General
-
Target
ff7625565e2f22e7aaff2a6d1783bcfccc41a61a58813579c607fe739d73d5d9.bin
-
Size
408KB
-
Sample
240803-13advsxbkr
-
MD5
899194ed44432d19b44e3b6b7170dd4d
-
SHA1
315b2d16223d038fac44d4f2d07a24331bb2f393
-
SHA256
ff7625565e2f22e7aaff2a6d1783bcfccc41a61a58813579c607fe739d73d5d9
-
SHA512
11a370f626f86926cbbf7976dc9c32fbe90587a79c6b712dd4501a57cf57f741e3a5138a93fd04ab930fdae72cb833d61401335826b692b4d783bc1582c3a70d
-
SSDEEP
6144:F24ayQDz3a12UH/aiNBkcnOxH2R30vUEbObpm8jYJAwusb/LOqTHjc0rIaQM:F24CDNUHiiQDhu0vUEbqmEYxjzOSD9I6
Static task
static1
Behavioral task
behavioral1
Sample
ff7625565e2f22e7aaff2a6d1783bcfccc41a61a58813579c607fe739d73d5d9.apk
Resource
android-x86-arm-20240624-en
Malware Config
Extracted
xloader_apk
http://91.204.227.50:28899
Targets
-
-
Target
ff7625565e2f22e7aaff2a6d1783bcfccc41a61a58813579c607fe739d73d5d9.bin
-
Size
408KB
-
MD5
899194ed44432d19b44e3b6b7170dd4d
-
SHA1
315b2d16223d038fac44d4f2d07a24331bb2f393
-
SHA256
ff7625565e2f22e7aaff2a6d1783bcfccc41a61a58813579c607fe739d73d5d9
-
SHA512
11a370f626f86926cbbf7976dc9c32fbe90587a79c6b712dd4501a57cf57f741e3a5138a93fd04ab930fdae72cb833d61401335826b692b4d783bc1582c3a70d
-
SSDEEP
6144:F24ayQDz3a12UH/aiNBkcnOxH2R30vUEbObpm8jYJAwusb/LOqTHjc0rIaQM:F24CDNUHiiQDhu0vUEbqmEYxjzOSD9I6
-
XLoader payload
-
Checks if the Android device is rooted.
-
Queries the phone number (MSISDN for GSM devices)
-
Reads the content of the MMS message.
-
Acquires the wake lock
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Reads information about phone network operator.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-