General
-
Target
741fe661150a95b9d619f03c4021132e18536fd29059842436a2599cea8cbdce.bin
-
Size
452KB
-
Sample
240521-1yfp3sbg6x
-
MD5
5636ee92a4d5d75a1009c2a9e5233033
-
SHA1
aa00effe8f02e83cd925064c3bcfccd0b4d3fc13
-
SHA256
741fe661150a95b9d619f03c4021132e18536fd29059842436a2599cea8cbdce
-
SHA512
ba02db7aa30a36540d02f9561d422091e621b5f032a3f8fcdc6dd02af2d37aa60b8850a8d4d990433ff452558eed0525be128bacf8121e6bf2a7215774679fbf
-
SSDEEP
6144:sIS78DVP+biBsEF10s22kyc3G8bSk7dQfzzBvkc21pQn3XznGSqANUupuT90/hfz:jPtBj10IvuSnxvgQnzGSqANUupQQRZJ
Static task
static1
Behavioral task
behavioral1
Sample
741fe661150a95b9d619f03c4021132e18536fd29059842436a2599cea8cbdce.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
741fe661150a95b9d619f03c4021132e18536fd29059842436a2599cea8cbdce.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral3
Sample
741fe661150a95b9d619f03c4021132e18536fd29059842436a2599cea8cbdce.apk
Resource
android-x64-arm64-20240514-en
Malware Config
Extracted
xloader_apk
http://91.204.227.39:28844
Targets
-
-
Target
741fe661150a95b9d619f03c4021132e18536fd29059842436a2599cea8cbdce.bin
-
Size
452KB
-
MD5
5636ee92a4d5d75a1009c2a9e5233033
-
SHA1
aa00effe8f02e83cd925064c3bcfccd0b4d3fc13
-
SHA256
741fe661150a95b9d619f03c4021132e18536fd29059842436a2599cea8cbdce
-
SHA512
ba02db7aa30a36540d02f9561d422091e621b5f032a3f8fcdc6dd02af2d37aa60b8850a8d4d990433ff452558eed0525be128bacf8121e6bf2a7215774679fbf
-
SSDEEP
6144:sIS78DVP+biBsEF10s22kyc3G8bSk7dQfzzBvkc21pQn3XznGSqANUupuT90/hfz:jPtBj10IvuSnxvgQnzGSqANUupQQRZJ
-
XLoader payload
-
Checks if the Android device is rooted.
-
Requests changing the default SMS application.
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries account information for other applications stored on the device
Application may abuse the framework's APIs to collect account information stored on the device.
-
Queries the phone number (MSISDN for GSM devices)
-
Reads the content of the MMS message.
-
Registers a broadcast receiver at runtime (usually for listening for system events)
-
Acquires the wake lock
-
Checks if the internet connection is available
-
Queries the unique device ID (IMEI, MEID, IMSI)
-
Reads information about phone network operator.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-