General
-
Target
8bbf8b9927f044fa31ecc8ce31df525699600ef6da72ae7e92b3dbafb64b1c26.bin
-
Size
208KB
-
Sample
240616-abml1avajm
-
MD5
4ed81dd220b5ec7f3620b1935013315c
-
SHA1
1c1a37401c173b815475c99d7e279035abcdbb11
-
SHA256
8bbf8b9927f044fa31ecc8ce31df525699600ef6da72ae7e92b3dbafb64b1c26
-
SHA512
1d668f08582dd88713b4dd613565ae11c728a683c3bbaf03dc10ae4f54a3efc2102b75072ac937cb29e6438aafbcc0b9245e31490bc9ed3c36d60e778796995e
-
SSDEEP
6144:smulM2FSSK4vZACmcNlESitQS8n0p+cS9d:Nulll3vZAHSigJHc2d
Static task
static1
Behavioral task
behavioral1
Sample
8bbf8b9927f044fa31ecc8ce31df525699600ef6da72ae7e92b3dbafb64b1c26.apk
Resource
android-33-x64-arm64-20240611.1-en
Malware Config
Extracted
xloader_apk
http://91.204.227.39:28844
Targets
-
-
Target
8bbf8b9927f044fa31ecc8ce31df525699600ef6da72ae7e92b3dbafb64b1c26.bin
-
Size
208KB
-
MD5
4ed81dd220b5ec7f3620b1935013315c
-
SHA1
1c1a37401c173b815475c99d7e279035abcdbb11
-
SHA256
8bbf8b9927f044fa31ecc8ce31df525699600ef6da72ae7e92b3dbafb64b1c26
-
SHA512
1d668f08582dd88713b4dd613565ae11c728a683c3bbaf03dc10ae4f54a3efc2102b75072ac937cb29e6438aafbcc0b9245e31490bc9ed3c36d60e778796995e
-
SSDEEP
6144:smulM2FSSK4vZACmcNlESitQS8n0p+cS9d:Nulll3vZAHSigJHc2d
-
XLoader payload
-
Checks if the Android device is rooted.
-
Queries account information for other applications stored on the device
Application may abuse the framework's APIs to collect account information stored on the device.
-
Queries the phone number (MSISDN for GSM devices)
-
Reads the content of the MMS message.
-
Acquires the wake lock
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Requests changing the default SMS application.
-