General
-
Target
6ebe281288b2e7bff6f3c6911c717f57e8cf3d8d2dfc63694eda309285ff7dab.bin
-
Size
436KB
-
Sample
240730-1y9cds1glm
-
MD5
485ca9003b85ed5e666025c95076f78b
-
SHA1
f955faf3f48a50e9bd72d878863f3a378d09d60b
-
SHA256
6ebe281288b2e7bff6f3c6911c717f57e8cf3d8d2dfc63694eda309285ff7dab
-
SHA512
9e725c7f6d3ce0138e607d46cd1ba8c9c8b3b811cb8be5c4fb43bc82a3169c1c379771dc40fb5d7ceedcf0a8b296b63b2e9170688c6e648191cb78ae3f202d47
-
SSDEEP
6144:o+Rp/Vy7XKm/oqxIaQYiSWTql6+iK6edDusVeDaOJ3CBtKXyFju92/HAjjcJ1tt9:o97XHQqBAcWyysVeDaNju9+HkAbtT4qt
Static task
static1
Behavioral task
behavioral1
Sample
6ebe281288b2e7bff6f3c6911c717f57e8cf3d8d2dfc63694eda309285ff7dab.apk
Resource
android-x86-arm-20240624-en
Malware Config
Extracted
xloader_apk
http://91.204.227.50:28899
Targets
-
-
Target
6ebe281288b2e7bff6f3c6911c717f57e8cf3d8d2dfc63694eda309285ff7dab.bin
-
Size
436KB
-
MD5
485ca9003b85ed5e666025c95076f78b
-
SHA1
f955faf3f48a50e9bd72d878863f3a378d09d60b
-
SHA256
6ebe281288b2e7bff6f3c6911c717f57e8cf3d8d2dfc63694eda309285ff7dab
-
SHA512
9e725c7f6d3ce0138e607d46cd1ba8c9c8b3b811cb8be5c4fb43bc82a3169c1c379771dc40fb5d7ceedcf0a8b296b63b2e9170688c6e648191cb78ae3f202d47
-
SSDEEP
6144:o+Rp/Vy7XKm/oqxIaQYiSWTql6+iK6edDusVeDaOJ3CBtKXyFju92/HAjjcJ1tt9:o97XHQqBAcWyysVeDaNju9+HkAbtT4qt
-
XLoader payload
-
Checks if the Android device is rooted.
-
Queries the phone number (MSISDN for GSM devices)
-
Reads the content of the MMS message.
-
Acquires the wake lock
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Reads information about phone network operator.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-
Checks the presence of a debugger
-