General
-
Target
e45a8fad07e7161dd1a542a9f9f9a9281ef19fc484bebe14126d394c33f96b67.bin
-
Size
438KB
-
Sample
240729-1zk17axdke
-
MD5
0499ced8b09f5ab803545e8dada5471e
-
SHA1
ee93c132ae20ebc6379f7cdd523fb30ac2b6a8f5
-
SHA256
e45a8fad07e7161dd1a542a9f9f9a9281ef19fc484bebe14126d394c33f96b67
-
SHA512
e97b92c25aed76c84efdf144215fc7aa6d653befd2e28aa713b30d5ea22e807f18305097041005771d3256ff9c0a4e3dead2c91dd147f989cdd903e7f4980f0e
-
SSDEEP
6144:J8ea6AgorZvSNpUpmTSlIOiyjQe72EWPXefMiausTecJQunqUMQPjKMi4J/7FwmP:VaZTtvL/lIOiI3T6vjQL6KszfhWuODAn
Static task
static1
Behavioral task
behavioral1
Sample
e45a8fad07e7161dd1a542a9f9f9a9281ef19fc484bebe14126d394c33f96b67.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
e45a8fad07e7161dd1a542a9f9f9a9281ef19fc484bebe14126d394c33f96b67.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
e45a8fad07e7161dd1a542a9f9f9a9281ef19fc484bebe14126d394c33f96b67.apk
Resource
android-x64-arm64-20240624-en
Malware Config
Extracted
xloader_apk
http://91.204.227.39:28844
Targets
-
-
Target
e45a8fad07e7161dd1a542a9f9f9a9281ef19fc484bebe14126d394c33f96b67.bin
-
Size
438KB
-
MD5
0499ced8b09f5ab803545e8dada5471e
-
SHA1
ee93c132ae20ebc6379f7cdd523fb30ac2b6a8f5
-
SHA256
e45a8fad07e7161dd1a542a9f9f9a9281ef19fc484bebe14126d394c33f96b67
-
SHA512
e97b92c25aed76c84efdf144215fc7aa6d653befd2e28aa713b30d5ea22e807f18305097041005771d3256ff9c0a4e3dead2c91dd147f989cdd903e7f4980f0e
-
SSDEEP
6144:J8ea6AgorZvSNpUpmTSlIOiyjQe72EWPXefMiausTecJQunqUMQPjKMi4J/7FwmP:VaZTtvL/lIOiI3T6vjQL6KszfhWuODAn
-
XLoader payload
-
Checks if the Android device is rooted.
-
Queries the phone number (MSISDN for GSM devices)
-
Reads the content of the MMS message.
-
Acquires the wake lock
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries information about active data network
-
Reads information about phone network operator.
-
Requests changing the default SMS application.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-