Overview

overview

10

Static

static

6

036b25b3f9...9f.apk

android-11-x64

10

Analysis

  • max time kernel
    179s
  • max time network
    182s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240624-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
  • submitted
    26-06-2024 22:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    036b25b3f9362b569345d257d21e0e21ae07ce32e1fa8bba5d4db10c2df2019f.apk

  • Size

    283KB

  • MD5

    d08fa201238f38a24da26bab69ee57b7

  • SHA1

    5d46fffc2cee0d298de7a0d4b6c6c4c37cd6e300

  • SHA256

    036b25b3f9362b569345d257d21e0e21ae07ce32e1fa8bba5d4db10c2df2019f

  • SHA512

    9007eaa121f81f4f8ec8e827046f946f5b74377364c9503f67825546186b5a3453917656959bf9cc314aed0bad88345649957fb65043f9cd347f95665e5f01dd

  • SSDEEP

    6144:80sciDwdMQ6RkA071qb7kr8aOWQGEuRy0xq40/m31qsD7vw:804DwdgRPa1G47vQGvy0E4FqsPw

Score
10/10
xloader_apkbankercollectiondiscoveryevasionimpactinfostealerpersistencestealthtrojan

Malware Config

Extracted

Family

xloader_apk

C2

http://91.204.227.39:28844

DES_key

Signatures

Processes

  • lm.bmgbf.wxsiw.ixgm
    1⤵
    • Checks if the Android device is rooted.
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Reads the content of the MMS message.
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4474

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/lm.bmgbf.wxsiw.ixgm/files/b
    Filesize

    505KB

    MD5

    1948f47b3ea40b56b95c2afea1715414

    SHA1

    5c690f45283971be674c6d8a2e54175b0ecf55eb

    SHA256

    55e4054d9045b3a34d808883c387d64cbae6a402ba7551f1c7a19d6b2bcc5ae7

    SHA512

    8f3e40ff08f864901147cd60dd88191b9f792a746f0d923e3fea3a30f1ce951ec984013641b32ce1130b764f3d27974ac1a4a9d281090c8bbbff02808ffeb436

    Download Submit

  • /data/user/0/lm.bmgbf.wxsiw.ixgm/files/oat/b.cur.prof
    Filesize

    979B

    MD5

    a9da5ded57e489cc53e15d9c480ccc10

    SHA1

    124621182e3f72bdd8405741d0f93598f512d93e

    SHA256

    eed43b49be1a217f757c1ec1aabc34584c71222131bf5275d206f1130279e6b8

    SHA512

    db140018830a5a17c18d46281d935b0073a018e5a75da2df2bb6525b8d0e53f0f25c3d2fc752ac09fbdc713cb05749789ecf5623f2081d47e0c241d78fd4c44a

    Download Submit