General
-
Target
4687999a63d2b721785b0dd86686dcea39dbbc5caf62467b08e6bdcab3475a45.bin
-
Size
412KB
-
Sample
240803-13ryxaxbnk
-
MD5
0d797cebe417189513ae6d36dcfeae79
-
SHA1
a90cdd92b76512b8f188bc24aa3a0833c91d55ed
-
SHA256
4687999a63d2b721785b0dd86686dcea39dbbc5caf62467b08e6bdcab3475a45
-
SHA512
c91a04206eccc2e8e122f30db6ab4f138ed9dcc8471ed40beb4bddac8a9d6aea60aeb2f242c12ac7be2fa2ff5a71578f742a7cbbf736d920dc90d2a06c7c1e21
-
SSDEEP
6144:QyQDz3a12UH/aiNBkcnOxH2R30vUEbObpm8jYJAwuXg6cYCd5sDOrzUodx:MDNUHiiQDhu0vUEbqmEYxOgvYCbsC0o
Static task
static1
Behavioral task
behavioral1
Sample
4687999a63d2b721785b0dd86686dcea39dbbc5caf62467b08e6bdcab3475a45.apk
Resource
android-x86-arm-20240624-en
Malware Config
Extracted
xloader_apk
http://91.204.227.50:28899
Targets
-
-
Target
4687999a63d2b721785b0dd86686dcea39dbbc5caf62467b08e6bdcab3475a45.bin
-
Size
412KB
-
MD5
0d797cebe417189513ae6d36dcfeae79
-
SHA1
a90cdd92b76512b8f188bc24aa3a0833c91d55ed
-
SHA256
4687999a63d2b721785b0dd86686dcea39dbbc5caf62467b08e6bdcab3475a45
-
SHA512
c91a04206eccc2e8e122f30db6ab4f138ed9dcc8471ed40beb4bddac8a9d6aea60aeb2f242c12ac7be2fa2ff5a71578f742a7cbbf736d920dc90d2a06c7c1e21
-
SSDEEP
6144:QyQDz3a12UH/aiNBkcnOxH2R30vUEbObpm8jYJAwuXg6cYCd5sDOrzUodx:MDNUHiiQDhu0vUEbqmEYxOgvYCbsC0o
-
XLoader payload
-
Checks if the Android device is rooted.
-
Queries the phone number (MSISDN for GSM devices)
-
Reads the content of the MMS message.
-
Acquires the wake lock
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-