Extracted

• • Target

    ec4361c1add37b3fae594641d6b4f4ce0ccc56e157eac4c3625df107825da294.bin

  • Size

    208KB

  • MD5

    03c2165db90b8cb35bafdd299d086280

  • SHA1

    f5155496930bdddc6e28a0472ddc0477b741b956

  • SHA256

    ec4361c1add37b3fae594641d6b4f4ce0ccc56e157eac4c3625df107825da294

  • SHA512

    6463ce83467b32fe216f0166060512bfaeaf1ff8cdab6acc3b0fd78a83ed9ce37d2abc33a84f3364e9dfd7b40e0ba1d320af9c25afd948ddb113d81e900f8ac4

  • SSDEEP

    3072:Sv6l3y57G2BJAP4pVFIab9CfdAeoyQI/nqH4eXVHXcxIhnxmqj1nqqMSgl7iZlra:rZy1Gi6GwWoKeTQICYeFHMxyxBIqAGna

  Score

  10^/10

  xloader_apkbankercollectiondiscoveryevasionimpactinfostealerpersistencetrojan

  • XLoader payload

  • XLoader, MoqHao

    An Android banker and info stealer.

    trojaninfostealerbankerxloader_apk

  • Checks if the Android device is rooted.

    evasion

  • Loads dropped Dex/Jar

    Runs executable file dropped to the device during analysis.

    evasion

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    bankerdiscovery

  • Queries account information for other applications stored on the device

    Application may abuse the framework's APIs to collect account information stored on the device.

    collection

  • Queries the phone number (MSISDN for GSM devices)

    discovery

  • Reads the content of the MMS message.

    collection

  • Acquires the wake lock

  • Makes use of the framework's foreground persistence service

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence

  • Requests changing the default SMS application.

    collectionimpact
  behavioral1