General
-
Target
0585797034554d28f76324542e8b74f6cbb809127c1800169e2711266a812197.bin
-
Size
206KB
-
Sample
240521-1yjfzabg7t
-
MD5
cc67c5f5e4d99f40e7eb3922706ddcd7
-
SHA1
80f2fa242fe20ade4b20b46721b980bb3c4b3c91
-
SHA256
0585797034554d28f76324542e8b74f6cbb809127c1800169e2711266a812197
-
SHA512
19ffcc8a49c5fc4d700cf6e636cc2f6dbe72ea20d0312e2fe84787677755914584de1ad6644320b163386bf6078922900ac41e26dcbaad39ee4d14e43bf58c45
-
SSDEEP
3072:XGbH+roBoBKY7oupboIS0phUVCUDhBYMXasFYvXwvVQNPbfDBMipz6306sgONblo:X8+rUY7bczKvFTDn16PsgONBQ9v
Static task
static1
Behavioral task
behavioral1
Sample
0585797034554d28f76324542e8b74f6cbb809127c1800169e2711266a812197.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
0585797034554d28f76324542e8b74f6cbb809127c1800169e2711266a812197.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral3
Sample
0585797034554d28f76324542e8b74f6cbb809127c1800169e2711266a812197.apk
Resource
android-x64-arm64-20240514-en
Malware Config
Extracted
xloader_apk
http://91.204.227.39:28844
Targets
-
-
Target
0585797034554d28f76324542e8b74f6cbb809127c1800169e2711266a812197.bin
-
Size
206KB
-
MD5
cc67c5f5e4d99f40e7eb3922706ddcd7
-
SHA1
80f2fa242fe20ade4b20b46721b980bb3c4b3c91
-
SHA256
0585797034554d28f76324542e8b74f6cbb809127c1800169e2711266a812197
-
SHA512
19ffcc8a49c5fc4d700cf6e636cc2f6dbe72ea20d0312e2fe84787677755914584de1ad6644320b163386bf6078922900ac41e26dcbaad39ee4d14e43bf58c45
-
SSDEEP
3072:XGbH+roBoBKY7oupboIS0phUVCUDhBYMXasFYvXwvVQNPbfDBMipz6306sgONblo:X8+rUY7bczKvFTDn16PsgONBQ9v
-
XLoader payload
-
Checks if the Android device is rooted.
-
Requests changing the default SMS application.
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries account information for other applications stored on the device
Application may abuse the framework's APIs to collect account information stored on the device.
-
Queries the phone number (MSISDN for GSM devices)
-
Reads the content of the MMS message.
-
Registers a broadcast receiver at runtime (usually for listening for system events)
-
Acquires the wake lock
-
Queries the unique device ID (IMEI, MEID, IMSI)
-