General
-
Target
5a28ca08c46dac25b4e48448f1785e4bb132877ec3fb896de817cfb5eb854ba1.bin
-
Size
443KB
-
Sample
240528-1zcd2sfd76
-
MD5
21559cf3b4b1b6dffd94de9f48dd1701
-
SHA1
9522c291cbd0e2cc90d3a872d956e2266731cf19
-
SHA256
5a28ca08c46dac25b4e48448f1785e4bb132877ec3fb896de817cfb5eb854ba1
-
SHA512
2c2f6bbcdfb40a116ec5c7cb79644653dc6ceff4fc03e7934255a7c232984fa198f10401b156f686667472fc3f70b37e85d37dbbbe1db02f9891b4b0d4cd42ac
-
SSDEEP
12288:yDNPTBZhceHB0kXlQyu3Clc6EOO5ucU3T1X//QoF:4xhxhR1Q8lc6ELEFl/f
Static task
static1
Behavioral task
behavioral1
Sample
5a28ca08c46dac25b4e48448f1785e4bb132877ec3fb896de817cfb5eb854ba1.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
5a28ca08c46dac25b4e48448f1785e4bb132877ec3fb896de817cfb5eb854ba1.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral3
Sample
5a28ca08c46dac25b4e48448f1785e4bb132877ec3fb896de817cfb5eb854ba1.apk
Resource
android-x64-arm64-20240514-en
Malware Config
Extracted
xloader_apk
http://91.204.227.39:28844
Targets
-
-
Target
5a28ca08c46dac25b4e48448f1785e4bb132877ec3fb896de817cfb5eb854ba1.bin
-
Size
443KB
-
MD5
21559cf3b4b1b6dffd94de9f48dd1701
-
SHA1
9522c291cbd0e2cc90d3a872d956e2266731cf19
-
SHA256
5a28ca08c46dac25b4e48448f1785e4bb132877ec3fb896de817cfb5eb854ba1
-
SHA512
2c2f6bbcdfb40a116ec5c7cb79644653dc6ceff4fc03e7934255a7c232984fa198f10401b156f686667472fc3f70b37e85d37dbbbe1db02f9891b4b0d4cd42ac
-
SSDEEP
12288:yDNPTBZhceHB0kXlQyu3Clc6EOO5ucU3T1X//QoF:4xhxhR1Q8lc6ELEFl/f
-
XLoader payload
-
Checks if the Android device is rooted.
-
Requests changing the default SMS application.
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries account information for other applications stored on the device
Application may abuse the framework's APIs to collect account information stored on the device.
-
Queries the phone number (MSISDN for GSM devices)
-
Reads the content of the MMS message.
-
Registers a broadcast receiver at runtime (usually for listening for system events)
-
Acquires the wake lock
-
Checks if the internet connection is available
-
Queries the unique device ID (IMEI, MEID, IMSI)
-
Reads information about phone network operator.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-