General
-
Target
6accd0f49844d73369d6a30b04ffabdde19baf56019f273364640d3f816c4fd4.bin
-
Size
436KB
-
Sample
240730-1y9yxswanb
-
MD5
ad53cc76eede5f9f25d741ec3cb86de8
-
SHA1
dd2fecf86a5b487d764455cd81ee750976281a3a
-
SHA256
6accd0f49844d73369d6a30b04ffabdde19baf56019f273364640d3f816c4fd4
-
SHA512
f19f99836c8ffdfb6fbdf26a835fe2b0e1377ff67b327f3cf1aad32fedf44da81bcb99ff7c1ceebd8f88661929c3a903ad3db2ea2aace0d0f1dd51e2907306dd
-
SSDEEP
6144:guEYMSqQTsBbIaQYiSWTql6+iK6edDusVeDaOJ3CBtKXyFju92/HAjjcJ1ttT6zi:guEPQMAcWyysVeDaNju9+HkAbtT4q5p
Static task
static1
Behavioral task
behavioral1
Sample
6accd0f49844d73369d6a30b04ffabdde19baf56019f273364640d3f816c4fd4.apk
Resource
android-x86-arm-20240624-en
Malware Config
Extracted
xloader_apk
http://91.204.227.50:28899
Targets
-
-
Target
6accd0f49844d73369d6a30b04ffabdde19baf56019f273364640d3f816c4fd4.bin
-
Size
436KB
-
MD5
ad53cc76eede5f9f25d741ec3cb86de8
-
SHA1
dd2fecf86a5b487d764455cd81ee750976281a3a
-
SHA256
6accd0f49844d73369d6a30b04ffabdde19baf56019f273364640d3f816c4fd4
-
SHA512
f19f99836c8ffdfb6fbdf26a835fe2b0e1377ff67b327f3cf1aad32fedf44da81bcb99ff7c1ceebd8f88661929c3a903ad3db2ea2aace0d0f1dd51e2907306dd
-
SSDEEP
6144:guEYMSqQTsBbIaQYiSWTql6+iK6edDusVeDaOJ3CBtKXyFju92/HAjjcJ1ttT6zi:guEPQMAcWyysVeDaNju9+HkAbtT4q5p
-
XLoader payload
-
Checks if the Android device is rooted.
-
Queries the phone number (MSISDN for GSM devices)
-
Reads the content of the MMS message.
-
Acquires the wake lock
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Reads information about phone network operator.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-
Checks the presence of a debugger
-