General
-
Target
ad4a8abdf69e5e8ada84abc163ad7f132dd7fa99163a090f7e9c265624c85944.bin
-
Size
408KB
-
Sample
240803-13d22s1gna
-
MD5
fb0c627fbca08c48f5c7ac312a38ac9f
-
SHA1
558dba4c3af6f48268e53cdf8c0726d2263c5503
-
SHA256
ad4a8abdf69e5e8ada84abc163ad7f132dd7fa99163a090f7e9c265624c85944
-
SHA512
ce2ba3b7692ffc96dac103faf2c8bbaf5e8ddbd5434917f0fe6866ed8af203fb083187be264e80d79ab5bde6ec54818c76820009f9571576335798743334214b
-
SSDEEP
12288:qYXEP0mOMpeB+DNUHiiQDhu0vUEbqmEYxN:Qp8o+HiiQFvUE+JI
Static task
static1
Behavioral task
behavioral1
Sample
ad4a8abdf69e5e8ada84abc163ad7f132dd7fa99163a090f7e9c265624c85944.apk
Resource
android-x86-arm-20240624-en
Malware Config
Extracted
xloader_apk
http://91.204.227.50:28899
Targets
-
-
Target
ad4a8abdf69e5e8ada84abc163ad7f132dd7fa99163a090f7e9c265624c85944.bin
-
Size
408KB
-
MD5
fb0c627fbca08c48f5c7ac312a38ac9f
-
SHA1
558dba4c3af6f48268e53cdf8c0726d2263c5503
-
SHA256
ad4a8abdf69e5e8ada84abc163ad7f132dd7fa99163a090f7e9c265624c85944
-
SHA512
ce2ba3b7692ffc96dac103faf2c8bbaf5e8ddbd5434917f0fe6866ed8af203fb083187be264e80d79ab5bde6ec54818c76820009f9571576335798743334214b
-
SSDEEP
12288:qYXEP0mOMpeB+DNUHiiQDhu0vUEbqmEYxN:Qp8o+HiiQFvUE+JI
-
XLoader payload
-
Checks if the Android device is rooted.
-
Queries the phone number (MSISDN for GSM devices)
-
Reads the content of the MMS message.
-
Acquires the wake lock
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Reads information about phone network operator.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-