General
-
Target
ce3313bd7c3134904d5a2c1faea4ff83d512479255cdd0f5296c415fbec95187.bin
-
Size
205KB
-
Sample
240519-1yxnlacc29
-
MD5
a4998cf1f8315383b3aa0ff957cb65bd
-
SHA1
45f8af06acd0e4f815bf69c7d3098b9affac5c6b
-
SHA256
ce3313bd7c3134904d5a2c1faea4ff83d512479255cdd0f5296c415fbec95187
-
SHA512
dff7ba87d5544fc08067aada33d3b8f8d9ef2ac1ba909ccfd86fdc35fd912a345a65db79571f4d74fc5f6ab6bd58f8e777c91049d99ccdc44d67f3560af05389
-
SSDEEP
3072:wsFRzkx39oO52yaXLYITXTQ4Qm95pS+Xt0edn3KXCHhNuF/JWCsIjqmgd3Jy7wID:ZG9oOAPX4m9dSedICH8RWcZgd5otBN
Static task
static1
Behavioral task
behavioral1
Sample
ce3313bd7c3134904d5a2c1faea4ff83d512479255cdd0f5296c415fbec95187.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
ce3313bd7c3134904d5a2c1faea4ff83d512479255cdd0f5296c415fbec95187.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral3
Sample
ce3313bd7c3134904d5a2c1faea4ff83d512479255cdd0f5296c415fbec95187.apk
Resource
android-x64-arm64-20240514-en
Malware Config
Extracted
xloader_apk
http://91.204.227.39:28844
Targets
-
-
Target
ce3313bd7c3134904d5a2c1faea4ff83d512479255cdd0f5296c415fbec95187.bin
-
Size
205KB
-
MD5
a4998cf1f8315383b3aa0ff957cb65bd
-
SHA1
45f8af06acd0e4f815bf69c7d3098b9affac5c6b
-
SHA256
ce3313bd7c3134904d5a2c1faea4ff83d512479255cdd0f5296c415fbec95187
-
SHA512
dff7ba87d5544fc08067aada33d3b8f8d9ef2ac1ba909ccfd86fdc35fd912a345a65db79571f4d74fc5f6ab6bd58f8e777c91049d99ccdc44d67f3560af05389
-
SSDEEP
3072:wsFRzkx39oO52yaXLYITXTQ4Qm95pS+Xt0edn3KXCHhNuF/JWCsIjqmgd3Jy7wID:ZG9oOAPX4m9dSedICH8RWcZgd5otBN
-
XLoader payload
-
Checks if the Android device is rooted.
-
Requests changing the default SMS application.
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries account information for other applications stored on the device
Application may abuse the framework's APIs to collect account information stored on the device.
-
Queries information about the current Wi-Fi connection
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries the phone number (MSISDN for GSM devices)
-
Reads the content of the MMS message.
-
Registers a broadcast receiver at runtime (usually for listening for system events)
-
Acquires the wake lock
-
Checks if the internet connection is available
-
Queries the unique device ID (IMEI, MEID, IMSI)
-
Reads information about phone network operator.
-