General
-
Target
051dc68e6ec96d568022a277a5ce80a7c13a096cbefcdd5df6148b22a8f9317a.bin
-
Size
436KB
-
Sample
240531-3w583aah48
-
MD5
2abeebd4cd2a471cf1fb375a86a69694
-
SHA1
f9b190b67d8ce12432499f9c949b6c089bb741a8
-
SHA256
051dc68e6ec96d568022a277a5ce80a7c13a096cbefcdd5df6148b22a8f9317a
-
SHA512
a2dd9acd1461eae3dd26390c23ee2e901cc35a002a4fad054ff348c4f96eb8612b419cc24e95e471138d48095f5eee7bfcefd5c51f48ccc4043bc77816514a4e
-
SSDEEP
12288:P3I/3wY1oAAcWyysVeDaNju9+HkAbtT4q0:SwY1Pys7udAbi
Static task
static1
Behavioral task
behavioral1
Sample
051dc68e6ec96d568022a277a5ce80a7c13a096cbefcdd5df6148b22a8f9317a.apk
Resource
android-x86-arm-20240514-en
Malware Config
Extracted
xloader_apk
http://91.204.227.50:28899
Targets
-
-
Target
051dc68e6ec96d568022a277a5ce80a7c13a096cbefcdd5df6148b22a8f9317a.bin
-
Size
436KB
-
MD5
2abeebd4cd2a471cf1fb375a86a69694
-
SHA1
f9b190b67d8ce12432499f9c949b6c089bb741a8
-
SHA256
051dc68e6ec96d568022a277a5ce80a7c13a096cbefcdd5df6148b22a8f9317a
-
SHA512
a2dd9acd1461eae3dd26390c23ee2e901cc35a002a4fad054ff348c4f96eb8612b419cc24e95e471138d48095f5eee7bfcefd5c51f48ccc4043bc77816514a4e
-
SSDEEP
12288:P3I/3wY1oAAcWyysVeDaNju9+HkAbtT4q0:SwY1Pys7udAbi
-
XLoader payload
-
Checks if the Android device is rooted.
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries account information for other applications stored on the device
Application may abuse the framework's APIs to collect account information stored on the device.
-
Queries information about the current Wi-Fi connection
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries the phone number (MSISDN for GSM devices)
-
Reads the content of the MMS message.
-
Registers a broadcast receiver at runtime (usually for listening for system events)
-
Acquires the wake lock
-
Checks if the internet connection is available
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-
Checks the presence of a debugger
-
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Defense Evasion
Download New Code at Runtime
1Foreground Persistence
1Hide Artifacts
2Suppress Application Icon
1User Evasion
1Virtualization/Sandbox Evasion
1System Checks
1