xloader_apk | 87dc06995289426f6cb9f0e2fa8f275e8b3164d99e010037a24764d648211a1a | Triage

Sharing

General

Target

87dc06995289426f6cb9f0e2fa8f275e8b3164d99e010037a24764d648211a1a.bin
Size

207KB
Sample

240806-1zxd8awbpc
MD5

bff5edd6d7fdfbea76e1726cb1c970b2
SHA1

596258219d2f75ab38e6e012a5600f605838b924
SHA256

87dc06995289426f6cb9f0e2fa8f275e8b3164d99e010037a24764d648211a1a
SHA512

0d121d0d9e8799de380e85e82e399e1e9e869e6ee74bd1b0490532111933051e952e53fc49ed455f168bdcf0c22854cb3caec5ce6761dbe96bdee4ee3aaa58ed
SSDEEP

6144:8YFQJzQI479H7YgCYLILjwRG9l5qnh+jy0epWg:XFQJzQxyYC8GL5qCHewg

Score

10^/10

xloader_apk android banker collection discovery evasion impact infostealer persistence trojan

Malware Config

Targets

- Target
  
  87dc06995289426f6cb9f0e2fa8f275e8b3164d99e010037a24764d648211a1a.bin
- Size
  
  207KB
- MD5
  
  bff5edd6d7fdfbea76e1726cb1c970b2
- SHA1
  
  596258219d2f75ab38e6e012a5600f605838b924
- SHA256
  
  87dc06995289426f6cb9f0e2fa8f275e8b3164d99e010037a24764d648211a1a
- SHA512
  
  0d121d0d9e8799de380e85e82e399e1e9e869e6ee74bd1b0490532111933051e952e53fc49ed455f168bdcf0c22854cb3caec5ce6761dbe96bdee4ee3aaa58ed
- SSDEEP
  
  6144:8YFQJzQI479H7YgCYLILjwRG9l5qnh+jy0epWg:XFQJzQxyYC8GL5qCHewg
Score

10^/10

xloader_apk banker collection discovery evasion impact infostealer persistence trojan
- XLoader payload
- XLoader, MoqHao
  An Android banker and info stealer.
  trojan infostealer banker xloader_apk
- Checks if the Android device is rooted.
  evasion
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Queries the phone number (MSISDN for GSM devices)
  discovery
- Reads the content of the MMS message.
  collection
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Requests changing the default SMS application.
  collection impact
behavioral1

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

Foreground Persistence

Credential Access

Discovery

Software Discovery

Security Software Discovery

System Information Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Protected User Data

SMS Messages

Command and Control

Exfiltration

Impact

SMS Control

Tasks

static1

behavioral1

xloader_apkbankercollectiondiscoveryevasionimpactinfostealerpersistencetrojan