General
-
Target
308e44e7deb185ba7088073ef459b9495347104cea80238170e0e92fe531df92.bin
-
Size
208KB
-
Sample
240601-ajsg8aag4s
-
MD5
34233c36d53e4c93d70aee35ac78d742
-
SHA1
33a29a1b088ded851759289804b0976e6513d08a
-
SHA256
308e44e7deb185ba7088073ef459b9495347104cea80238170e0e92fe531df92
-
SHA512
a291dd99b34b5228c84938dec071c39372dd4df97d4cdf0c464afb8cc938959406cb49e778588a6093a89d7df6a103d008685e2b505dc785516d32e5736db93e
-
SSDEEP
6144:v8jvNJqZ/P7WIEqgQlGUoq3OIEuWJ85yB:EjFmXSIbV7FyJYyB
Static task
static1
Behavioral task
behavioral1
Sample
308e44e7deb185ba7088073ef459b9495347104cea80238170e0e92fe531df92.apk
Resource
android-x64-arm64-20240514-en
Malware Config
Extracted
xloader_apk
http://91.204.227.39:28844
Targets
-
-
Target
308e44e7deb185ba7088073ef459b9495347104cea80238170e0e92fe531df92.bin
-
Size
208KB
-
MD5
34233c36d53e4c93d70aee35ac78d742
-
SHA1
33a29a1b088ded851759289804b0976e6513d08a
-
SHA256
308e44e7deb185ba7088073ef459b9495347104cea80238170e0e92fe531df92
-
SHA512
a291dd99b34b5228c84938dec071c39372dd4df97d4cdf0c464afb8cc938959406cb49e778588a6093a89d7df6a103d008685e2b505dc785516d32e5736db93e
-
SSDEEP
6144:v8jvNJqZ/P7WIEqgQlGUoq3OIEuWJ85yB:EjFmXSIbV7FyJYyB
-
XLoader payload
-
Checks if the Android device is rooted.
-
Requests changing the default SMS application.
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries account information for other applications stored on the device
Application may abuse the framework's APIs to collect account information stored on the device.
-
Queries information about the current Wi-Fi connection
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries the phone number (MSISDN for GSM devices)
-
Reads the contacts stored on the device.
-
Reads the content of the MMS message.
-
Acquires the wake lock
-
Checks if the internet connection is available
-
Reads information about phone network operator.
-