General
-
Target
17bbeed2c7b812c79eedd31740dfe6b5ab86ccfcaf6d00d096e50bdaecc78903.bin
-
Size
412KB
-
Sample
240628-1xm3rstbld
-
MD5
3d284adcda1b28886379d4b5513eb5cb
-
SHA1
08634015c718919524021ae256fc43effe633508
-
SHA256
17bbeed2c7b812c79eedd31740dfe6b5ab86ccfcaf6d00d096e50bdaecc78903
-
SHA512
598ae4c510dcc377514c32b0f72a52f3918d76de089a654b76a1042797322b7e60794a68dc390494a3bef1a9ccccd3e4303beb93ac4ae2d37644645e44cb3648
-
SSDEEP
6144:0yQDz3a12UH/aiNBkcnOxH2R30vUEbObpm8jYJAwu4jXhquIhnM528oqxkeH:ADNUHiiQDhu0vUEbqmEYxDIIoTeH
Static task
static1
Behavioral task
behavioral1
Sample
17bbeed2c7b812c79eedd31740dfe6b5ab86ccfcaf6d00d096e50bdaecc78903.apk
Resource
android-x86-arm-20240624-en
Malware Config
Extracted
xloader_apk
http://91.204.227.50:28899
Targets
-
-
Target
17bbeed2c7b812c79eedd31740dfe6b5ab86ccfcaf6d00d096e50bdaecc78903.bin
-
Size
412KB
-
MD5
3d284adcda1b28886379d4b5513eb5cb
-
SHA1
08634015c718919524021ae256fc43effe633508
-
SHA256
17bbeed2c7b812c79eedd31740dfe6b5ab86ccfcaf6d00d096e50bdaecc78903
-
SHA512
598ae4c510dcc377514c32b0f72a52f3918d76de089a654b76a1042797322b7e60794a68dc390494a3bef1a9ccccd3e4303beb93ac4ae2d37644645e44cb3648
-
SSDEEP
6144:0yQDz3a12UH/aiNBkcnOxH2R30vUEbObpm8jYJAwu4jXhquIhnM528oqxkeH:ADNUHiiQDhu0vUEbqmEYxDIIoTeH
-
XLoader payload
-
Checks if the Android device is rooted.
-
Queries account information for other applications stored on the device
Application may abuse the framework's APIs to collect account information stored on the device.
-
Queries the phone number (MSISDN for GSM devices)
-
Reads the content of the MMS message.
-
Acquires the wake lock
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Reads information about phone network operator.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-