General

  • Target

    9fb8ddf81b10620713420d65594fb2cea52bbe9769fb37ff21b89e0d734ce79b.bin

  • Size

    209KB

  • Sample

    240430-1xs9sagg7y

  • MD5

    ec2f05221454a13864ccc54915c891de

  • SHA1

    0736a22e479de944346e2722cc8fc3d74c71982f

  • SHA256

    9fb8ddf81b10620713420d65594fb2cea52bbe9769fb37ff21b89e0d734ce79b

  • SHA512

    4004f0d388543b3ca9c5f3efb907928132a312f0625f9376b5ee923cde117c87717c3c82cc4192e7818784a326e1daee3b704c9c3504efc3a50e6ab442464de8

  • SSDEEP

    6144:6w8Dve/zsbLltB/kHtakQYR9WXuPno/7d2V28xw:6w8b1LZ8XTiXjzd2V28xw

Malware Config

Extracted

Family

xloader_apk

C2

http://91.204.227.39:28844

DES_key

Targets

    • Target

      9fb8ddf81b10620713420d65594fb2cea52bbe9769fb37ff21b89e0d734ce79b.bin

    • Size

      209KB

    • MD5

      ec2f05221454a13864ccc54915c891de

    • SHA1

      0736a22e479de944346e2722cc8fc3d74c71982f

    • SHA256

      9fb8ddf81b10620713420d65594fb2cea52bbe9769fb37ff21b89e0d734ce79b

    • SHA512

      4004f0d388543b3ca9c5f3efb907928132a312f0625f9376b5ee923cde117c87717c3c82cc4192e7818784a326e1daee3b704c9c3504efc3a50e6ab442464de8

    • SSDEEP

      6144:6w8Dve/zsbLltB/kHtakQYR9WXuPno/7d2V28xw:6w8b1LZ8XTiXjzd2V28xw

    • XLoader payload

    • XLoader, MoqHao

      An Android banker and info stealer.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

    • Queries account information for other applications stored on the device

      Application may abuse the framework's APIs to collect account information stored on the device.

    • Queries the phone number (MSISDN for GSM devices)

    • Reads the content of the MMS message.

    • Acquires the wake lock

MITRE ATT&CK Mobile v15

Tasks