General
-
Target
c767a13041d305d995f3580d04faeaf1113f3fa0c0d4ef55568020963d9d2263.bin
-
Size
289KB
-
Sample
240612-vwcyhswhkn
-
MD5
fd7c0b5726e58955ecd89eb573a25db2
-
SHA1
804d59d095dd6f9dc09e22e69c9c598c63dadd85
-
SHA256
c767a13041d305d995f3580d04faeaf1113f3fa0c0d4ef55568020963d9d2263
-
SHA512
a541a21783ba9ab65af8e4a1de6970bd33dacb4a3750a04a4d04db2caeca21c75e7e3204a6c0794a1882b12b0fd8eee9ae4f85c2182b93d113a2471223429cdb
-
SSDEEP
6144:VIbQTQsqmdxuMDcYg8xYh+w3IlDlOlxM+seXf6x7SxgXZMxvh5z:isqUtuWYM+ssM2WXZMdhF
Static task
static1
Behavioral task
behavioral1
Sample
c767a13041d305d995f3580d04faeaf1113f3fa0c0d4ef55568020963d9d2263.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral2
Sample
c767a13041d305d995f3580d04faeaf1113f3fa0c0d4ef55568020963d9d2263.apk
Resource
android-x64-20240611.1-en
Behavioral task
behavioral3
Sample
c767a13041d305d995f3580d04faeaf1113f3fa0c0d4ef55568020963d9d2263.apk
Resource
android-x64-arm64-20240611.1-en
Malware Config
Extracted
xloader_apk
http://91.204.227.39:28844
Targets
-
-
Target
c767a13041d305d995f3580d04faeaf1113f3fa0c0d4ef55568020963d9d2263.bin
-
Size
289KB
-
MD5
fd7c0b5726e58955ecd89eb573a25db2
-
SHA1
804d59d095dd6f9dc09e22e69c9c598c63dadd85
-
SHA256
c767a13041d305d995f3580d04faeaf1113f3fa0c0d4ef55568020963d9d2263
-
SHA512
a541a21783ba9ab65af8e4a1de6970bd33dacb4a3750a04a4d04db2caeca21c75e7e3204a6c0794a1882b12b0fd8eee9ae4f85c2182b93d113a2471223429cdb
-
SSDEEP
6144:VIbQTQsqmdxuMDcYg8xYh+w3IlDlOlxM+seXf6x7SxgXZMxvh5z:isqUtuWYM+ssM2WXZMdhF
-
XLoader payload
-
Checks if the Android device is rooted.
-
Queries account information for other applications stored on the device
Application may abuse the framework's APIs to collect account information stored on the device.
-
Queries the phone number (MSISDN for GSM devices)
-
Reads the contacts stored on the device.
-
Reads the content of the MMS message.
-
Acquires the wake lock
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries information about active data network
-
Queries information about the current Wi-Fi connection
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries the unique device ID (IMEI, MEID, IMSI)
-
Reads information about phone network operator.
-
Requests changing the default SMS application.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-