General
-
Target
ab125ea6e47ae9f04be5ee2e4f707c361a7912a64a24bd1dff16ffbb3fba931b.bin
-
Size
415KB
-
Sample
240807-16282svgnk
-
MD5
4b34024fbff198f2b6a1d63340a0e3f5
-
SHA1
8ff4adf63390b32a3ecc1d20777ac69cdb38c623
-
SHA256
ab125ea6e47ae9f04be5ee2e4f707c361a7912a64a24bd1dff16ffbb3fba931b
-
SHA512
2d9b3485acb6f359ad3d87d81285fa9ec034245975b700669f0d0bbff0088233446dea03117952c54b1dee58e2b34aa36b0af5e1914c47e22033d60481b7278b
-
SSDEEP
12288:4I/mMWUzHDUEYUIz6/V4NBCHkux0GfnGMyl+5vHd0UeT:vmjWH6zK4NcEuiagWHX8
Malware Config
Targets
-
-
Target
ab125ea6e47ae9f04be5ee2e4f707c361a7912a64a24bd1dff16ffbb3fba931b.bin
-
Size
415KB
-
MD5
4b34024fbff198f2b6a1d63340a0e3f5
-
SHA1
8ff4adf63390b32a3ecc1d20777ac69cdb38c623
-
SHA256
ab125ea6e47ae9f04be5ee2e4f707c361a7912a64a24bd1dff16ffbb3fba931b
-
SHA512
2d9b3485acb6f359ad3d87d81285fa9ec034245975b700669f0d0bbff0088233446dea03117952c54b1dee58e2b34aa36b0af5e1914c47e22033d60481b7278b
-
SSDEEP
12288:4I/mMWUzHDUEYUIz6/V4NBCHkux0GfnGMyl+5vHd0UeT:vmjWH6zK4NcEuiagWHX8
Score10/10-
XLoader payload
-
XLoader, MoqHao
An Android banker and info stealer.
-
Checks if the Android device is rooted.
-
Removes its main activity from the application launcher
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
-
Queries the phone number (MSISDN for GSM devices)
-
Reads the content of the MMS message.
-
Acquires the wake lock
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Requests changing the default SMS application.
-