General
-
Target
af2c4dbff5e9732efba2170c5981ee3626b96d483ef9ce93a0de0baa7f47be8b.bin
-
Size
205KB
-
Sample
240624-wnzyravgrd
-
MD5
968446949d50875ed2a1c385d0e6725a
-
SHA1
d9e9a7d0d145c9096a92b35ebd6d0dce8a13f1ad
-
SHA256
af2c4dbff5e9732efba2170c5981ee3626b96d483ef9ce93a0de0baa7f47be8b
-
SHA512
889d640582643af5a65ea469e0cb6772d02fcdc5d9f91ca0c4f30b1603dd2f2184bfa1bb2c7c5644318d36effb46ad1df5188323b937eea68ba09db25fcfb355
-
SSDEEP
3072:39NCnrAX0aGQJRHQvvpHr0IPcL3GQFnDbHu46TVo/27w//mwMJ0Enlafa0O/chxX:36nrkJNJ+tr0CcSQw46BU2OmwB+NggLC
Static task
static1
Behavioral task
behavioral1
Sample
af2c4dbff5e9732efba2170c5981ee3626b96d483ef9ce93a0de0baa7f47be8b.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
af2c4dbff5e9732efba2170c5981ee3626b96d483ef9ce93a0de0baa7f47be8b.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
af2c4dbff5e9732efba2170c5981ee3626b96d483ef9ce93a0de0baa7f47be8b.apk
Resource
android-x64-arm64-20240624-en
Malware Config
Extracted
xloader_apk
http://91.204.227.39:28844
Targets
-
-
Target
af2c4dbff5e9732efba2170c5981ee3626b96d483ef9ce93a0de0baa7f47be8b.bin
-
Size
205KB
-
MD5
968446949d50875ed2a1c385d0e6725a
-
SHA1
d9e9a7d0d145c9096a92b35ebd6d0dce8a13f1ad
-
SHA256
af2c4dbff5e9732efba2170c5981ee3626b96d483ef9ce93a0de0baa7f47be8b
-
SHA512
889d640582643af5a65ea469e0cb6772d02fcdc5d9f91ca0c4f30b1603dd2f2184bfa1bb2c7c5644318d36effb46ad1df5188323b937eea68ba09db25fcfb355
-
SSDEEP
3072:39NCnrAX0aGQJRHQvvpHr0IPcL3GQFnDbHu46TVo/27w//mwMJ0Enlafa0O/chxX:36nrkJNJ+tr0CcSQw46BU2OmwB+NggLC
-
XLoader payload
-
Checks if the Android device is rooted.
-
Queries the phone number (MSISDN for GSM devices)
-
Reads the content of the MMS message.
-
Acquires the wake lock
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Requests changing the default SMS application.
-