General
-
Target
a4c3ae9e62eef0d0439b5bd6c15ded9760b70d8ffc357203afcde09daad1ca41.bin
-
Size
408KB
-
Sample
240627-1zc1kstclb
-
MD5
d3ad2b04e4529a9932b792d4877da2c5
-
SHA1
2d0652a02f266f6944ea457fb3ece39a81761293
-
SHA256
a4c3ae9e62eef0d0439b5bd6c15ded9760b70d8ffc357203afcde09daad1ca41
-
SHA512
185084e0fdbcb8a482cc694a59bdf94d5b9b4e2f9f57d74b4ba7b672776817b437adc6bf45873d454edc6d225bef50e58f55909b9964256dd0adbd024fb7d030
-
SSDEEP
12288:JfD75GyCzAU2PZiv71GwDNUHiiQDhu0vUEbqmEYxJ:V3xZC+HiiQFvUE+Ju
Static task
static1
Behavioral task
behavioral1
Sample
a4c3ae9e62eef0d0439b5bd6c15ded9760b70d8ffc357203afcde09daad1ca41.apk
Resource
android-x86-arm-20240624-en
Malware Config
Extracted
xloader_apk
http://91.204.227.50:28899
Targets
-
-
Target
a4c3ae9e62eef0d0439b5bd6c15ded9760b70d8ffc357203afcde09daad1ca41.bin
-
Size
408KB
-
MD5
d3ad2b04e4529a9932b792d4877da2c5
-
SHA1
2d0652a02f266f6944ea457fb3ece39a81761293
-
SHA256
a4c3ae9e62eef0d0439b5bd6c15ded9760b70d8ffc357203afcde09daad1ca41
-
SHA512
185084e0fdbcb8a482cc694a59bdf94d5b9b4e2f9f57d74b4ba7b672776817b437adc6bf45873d454edc6d225bef50e58f55909b9964256dd0adbd024fb7d030
-
SSDEEP
12288:JfD75GyCzAU2PZiv71GwDNUHiiQDhu0vUEbqmEYxJ:V3xZC+HiiQFvUE+Ju
-
XLoader payload
-
Checks if the Android device is rooted.
-
Queries account information for other applications stored on the device
Application may abuse the framework's APIs to collect account information stored on the device.
-
Queries the phone number (MSISDN for GSM devices)
-
Reads the content of the MMS message.
-
Acquires the wake lock
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries information about active data network
-
Queries information about the current Wi-Fi connection
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Reads information about phone network operator.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Defense Evasion
Download New Code at Runtime
1Foreground Persistence
1Hide Artifacts
2Suppress Application Icon
1User Evasion
1Virtualization/Sandbox Evasion
1System Checks
1