General
-
Target
9d7190f46accdeb4adc4205af73bf5125d33abec45985732889db6edffd3b623.bin
-
Size
205KB
-
Sample
240602-aj85zace99
-
MD5
bc3df5615103f84c1926fc59ba90ba2a
-
SHA1
da8a4b060802ab43a93435e344d7e3fe4d4832b4
-
SHA256
9d7190f46accdeb4adc4205af73bf5125d33abec45985732889db6edffd3b623
-
SHA512
b62d3c1b9b4266cd63e2ee5fabba69f172c764df6790476dec53db882264b9a774221e30b274331ebd2b84f5133b018d97e73cdac304e6791f87d16bf2a595cd
-
SSDEEP
3072:myKMhbjcDWlOvpHr0IPcL3GQFnDbHu46TVo/27w//mwMJ0Enlafa0O/chxg3kPqt:8UcDiOtr0CcSQw46BU2OmwB+Ngg54vtc
Static task
static1
Behavioral task
behavioral1
Sample
9d7190f46accdeb4adc4205af73bf5125d33abec45985732889db6edffd3b623.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
9d7190f46accdeb4adc4205af73bf5125d33abec45985732889db6edffd3b623.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral3
Sample
9d7190f46accdeb4adc4205af73bf5125d33abec45985732889db6edffd3b623.apk
Resource
android-x64-arm64-20240514-en
Malware Config
Extracted
xloader_apk
http://91.204.227.39:28844
Targets
-
-
Target
9d7190f46accdeb4adc4205af73bf5125d33abec45985732889db6edffd3b623.bin
-
Size
205KB
-
MD5
bc3df5615103f84c1926fc59ba90ba2a
-
SHA1
da8a4b060802ab43a93435e344d7e3fe4d4832b4
-
SHA256
9d7190f46accdeb4adc4205af73bf5125d33abec45985732889db6edffd3b623
-
SHA512
b62d3c1b9b4266cd63e2ee5fabba69f172c764df6790476dec53db882264b9a774221e30b274331ebd2b84f5133b018d97e73cdac304e6791f87d16bf2a595cd
-
SSDEEP
3072:myKMhbjcDWlOvpHr0IPcL3GQFnDbHu46TVo/27w//mwMJ0Enlafa0O/chxg3kPqt:8UcDiOtr0CcSQw46BU2OmwB+Ngg54vtc
-
XLoader payload
-
Checks if the Android device is rooted.
-
Requests changing the default SMS application.
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries account information for other applications stored on the device
Application may abuse the framework's APIs to collect account information stored on the device.
-
Queries information about the current Wi-Fi connection
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries the phone number (MSISDN for GSM devices)
-
Reads the contacts stored on the device.
-
Reads the content of the MMS message.
-
Registers a broadcast receiver at runtime (usually for listening for system events)
-
Acquires the wake lock
-
Checks if the internet connection is available
-
Reads information about phone network operator.
-