General
-
Target
cf9fd65271e5281d41749783dbbfc4d1742f2fb037f69839216e8388b989ce29.bin
-
Size
302KB
-
Sample
240622-aek8ca1djr
-
MD5
8f32a935e151ada33739b49b0eaacb0b
-
SHA1
bc2d80152eb4ed71abfad126a408e0a4a27c5940
-
SHA256
cf9fd65271e5281d41749783dbbfc4d1742f2fb037f69839216e8388b989ce29
-
SHA512
d231314fb35640431194ae0fece490e38a8274cc9c85cb5f42143b360943358f294fd83922380760058f1a92b5f9af6972fe91cdc92bb650557bab8b2655ac5c
-
SSDEEP
6144:gz4N8EMLFo5Pl+wPlShAz7q+ZIsar0cV0WDnKGE6Es2U5CEsmkj4eXwano:UWOhzwPlSCz7q+ZIs4Y2KH6ES5CEsmkg
Static task
static1
Behavioral task
behavioral1
Sample
cf9fd65271e5281d41749783dbbfc4d1742f2fb037f69839216e8388b989ce29.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral2
Sample
cf9fd65271e5281d41749783dbbfc4d1742f2fb037f69839216e8388b989ce29.apk
Resource
android-x64-20240611.1-en
Behavioral task
behavioral3
Sample
cf9fd65271e5281d41749783dbbfc4d1742f2fb037f69839216e8388b989ce29.apk
Resource
android-x64-arm64-20240611.1-en
Malware Config
Extracted
xloader_apk
http://91.204.227.39:28844
Targets
-
-
Target
cf9fd65271e5281d41749783dbbfc4d1742f2fb037f69839216e8388b989ce29.bin
-
Size
302KB
-
MD5
8f32a935e151ada33739b49b0eaacb0b
-
SHA1
bc2d80152eb4ed71abfad126a408e0a4a27c5940
-
SHA256
cf9fd65271e5281d41749783dbbfc4d1742f2fb037f69839216e8388b989ce29
-
SHA512
d231314fb35640431194ae0fece490e38a8274cc9c85cb5f42143b360943358f294fd83922380760058f1a92b5f9af6972fe91cdc92bb650557bab8b2655ac5c
-
SSDEEP
6144:gz4N8EMLFo5Pl+wPlShAz7q+ZIsar0cV0WDnKGE6Es2U5CEsmkj4eXwano:UWOhzwPlSCz7q+ZIs4Y2KH6ES5CEsmkg
-
XLoader payload
-
Checks if the Android device is rooted.
-
Queries account information for other applications stored on the device
Application may abuse the framework's APIs to collect account information stored on the device.
-
Queries the phone number (MSISDN for GSM devices)
-
Reads the content of the MMS message.
-
Acquires the wake lock
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries information about active data network
-
Queries information about the current Wi-Fi connection
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Reads information about phone network operator.
-
Requests changing the default SMS application.
-