General
-
Target
a2130e13e89275a7775dae63b1fbce2c9100dde9bf2fbf02c640e8570a0a6fd9.bin
-
Size
412KB
-
Sample
240627-1xqtnatbmc
-
MD5
1baaec89fd69f38d152171f72ca34315
-
SHA1
e7681a38d78f33912290958e63a9960016bde60b
-
SHA256
a2130e13e89275a7775dae63b1fbce2c9100dde9bf2fbf02c640e8570a0a6fd9
-
SHA512
050b450a6c656ecbba22469bc50470ce37f87c15c2e4956fe9aaeeadb1f34c446502657044e018e522bc470c3842209e81399b66db6b87f9696d4a83e22130d8
-
SSDEEP
12288:EDNUHiiQDhu0vUEbqmEYxR6nfUVD07v/I/:2+HiiQFvUE+Jg6fUVDj/
Static task
static1
Behavioral task
behavioral1
Sample
a2130e13e89275a7775dae63b1fbce2c9100dde9bf2fbf02c640e8570a0a6fd9.apk
Resource
android-x86-arm-20240624-en
Malware Config
Extracted
xloader_apk
http://91.204.227.50:28899
Targets
-
-
Target
a2130e13e89275a7775dae63b1fbce2c9100dde9bf2fbf02c640e8570a0a6fd9.bin
-
Size
412KB
-
MD5
1baaec89fd69f38d152171f72ca34315
-
SHA1
e7681a38d78f33912290958e63a9960016bde60b
-
SHA256
a2130e13e89275a7775dae63b1fbce2c9100dde9bf2fbf02c640e8570a0a6fd9
-
SHA512
050b450a6c656ecbba22469bc50470ce37f87c15c2e4956fe9aaeeadb1f34c446502657044e018e522bc470c3842209e81399b66db6b87f9696d4a83e22130d8
-
SSDEEP
12288:EDNUHiiQDhu0vUEbqmEYxR6nfUVD07v/I/:2+HiiQFvUE+Jg6fUVDj/
-
XLoader payload
-
Checks if the Android device is rooted.
-
Queries account information for other applications stored on the device
Application may abuse the framework's APIs to collect account information stored on the device.
-
Queries the phone number (MSISDN for GSM devices)
-
Reads the content of the MMS message.
-
Acquires the wake lock
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Reads information about phone network operator.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-