General
-
Target
7649d97ad81f70c99d2f34f4077c2fce9361735fa2bb309b72745fd1139cc706.bin
-
Size
436KB
-
Sample
240730-1xa37svhlg
-
MD5
a216438cb77fdca55975e0a923f0586a
-
SHA1
0a94a5b26b3f02fb38c74a462ec922991033adca
-
SHA256
7649d97ad81f70c99d2f34f4077c2fce9361735fa2bb309b72745fd1139cc706
-
SHA512
fa33256a71fc81f246610c161b7292c690fce5dcb4398f69f1aafb5b0253819d554e355a1fd5a49c2e8a45f71299321e806bf82d1ff04b47dd4df35c5de86c47
-
SSDEEP
12288:qi0rMvbg9JN5SeeAAcWyysVeDaNju9+HkAbtT4q9:qLr+gLL8gys7udAb3
Static task
static1
Behavioral task
behavioral1
Sample
7649d97ad81f70c99d2f34f4077c2fce9361735fa2bb309b72745fd1139cc706.apk
Resource
android-x86-arm-20240624-en
Malware Config
Extracted
xloader_apk
http://91.204.227.50:28899
Targets
-
-
Target
7649d97ad81f70c99d2f34f4077c2fce9361735fa2bb309b72745fd1139cc706.bin
-
Size
436KB
-
MD5
a216438cb77fdca55975e0a923f0586a
-
SHA1
0a94a5b26b3f02fb38c74a462ec922991033adca
-
SHA256
7649d97ad81f70c99d2f34f4077c2fce9361735fa2bb309b72745fd1139cc706
-
SHA512
fa33256a71fc81f246610c161b7292c690fce5dcb4398f69f1aafb5b0253819d554e355a1fd5a49c2e8a45f71299321e806bf82d1ff04b47dd4df35c5de86c47
-
SSDEEP
12288:qi0rMvbg9JN5SeeAAcWyysVeDaNju9+HkAbtT4q9:qLr+gLL8gys7udAb3
-
XLoader payload
-
Checks if the Android device is rooted.
-
Queries the phone number (MSISDN for GSM devices)
-
Reads the content of the MMS message.
-
Acquires the wake lock
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Reads information about phone network operator.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-
Checks the presence of a debugger
-