General
-
Target
56b20a81a5373c9f266210e1d234e3ef25f912ff5a7d7b4639d5b51b83797ebf.bin
-
Size
408KB
-
Sample
240803-13p5baxbmq
-
MD5
8d8014aafbaa9d40ff249d765ab5d92c
-
SHA1
55722164870dc4c8a965e5c0e86f966ffab9ad0d
-
SHA256
56b20a81a5373c9f266210e1d234e3ef25f912ff5a7d7b4639d5b51b83797ebf
-
SHA512
ad5e4d013852cc64e14adb4db6d394ab44373626ad27c212f3637086b63d63213b2614f4757ca9fd8a15c26e0108b6a82cd283376402a7e31cdf34e752dbc0e0
-
SSDEEP
12288:TDNUHiiQDhu0vUEbqmEYxaMA+P/IYef/b:X+HiiQFvUE+JUA+P/QL
Static task
static1
Behavioral task
behavioral1
Sample
56b20a81a5373c9f266210e1d234e3ef25f912ff5a7d7b4639d5b51b83797ebf.apk
Resource
android-x86-arm-20240624-en
Malware Config
Extracted
xloader_apk
http://91.204.227.50:28899
Targets
-
-
Target
56b20a81a5373c9f266210e1d234e3ef25f912ff5a7d7b4639d5b51b83797ebf.bin
-
Size
408KB
-
MD5
8d8014aafbaa9d40ff249d765ab5d92c
-
SHA1
55722164870dc4c8a965e5c0e86f966ffab9ad0d
-
SHA256
56b20a81a5373c9f266210e1d234e3ef25f912ff5a7d7b4639d5b51b83797ebf
-
SHA512
ad5e4d013852cc64e14adb4db6d394ab44373626ad27c212f3637086b63d63213b2614f4757ca9fd8a15c26e0108b6a82cd283376402a7e31cdf34e752dbc0e0
-
SSDEEP
12288:TDNUHiiQDhu0vUEbqmEYxaMA+P/IYef/b:X+HiiQFvUE+JUA+P/QL
-
XLoader payload
-
Checks if the Android device is rooted.
-
Queries the phone number (MSISDN for GSM devices)
-
Reads the content of the MMS message.
-
Acquires the wake lock
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Reads information about phone network operator.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-