General
-
Target
ed30cb030113fda302a2c396b9601830fdd3e37eaae35e5275b76fc2cf60404c.bin
-
Size
205KB
-
Sample
240430-1xt63saf28
-
MD5
246ebb34c1c28512d67c18f1513968c0
-
SHA1
0c6dd62ef0214ce6418159b0d23352f85d261333
-
SHA256
ed30cb030113fda302a2c396b9601830fdd3e37eaae35e5275b76fc2cf60404c
-
SHA512
c3ba6c393354a7c40a18453e58e741ab756c6dd77a552d03ec7d925064572ce8eef3a2e5698b274361ef18ca34b87d40fb80b1297cb1b9277f96d7465d001598
-
SSDEEP
3072:7/RXv/CfOSNVOOa6ahUTQhsnhd6Y0zi3uP8USojMr1qSfsFxINzX3dlSuf:jRXXATVRaRIQ06s3uP8noArQLxAzBf
Static task
static1
Behavioral task
behavioral1
Sample
ed30cb030113fda302a2c396b9601830fdd3e37eaae35e5275b76fc2cf60404c.apk
Resource
android-x86-arm-20240221-en
Behavioral task
behavioral2
Sample
ed30cb030113fda302a2c396b9601830fdd3e37eaae35e5275b76fc2cf60404c.apk
Resource
android-x64-20240221-en
Behavioral task
behavioral3
Sample
ed30cb030113fda302a2c396b9601830fdd3e37eaae35e5275b76fc2cf60404c.apk
Resource
android-x64-arm64-20240221-en
Malware Config
Extracted
xloader_apk
http://91.204.227.39:28844
Targets
-
-
Target
ed30cb030113fda302a2c396b9601830fdd3e37eaae35e5275b76fc2cf60404c.bin
-
Size
205KB
-
MD5
246ebb34c1c28512d67c18f1513968c0
-
SHA1
0c6dd62ef0214ce6418159b0d23352f85d261333
-
SHA256
ed30cb030113fda302a2c396b9601830fdd3e37eaae35e5275b76fc2cf60404c
-
SHA512
c3ba6c393354a7c40a18453e58e741ab756c6dd77a552d03ec7d925064572ce8eef3a2e5698b274361ef18ca34b87d40fb80b1297cb1b9277f96d7465d001598
-
SSDEEP
3072:7/RXv/CfOSNVOOa6ahUTQhsnhd6Y0zi3uP8USojMr1qSfsFxINzX3dlSuf:jRXXATVRaRIQ06s3uP8noArQLxAzBf
-
XLoader payload
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries account information for other applications stored on the device
Application may abuse the framework's APIs to collect account information stored on the device.
-
Queries the phone number (MSISDN for GSM devices)
-
Reads the content of the MMS message.
-
Registers a broadcast receiver at runtime (usually for listening for system events)
-
Acquires the wake lock
-
Queries the unique device ID (IMEI, MEID, IMSI)
-