Overview

overview

10

Static

static

6

090a0f7a77...78.apk

android-9-x86

10

Analysis

  • max time kernel
    179s
  • max time network
    155s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    30-07-2024 22:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    090a0f7a77ad0c22ea6404f1fac612bf82608a10b2bfe27de17e4701c8f93b78.apk

  • Size

    436KB

  • MD5

    b36af35ec896943be6bc7d457ba47649

  • SHA1

    54140316fa5b1d23e30e38f687135988bdfad943

  • SHA256

    090a0f7a77ad0c22ea6404f1fac612bf82608a10b2bfe27de17e4701c8f93b78

  • SHA512

    0d4b5776754d9ab06efd234a2ef409ae7fc3beebbe0f37046efbc5b1e0a0cdb5270563225319f2d49d9decc75c226472813bd7c91f847c0036f8ea55af6d1b9b

  • SSDEEP

    12288:t9AcWyysVeDaNju9+HkAbtT4q+G1R0Pspb:Rys7udAbkkREspb

Score
10/10
xloader_apkbankercollectiondiscoveryevasionimpactinfostealerpersistencestealthtrojan

Malware Config

Extracted

Family

xloader_apk

C2

http://91.204.227.50:28899

DES_key

Signatures

Processes

  • ygww.dxzepw.ont
    1⤵
    • Checks if the Android device is rooted.
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Reads the content of the MMS message.
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    PID:4298

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/ygww.dxzepw.ont/app_picture/1.jpg
    Filesize

    167KB

    MD5

    7aece4d2500610e90fd459765fab0b62

    SHA1

    1a255672b55dc91bf6f3c3b445f80042100a77a7

    SHA256

    2f44babaa0b7367421e28071e450b387be6c41e8a05f80b542d3935a1471fb34

    SHA512

    b30c13b5c1fd2de56b552cdbf7dc9cc3b0246f4a9f37397b193a0c84eb5916c6a2dda087dc39511d5aec67aa57a70cfd7c45a720d074292d3c36c3541c7336cc

    Download Submit

  • /data/data/ygww.dxzepw.ont/files/b
    Filesize

    444KB

    MD5

    5052e382193805f854a17470afdeadc8

    SHA1

    e434b19018b8d0a14c3db4b47318a9e92e9f5148

    SHA256

    6eac212f3e5d11281f0c7263e5795bd74241b233898280b8cb9479443747f52a

    SHA512

    be6fde561141ceebed2f1c98c845fdf247b10aecd15698130bda158484f02309e336a57e1a19fc740137f919904f0c649fcfed6d659b53b0ae6e97aaf794cec7

    Download Submit

  • /data/user/0/ygww.dxzepw.ont/app_picture/1.jpg
    Filesize

    167KB

    MD5

    034214341732165dfa47f2cd9b47987f

    SHA1

    2e29c905bca10f6363240e24c5c6c4a09cafae06

    SHA256

    a53f93bab8983b77366bccdcf62f6071fe76140a798b7042e57caa3e35f515c2

    SHA512

    ecc3c3b8364adf847d34786c545d0474905e3b4d57f506af89f500589330b7a3110142f22163027bae8802b0f3bd0a27e4025730256997b7155bc4a7f0e2aee6

    Download Submit