General
-
Target
b2584ad832d9cf04c2ce75c9d6f574f1cdee3f8ccc03bd4eaa8f915bdf9007e9.bin
-
Size
408KB
-
Sample
240803-13dfhsxblm
-
MD5
23403442f0a87342a45fd0733d580152
-
SHA1
73d947887c3503cf1e7e0f180fc6b20838d2f595
-
SHA256
b2584ad832d9cf04c2ce75c9d6f574f1cdee3f8ccc03bd4eaa8f915bdf9007e9
-
SHA512
36a85781a6e1ba856531e0d2ddb0da770b267345d78b743b9d8a28cab2067227bb1fd3cd91a935119d8ae22a61d33f186b876aada827eaca6fd6f86cca301a18
-
SSDEEP
6144:q5bfBgf6v/SkXt1/yQDz3a12UH/aiNBkcnOxH2R30vUEbObpm8jYJAwuP:q9JgCXTTDNUHiiQDhu0vUEbqmEYx8
Static task
static1
Behavioral task
behavioral1
Sample
b2584ad832d9cf04c2ce75c9d6f574f1cdee3f8ccc03bd4eaa8f915bdf9007e9.apk
Resource
android-x86-arm-20240624-en
Malware Config
Extracted
xloader_apk
http://91.204.227.50:28899
Targets
-
-
Target
b2584ad832d9cf04c2ce75c9d6f574f1cdee3f8ccc03bd4eaa8f915bdf9007e9.bin
-
Size
408KB
-
MD5
23403442f0a87342a45fd0733d580152
-
SHA1
73d947887c3503cf1e7e0f180fc6b20838d2f595
-
SHA256
b2584ad832d9cf04c2ce75c9d6f574f1cdee3f8ccc03bd4eaa8f915bdf9007e9
-
SHA512
36a85781a6e1ba856531e0d2ddb0da770b267345d78b743b9d8a28cab2067227bb1fd3cd91a935119d8ae22a61d33f186b876aada827eaca6fd6f86cca301a18
-
SSDEEP
6144:q5bfBgf6v/SkXt1/yQDz3a12UH/aiNBkcnOxH2R30vUEbObpm8jYJAwuP:q9JgCXTTDNUHiiQDhu0vUEbqmEYx8
-
XLoader payload
-
Checks if the Android device is rooted.
-
Queries the phone number (MSISDN for GSM devices)
-
Reads the content of the MMS message.
-
Acquires the wake lock
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Reads information about phone network operator.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-