General
-
Target
9fb8ddf81b10620713420d65594fb2cea52bbe9769fb37ff21b89e0d734ce79b.bin
-
Size
209KB
-
Sample
240430-1xs9sagg7y
-
MD5
ec2f05221454a13864ccc54915c891de
-
SHA1
0736a22e479de944346e2722cc8fc3d74c71982f
-
SHA256
9fb8ddf81b10620713420d65594fb2cea52bbe9769fb37ff21b89e0d734ce79b
-
SHA512
4004f0d388543b3ca9c5f3efb907928132a312f0625f9376b5ee923cde117c87717c3c82cc4192e7818784a326e1daee3b704c9c3504efc3a50e6ab442464de8
-
SSDEEP
6144:6w8Dve/zsbLltB/kHtakQYR9WXuPno/7d2V28xw:6w8b1LZ8XTiXjzd2V28xw
Static task
static1
Behavioral task
behavioral1
Sample
9fb8ddf81b10620713420d65594fb2cea52bbe9769fb37ff21b89e0d734ce79b.apk
Resource
android-33-x64-arm64-20240229-en
Malware Config
Extracted
xloader_apk
http://91.204.227.39:28844
Targets
-
-
Target
9fb8ddf81b10620713420d65594fb2cea52bbe9769fb37ff21b89e0d734ce79b.bin
-
Size
209KB
-
MD5
ec2f05221454a13864ccc54915c891de
-
SHA1
0736a22e479de944346e2722cc8fc3d74c71982f
-
SHA256
9fb8ddf81b10620713420d65594fb2cea52bbe9769fb37ff21b89e0d734ce79b
-
SHA512
4004f0d388543b3ca9c5f3efb907928132a312f0625f9376b5ee923cde117c87717c3c82cc4192e7818784a326e1daee3b704c9c3504efc3a50e6ab442464de8
-
SSDEEP
6144:6w8Dve/zsbLltB/kHtakQYR9WXuPno/7d2V28xw:6w8b1LZ8XTiXjzd2V28xw
-
XLoader payload
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries account information for other applications stored on the device
Application may abuse the framework's APIs to collect account information stored on the device.
-
Queries the phone number (MSISDN for GSM devices)
-
Reads the content of the MMS message.
-
Acquires the wake lock
-