-
Queries the unique device ID (IMEI, MEID, IMSI)
-