General

  • Target

    ab4a1f7925ca04a20a6d155907acb9dc6c91e23cab9083885f2f19d059ea7021.bin

  • Size

    283KB

  • Sample

    240728-1w649a1fmf

  • MD5

    cf5a5264bcf256100880fa02f8e9a3b3

  • SHA1

    d9ee30b3124cde9608f7c45516b67f56ca8163fb

  • SHA256

    ab4a1f7925ca04a20a6d155907acb9dc6c91e23cab9083885f2f19d059ea7021

  • SHA512

    0ef03e0e2cc0b992bd1928b423e08e718096607a2640cd0c2fb563efb3ec3fe9605a58e82f38aeb89d371e92548c269584ebcdf4ec9cb02365c8939c2d48e9ce

  • SSDEEP

    6144:tNMqqPRqiwXiHAvfj+JEr5TNCHNZbu9esIWQo1Wslovj0bFoH:jMNRZwXYyj/r5TNCtZbhsIJo1Wr70xy

Malware Config

Targets

    • Target

      ab4a1f7925ca04a20a6d155907acb9dc6c91e23cab9083885f2f19d059ea7021.bin

    • Size

      283KB

    • MD5

      cf5a5264bcf256100880fa02f8e9a3b3

    • SHA1

      d9ee30b3124cde9608f7c45516b67f56ca8163fb

    • SHA256

      ab4a1f7925ca04a20a6d155907acb9dc6c91e23cab9083885f2f19d059ea7021

    • SHA512

      0ef03e0e2cc0b992bd1928b423e08e718096607a2640cd0c2fb563efb3ec3fe9605a58e82f38aeb89d371e92548c269584ebcdf4ec9cb02365c8939c2d48e9ce

    • SSDEEP

      6144:tNMqqPRqiwXiHAvfj+JEr5TNCHNZbu9esIWQo1Wslovj0bFoH:jMNRZwXYyj/r5TNCtZbhsIJo1Wr70xy

    • XLoader payload

    • XLoader, MoqHao

      An Android banker and info stealer.

    • Checks if the Android device is rooted.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Queries the phone number (MSISDN for GSM devices)

    • Reads the content of the MMS message.

    • Acquires the wake lock

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

MITRE ATT&CK Matrix

Tasks