General
-
Target
Bxrttvryyc.apk
-
Size
440KB
-
Sample
240602-dd2qgsha48
-
MD5
22b5b13886c1a304956ded5815eee02c
-
SHA1
132ddff3583ffa905bc5185db71af00a5190a98d
-
SHA256
9110196a8110e41483c8f7924db14ba211d4c214858d2e8b3c7be7d3b2f41a60
-
SHA512
07b2f742ed0bdeeb10b3bf30e26a828531b9d53f79c2470f5d4b7f9eec489ac152d9728ca69c6b762db9e5f728c78f2b83f82c6825138fdab466e3b2aaf3c5f9
-
SSDEEP
12288:NNTaUT5zoAcWyysVeDaNju9+HkAbtT4qd:rX4ys7udAbP
Static task
static1
Behavioral task
behavioral1
Sample
Bxrttvryyc.apk
Resource
android-x64-arm64-20240514-en
Malware Config
Extracted
xloader_apk
http://91.204.227.50:28899
Targets
-
-
Target
Bxrttvryyc.apk
-
Size
440KB
-
MD5
22b5b13886c1a304956ded5815eee02c
-
SHA1
132ddff3583ffa905bc5185db71af00a5190a98d
-
SHA256
9110196a8110e41483c8f7924db14ba211d4c214858d2e8b3c7be7d3b2f41a60
-
SHA512
07b2f742ed0bdeeb10b3bf30e26a828531b9d53f79c2470f5d4b7f9eec489ac152d9728ca69c6b762db9e5f728c78f2b83f82c6825138fdab466e3b2aaf3c5f9
-
SSDEEP
12288:NNTaUT5zoAcWyysVeDaNju9+HkAbtT4qd:rX4ys7udAbP
-
XLoader payload
-
Checks if the Android device is rooted.
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries account information for other applications stored on the device
Application may abuse the framework's APIs to collect account information stored on the device.
-
Queries information about the current Wi-Fi connection
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries the phone number (MSISDN for GSM devices)
-
Reads the contacts stored on the device.
-
Reads the content of the MMS message.
-
Acquires the wake lock
-
Checks if the internet connection is available
-
Reads information about phone network operator.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-
Checks the presence of a debugger
-