General
-
Target
f14d329a70122c978d02c52d79864084553e75b47191e0f3f2d899002fbab3db.bin
-
Size
412KB
-
Sample
240619-csqq4awfnp
-
MD5
e7de531370206cc02d7e0364a9088887
-
SHA1
86642693c30a8a7f55599907a23fa5050eaf1ea1
-
SHA256
f14d329a70122c978d02c52d79864084553e75b47191e0f3f2d899002fbab3db
-
SHA512
b18040587099a01364cea36d43e9ef34ec1e15c748f1b90236a6b6f6159ea4bb0e01b8c240c5d7b38410174d3721f601f4f9d5a47378ccc6fae90abaae960934
-
SSDEEP
6144:n7RlLMbOFljLevI16OR7rf51Z32ByyflvQ8Xo8EeTwhI2JkFcACgexPOygIAcx:n7RlScl3evk6OR7jwflvqn+MEleQlcx
Static task
static1
Behavioral task
behavioral1
Sample
f14d329a70122c978d02c52d79864084553e75b47191e0f3f2d899002fbab3db.apk
Resource
android-x86-arm-20240611.1-en
Malware Config
Extracted
xloader_apk
http://91.204.227.50:28899
Targets
-
-
Target
f14d329a70122c978d02c52d79864084553e75b47191e0f3f2d899002fbab3db.bin
-
Size
412KB
-
MD5
e7de531370206cc02d7e0364a9088887
-
SHA1
86642693c30a8a7f55599907a23fa5050eaf1ea1
-
SHA256
f14d329a70122c978d02c52d79864084553e75b47191e0f3f2d899002fbab3db
-
SHA512
b18040587099a01364cea36d43e9ef34ec1e15c748f1b90236a6b6f6159ea4bb0e01b8c240c5d7b38410174d3721f601f4f9d5a47378ccc6fae90abaae960934
-
SSDEEP
6144:n7RlLMbOFljLevI16OR7rf51Z32ByyflvQ8Xo8EeTwhI2JkFcACgexPOygIAcx:n7RlScl3evk6OR7jwflvqn+MEleQlcx
-
XLoader payload
-
Checks if the Android device is rooted.
-
Queries account information for other applications stored on the device
Application may abuse the framework's APIs to collect account information stored on the device.
-
Queries the phone number (MSISDN for GSM devices)
-
Reads the content of the MMS message.
-
Acquires the wake lock
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Reads information about phone network operator.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-