Extracted

• • Target

    5022e513e7b90e736acf99f8b1941b728be26f4eb20e281e5d8df6ba9a4c9522.bin

  • Size

    251KB

  • MD5

    7bed8de77f2fe23f108d334900f537b2

  • SHA1

    49dac91574ecadeda99d030b98e31af5105fb20c

  • SHA256

    5022e513e7b90e736acf99f8b1941b728be26f4eb20e281e5d8df6ba9a4c9522

  • SHA512

    057c2e0c9c36ab389a924988209b8bb716f84dac629f88cc5d91162a7f68249fb7de8806f79e83e7218afe93935231caca6bb453dc2192a4eda02e43d302b90e

  • SSDEEP

    6144:qJHkLtVG0K+azq0mU6jmP+mXWi6VMyimUlf:qJHkLtI050r6jmhXWiVyZUlf

  Score

  10^/10

  xloader_apkbankercollectiondiscoveryevasionimpactinfostealerpersistencestealthtrojan

  • XLoader payload

  • XLoader, MoqHao

    An Android banker and info stealer.

    trojaninfostealerbankerxloader_apk

  • Checks if the Android device is rooted.

    evasion

  • Removes its main activity from the application launcher

    stealthtrojanevasion

  • Loads dropped Dex/Jar

    Runs executable file dropped to the device during analysis.

    evasion

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    bankerdiscovery

  • Queries the phone number (MSISDN for GSM devices)

    discovery

  • Reads the content of the MMS message.

    collection

  • Acquires the wake lock

  • Makes use of the framework's foreground persistence service

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence

  • Requests changing the default SMS application.

    collectionimpact
  behavioral1behavioral2behavioral3