General
-
Target
b5cda3a6befd6d57fadaf851cf008949b72cc157e860fd4def32d560187c7084.bin
-
Size
205KB
-
Sample
240511-1zav8aea37
-
MD5
3cd333cef0e16c0b26e60aa773720a11
-
SHA1
3929328a8222cdde295dccc00b0c8d277604a4a9
-
SHA256
b5cda3a6befd6d57fadaf851cf008949b72cc157e860fd4def32d560187c7084
-
SHA512
795656eae9a0fc12f7f9fe25db957638be86fb5b51d320af4b88f2e65cd5ff0e10a42306cb7499da553dbd743dcb908fddff4a9611114c96e2d794b1d5c39561
-
SSDEEP
6144:S+G9oOAPX4m9dSedICH8RWcZgd5otvogXzO:SfEXv2yZcZ+OogXzO
Static task
static1
Behavioral task
behavioral1
Sample
b5cda3a6befd6d57fadaf851cf008949b72cc157e860fd4def32d560187c7084.apk
Resource
android-x86-arm-20240506-en
Behavioral task
behavioral2
Sample
b5cda3a6befd6d57fadaf851cf008949b72cc157e860fd4def32d560187c7084.apk
Resource
android-x64-20240506-en
Behavioral task
behavioral3
Sample
b5cda3a6befd6d57fadaf851cf008949b72cc157e860fd4def32d560187c7084.apk
Resource
android-x64-arm64-20240506-en
Malware Config
Extracted
xloader_apk
http://91.204.227.39:28844
Targets
-
-
Target
b5cda3a6befd6d57fadaf851cf008949b72cc157e860fd4def32d560187c7084.bin
-
Size
205KB
-
MD5
3cd333cef0e16c0b26e60aa773720a11
-
SHA1
3929328a8222cdde295dccc00b0c8d277604a4a9
-
SHA256
b5cda3a6befd6d57fadaf851cf008949b72cc157e860fd4def32d560187c7084
-
SHA512
795656eae9a0fc12f7f9fe25db957638be86fb5b51d320af4b88f2e65cd5ff0e10a42306cb7499da553dbd743dcb908fddff4a9611114c96e2d794b1d5c39561
-
SSDEEP
6144:S+G9oOAPX4m9dSedICH8RWcZgd5otvogXzO:SfEXv2yZcZ+OogXzO
-
XLoader payload
-
Requests changing the default SMS application.
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries account information for other applications stored on the device
Application may abuse the framework's APIs to collect account information stored on the device.
-
Queries information about the current Wi-Fi connection
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries the phone number (MSISDN for GSM devices)
-
Reads the content of the MMS message.
-
Registers a broadcast receiver at runtime (usually for listening for system events)
-
Acquires the wake lock
-
Checks if the internet connection is available
-
Queries the unique device ID (IMEI, MEID, IMSI)
-
Reads information about phone network operator.
-