General
-
Target
e1fedb5339ba0078daacfa30e31c8a0a2c047a67605d4541616a6e25f8b4689b.bin
-
Size
302KB
-
Sample
240521-1yj3habg98
-
MD5
454375d894a3d4d4bb473d4cd3269ffb
-
SHA1
d7c2d1c2f5d98369bbd00ec7b428979fd6ad3603
-
SHA256
e1fedb5339ba0078daacfa30e31c8a0a2c047a67605d4541616a6e25f8b4689b
-
SHA512
654fb9707ad47191003a576b08fe2f5b5df85866602c6f92934feecc0a23da7720d1e3734c82cdf572b9934dc40026115e24fcc3c91e26456ce4d1d1d0c87293
-
SSDEEP
6144:9pkNPMSzQx5lzu2jd8de8/bgfUj6QPX3z2p9ToCBTzJ:91/lBjd8e8UfUjJP3Ixx
Static task
static1
Behavioral task
behavioral1
Sample
e1fedb5339ba0078daacfa30e31c8a0a2c047a67605d4541616a6e25f8b4689b.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
e1fedb5339ba0078daacfa30e31c8a0a2c047a67605d4541616a6e25f8b4689b.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral3
Sample
e1fedb5339ba0078daacfa30e31c8a0a2c047a67605d4541616a6e25f8b4689b.apk
Resource
android-x64-arm64-20240514-en
Malware Config
Extracted
xloader_apk
http://91.204.227.39:28844
Targets
-
-
Target
e1fedb5339ba0078daacfa30e31c8a0a2c047a67605d4541616a6e25f8b4689b.bin
-
Size
302KB
-
MD5
454375d894a3d4d4bb473d4cd3269ffb
-
SHA1
d7c2d1c2f5d98369bbd00ec7b428979fd6ad3603
-
SHA256
e1fedb5339ba0078daacfa30e31c8a0a2c047a67605d4541616a6e25f8b4689b
-
SHA512
654fb9707ad47191003a576b08fe2f5b5df85866602c6f92934feecc0a23da7720d1e3734c82cdf572b9934dc40026115e24fcc3c91e26456ce4d1d1d0c87293
-
SSDEEP
6144:9pkNPMSzQx5lzu2jd8de8/bgfUj6QPX3z2p9ToCBTzJ:91/lBjd8e8UfUjJP3Ixx
-
XLoader payload
-
Checks if the Android device is rooted.
-
Requests changing the default SMS application.
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries account information for other applications stored on the device
Application may abuse the framework's APIs to collect account information stored on the device.
-
Queries information about the current Wi-Fi connection
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries the phone number (MSISDN for GSM devices)
-
Reads the content of the MMS message.
-
Registers a broadcast receiver at runtime (usually for listening for system events)
-
Acquires the wake lock
-
Checks if the internet connection is available
-
Queries the unique device ID (IMEI, MEID, IMSI)
-
Reads information about phone network operator.
-