General
-
Target
8d86835138de13dd88e3ffaaa65d75e1ccc6ee1fb4c3784fbe3108a2a4b09f51.bin
-
Size
278KB
-
Sample
240523-1xtwbaae6s
-
MD5
5ff381d793d76896c9e7db0487e8be2b
-
SHA1
d8769527f7874b08d9ae00869aba8600182471d5
-
SHA256
8d86835138de13dd88e3ffaaa65d75e1ccc6ee1fb4c3784fbe3108a2a4b09f51
-
SHA512
f285b840679238e56721becd670a3fd54a719379bb84ec76665e8191e57db6176af902d09840b2fccd3a67c2cb642b253a44581fa61d918233029212111ce338
-
SSDEEP
6144:lv0rj7NhCQeLEfJXtBKE3zwJ+K5B2YxGfY:lvyjJhe+Jd0EEJvBn
Static task
static1
Behavioral task
behavioral1
Sample
8d86835138de13dd88e3ffaaa65d75e1ccc6ee1fb4c3784fbe3108a2a4b09f51.apk
Resource
android-x64-arm64-20240514-en
Malware Config
Extracted
xloader_apk
http://91.204.227.39:28844
Targets
-
-
Target
8d86835138de13dd88e3ffaaa65d75e1ccc6ee1fb4c3784fbe3108a2a4b09f51.bin
-
Size
278KB
-
MD5
5ff381d793d76896c9e7db0487e8be2b
-
SHA1
d8769527f7874b08d9ae00869aba8600182471d5
-
SHA256
8d86835138de13dd88e3ffaaa65d75e1ccc6ee1fb4c3784fbe3108a2a4b09f51
-
SHA512
f285b840679238e56721becd670a3fd54a719379bb84ec76665e8191e57db6176af902d09840b2fccd3a67c2cb642b253a44581fa61d918233029212111ce338
-
SSDEEP
6144:lv0rj7NhCQeLEfJXtBKE3zwJ+K5B2YxGfY:lvyjJhe+Jd0EEJvBn
-
XLoader payload
-
Checks if the Android device is rooted.
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries account information for other applications stored on the device
Application may abuse the framework's APIs to collect account information stored on the device.
-
Queries the phone number (MSISDN for GSM devices)
-
Reads the content of the MMS message.
-
Acquires the wake lock
-
Reads information about phone network operator.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Foreground Persistence
1Hide Artifacts
2Suppress Application Icon
1User Evasion
1