General
-
Target
115d233b840daccbfd96c43c26a5d5637aa2f2723c816ffaea27500f553755ea.bin
-
Size
208KB
-
Sample
240802-12j7nsselp
-
MD5
b4fa7b637123169904db242a67123d4a
-
SHA1
c4ae902eb023a773e4c3ad0dc521a53758ace1fe
-
SHA256
115d233b840daccbfd96c43c26a5d5637aa2f2723c816ffaea27500f553755ea
-
SHA512
5232f21f6f8e759045a920c3e133eda68f90088ca68328a573b0539b7e165859d84446d229aeadb89e2bf8beb8d77ab082d207dcd0716a1a43c304934f739566
-
SSDEEP
6144:7NDM2FSSK4vZACmcNlESitQS8n0p+cS9ryiC3:dll3vZAHSigJHc2ryiC3
Static task
static1
Behavioral task
behavioral1
Sample
115d233b840daccbfd96c43c26a5d5637aa2f2723c816ffaea27500f553755ea.apk
Resource
android-x64-arm64-20240624-en
Malware Config
Extracted
xloader_apk
http://91.204.227.39:28844
Targets
-
-
Target
115d233b840daccbfd96c43c26a5d5637aa2f2723c816ffaea27500f553755ea.bin
-
Size
208KB
-
MD5
b4fa7b637123169904db242a67123d4a
-
SHA1
c4ae902eb023a773e4c3ad0dc521a53758ace1fe
-
SHA256
115d233b840daccbfd96c43c26a5d5637aa2f2723c816ffaea27500f553755ea
-
SHA512
5232f21f6f8e759045a920c3e133eda68f90088ca68328a573b0539b7e165859d84446d229aeadb89e2bf8beb8d77ab082d207dcd0716a1a43c304934f739566
-
SSDEEP
6144:7NDM2FSSK4vZACmcNlESitQS8n0p+cS9ryiC3:dll3vZAHSigJHc2ryiC3
-
XLoader payload
-
Checks if the Android device is rooted.
-
Queries the phone number (MSISDN for GSM devices)
-
Reads the content of the MMS message.
-
Acquires the wake lock
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Requests changing the default SMS application.
-