General
-
Target
260b0b69c480b257da44ab90185df27a45c0b37b2240d380a47678a0cb19e780.bin
-
Size
449KB
-
Sample
240521-1ygx5sbg6z
-
MD5
3adaaac407b75a7f84e8576628f5c7e1
-
SHA1
c9dd0a8bada5b73b9e4a78609c0576e36255f85c
-
SHA256
260b0b69c480b257da44ab90185df27a45c0b37b2240d380a47678a0cb19e780
-
SHA512
1e87cd01855c43f4c868d5727c7c35bba5405beda7776ba57f6b3a7dff1225ce31b0b4293c54b36a0264a4952812cbd788a059480f786e8e4b940762d5901255
-
SSDEEP
12288:L6o1mh4+YtyfpU9Wv364r+0vtAZsIBcj/490NYQRZo:LXmytyRU4C4S0vt8qC0NpRi
Static task
static1
Behavioral task
behavioral1
Sample
260b0b69c480b257da44ab90185df27a45c0b37b2240d380a47678a0cb19e780.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
260b0b69c480b257da44ab90185df27a45c0b37b2240d380a47678a0cb19e780.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral3
Sample
260b0b69c480b257da44ab90185df27a45c0b37b2240d380a47678a0cb19e780.apk
Resource
android-x64-arm64-20240514-en
Malware Config
Extracted
xloader_apk
http://91.204.227.39:28844
Targets
-
-
Target
260b0b69c480b257da44ab90185df27a45c0b37b2240d380a47678a0cb19e780.bin
-
Size
449KB
-
MD5
3adaaac407b75a7f84e8576628f5c7e1
-
SHA1
c9dd0a8bada5b73b9e4a78609c0576e36255f85c
-
SHA256
260b0b69c480b257da44ab90185df27a45c0b37b2240d380a47678a0cb19e780
-
SHA512
1e87cd01855c43f4c868d5727c7c35bba5405beda7776ba57f6b3a7dff1225ce31b0b4293c54b36a0264a4952812cbd788a059480f786e8e4b940762d5901255
-
SSDEEP
12288:L6o1mh4+YtyfpU9Wv364r+0vtAZsIBcj/490NYQRZo:LXmytyRU4C4S0vt8qC0NpRi
-
XLoader payload
-
Checks if the Android device is rooted.
-
Requests changing the default SMS application.
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries account information for other applications stored on the device
Application may abuse the framework's APIs to collect account information stored on the device.
-
Queries information about the current Wi-Fi connection
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries the phone number (MSISDN for GSM devices)
-
Reads the content of the MMS message.
-
Registers a broadcast receiver at runtime (usually for listening for system events)
-
Acquires the wake lock
-
Checks if the internet connection is available
-
Queries the unique device ID (IMEI, MEID, IMSI)
-
Reads information about phone network operator.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-