General
-
Target
45c550845b7a7bf29fa6e6fe58329bfbb1ac2a88725df5097f018f67393682bc.bin
-
Size
415KB
-
Sample
240807-1636cayflg
-
MD5
aaed85cb515a1978dd889290691754bc
-
SHA1
92f4bd2d6dd0e17c5bd7d6975d56eb47f9073166
-
SHA256
45c550845b7a7bf29fa6e6fe58329bfbb1ac2a88725df5097f018f67393682bc
-
SHA512
f04adc805cb726ed3c998e3c0d61c723a205f9fe358a0add1feb16b9337d68b874f70fb9e2e721e18ec7b3817ad1ddeda672d86b6d378838104d7f883474217d
-
SSDEEP
12288:Lj94KK+BUzHDUEYUIz6/V4NBCHkux0GfnGMyl+5vHd0UJbE:LjW7mWH6zK4NcEuiagWHXJA
Malware Config
Targets
-
-
Target
45c550845b7a7bf29fa6e6fe58329bfbb1ac2a88725df5097f018f67393682bc.bin
-
Size
415KB
-
MD5
aaed85cb515a1978dd889290691754bc
-
SHA1
92f4bd2d6dd0e17c5bd7d6975d56eb47f9073166
-
SHA256
45c550845b7a7bf29fa6e6fe58329bfbb1ac2a88725df5097f018f67393682bc
-
SHA512
f04adc805cb726ed3c998e3c0d61c723a205f9fe358a0add1feb16b9337d68b874f70fb9e2e721e18ec7b3817ad1ddeda672d86b6d378838104d7f883474217d
-
SSDEEP
12288:Lj94KK+BUzHDUEYUIz6/V4NBCHkux0GfnGMyl+5vHd0UJbE:LjW7mWH6zK4NcEuiagWHXJA
Score10/10-
XLoader payload
-
XLoader, MoqHao
An Android banker and info stealer.
-
Checks if the Android device is rooted.
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
-
Queries the phone number (MSISDN for GSM devices)
-
Reads the content of the MMS message.
-
Acquires the wake lock
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Requests changing the default SMS application.
-