General
-
Target
bb3d7fa0342877ac4cf76e2dca38660418b0481f9658b3ef0efcb3e26b0dbafa.bin
-
Size
408KB
-
Sample
240803-13ctzs1gmh
-
MD5
d0b4d4dd79433c3cbc29cecfb0673eeb
-
SHA1
7413765ea8f5f72e6155ae0ea2eb23abeae6df9d
-
SHA256
bb3d7fa0342877ac4cf76e2dca38660418b0481f9658b3ef0efcb3e26b0dbafa
-
SHA512
9e7a7d8a52e90bab6655bce257c2718beabe3e0c0a59c7b8ef8a7fe721d1dd54c81cb73df1a48d89869fb89fc13ee989b9749fb6a2a23ff29bdc4fa8bc298539
-
SSDEEP
6144:MbkyQDz3a12UH/aiNBkcnOxH2R30vUEbObpm8jYJAwuMLIzUk5M7JQZmDa0QBs:BDNUHiiQDhu0vUEbqmEYxTS/7wdQS
Static task
static1
Behavioral task
behavioral1
Sample
bb3d7fa0342877ac4cf76e2dca38660418b0481f9658b3ef0efcb3e26b0dbafa.apk
Resource
android-x86-arm-20240624-en
Malware Config
Extracted
xloader_apk
http://91.204.227.50:28899
Targets
-
-
Target
bb3d7fa0342877ac4cf76e2dca38660418b0481f9658b3ef0efcb3e26b0dbafa.bin
-
Size
408KB
-
MD5
d0b4d4dd79433c3cbc29cecfb0673eeb
-
SHA1
7413765ea8f5f72e6155ae0ea2eb23abeae6df9d
-
SHA256
bb3d7fa0342877ac4cf76e2dca38660418b0481f9658b3ef0efcb3e26b0dbafa
-
SHA512
9e7a7d8a52e90bab6655bce257c2718beabe3e0c0a59c7b8ef8a7fe721d1dd54c81cb73df1a48d89869fb89fc13ee989b9749fb6a2a23ff29bdc4fa8bc298539
-
SSDEEP
6144:MbkyQDz3a12UH/aiNBkcnOxH2R30vUEbObpm8jYJAwuMLIzUk5M7JQZmDa0QBs:BDNUHiiQDhu0vUEbqmEYxTS/7wdQS
-
XLoader payload
-
Checks if the Android device is rooted.
-
Queries the phone number (MSISDN for GSM devices)
-
Reads the content of the MMS message.
-
Acquires the wake lock
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Reads information about phone network operator.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-