Resubmissions

27-06-2024 12:14

240627-pergpa1bpd 10

25-06-2024 22:04

240625-1zdbcaweme 10

General

  • Target

    42d17086b42e38cbc0c7018626abc1f20327532b86a458a468d0032c6c1fcc2c.bin

  • Size

    307KB

  • Sample

    240627-pergpa1bpd

  • MD5

    ad7e6c8778f0a4245a4e0f9327a4c0ca

  • SHA1

    554f762dbef1d5c1b0c6bb6e5700acfd54c85fc8

  • SHA256

    42d17086b42e38cbc0c7018626abc1f20327532b86a458a468d0032c6c1fcc2c

  • SHA512

    e64f52c616e531fc3650849e6bfaf3c6d60224de5806aab6562acae080b7efb50c0e58707811e945c509e3af5f0ee04f9f6fc3c93301e3373ab2bfdec2634cbb

  • SSDEEP

    6144:MwqBzVFEuELPmrCyiyJ+tyqK02zGVmxJifqk1bdSu1NNg93ILF63L:kPHEL+iyJcNz2zGVmxJ2xbdzNNg93IEL

Malware Config

Extracted

Family

xloader_apk

C2

http://91.204.227.39:28844

DES_key

Targets

    • Target

      42d17086b42e38cbc0c7018626abc1f20327532b86a458a468d0032c6c1fcc2c.bin

    • Size

      307KB

    • MD5

      ad7e6c8778f0a4245a4e0f9327a4c0ca

    • SHA1

      554f762dbef1d5c1b0c6bb6e5700acfd54c85fc8

    • SHA256

      42d17086b42e38cbc0c7018626abc1f20327532b86a458a468d0032c6c1fcc2c

    • SHA512

      e64f52c616e531fc3650849e6bfaf3c6d60224de5806aab6562acae080b7efb50c0e58707811e945c509e3af5f0ee04f9f6fc3c93301e3373ab2bfdec2634cbb

    • SSDEEP

      6144:MwqBzVFEuELPmrCyiyJ+tyqK02zGVmxJifqk1bdSu1NNg93ILF63L:kPHEL+iyJcNz2zGVmxJ2xbdzNNg93IEL

    • XLoader payload

    • XLoader, MoqHao

      An Android banker and info stealer.

    • Checks if the Android device is rooted.

    • Removes its main activity from the application launcher

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Queries the phone number (MSISDN for GSM devices)

    • Reads the content of the MMS message.

    • Acquires the wake lock

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

    • Requests changing the default SMS application.

MITRE ATT&CK Matrix

Tasks