General
-
Target
2f46be1ee1257735a1e6a3c1b988553c859128815606b3aa67b11d1e0ef9209a.bin
-
Size
278KB
-
Sample
240509-1zmj1scc99
-
MD5
487864d5871f543f0e808b2166f411d5
-
SHA1
dc3d53e3436c5dec1a8231898a9e6143abec3478
-
SHA256
2f46be1ee1257735a1e6a3c1b988553c859128815606b3aa67b11d1e0ef9209a
-
SHA512
eb80c87aa2e9f4ecbba07c5ae36ce93b3188740ac104eb87bcb5bc24f582e2d5112252c9cfef868688c313828c9a03caf79762b68598e888bb5539a08733a0d9
-
SSDEEP
6144:eKN/mjCrbZMkjhNLWD1sGNjsLnDf6Q6vITvdkT:XN/tZ9cJsIrQ9KT
Static task
static1
Behavioral task
behavioral1
Sample
2f46be1ee1257735a1e6a3c1b988553c859128815606b3aa67b11d1e0ef9209a.apk
Resource
android-x64-arm64-20240506-en
Malware Config
Extracted
xloader_apk
http://91.204.227.39:28844
Targets
-
-
Target
2f46be1ee1257735a1e6a3c1b988553c859128815606b3aa67b11d1e0ef9209a.bin
-
Size
278KB
-
MD5
487864d5871f543f0e808b2166f411d5
-
SHA1
dc3d53e3436c5dec1a8231898a9e6143abec3478
-
SHA256
2f46be1ee1257735a1e6a3c1b988553c859128815606b3aa67b11d1e0ef9209a
-
SHA512
eb80c87aa2e9f4ecbba07c5ae36ce93b3188740ac104eb87bcb5bc24f582e2d5112252c9cfef868688c313828c9a03caf79762b68598e888bb5539a08733a0d9
-
SSDEEP
6144:eKN/mjCrbZMkjhNLWD1sGNjsLnDf6Q6vITvdkT:XN/tZ9cJsIrQ9KT
-
XLoader payload
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries account information for other applications stored on the device
Application may abuse the framework's APIs to collect account information stored on the device.
-
Queries the phone number (MSISDN for GSM devices)
-
Reads the content of the MMS message.
-
Acquires the wake lock
-
Reads information about phone network operator.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-