xloader_apk | 448f43ba9eff564a16ed0b4294d9f26ad63dd1373797d7a469f4562bc853da46 | Triage

Sharing

General

Target

448f43ba9eff564a16ed0b4294d9f26ad63dd1373797d7a469f4562bc853da46.bin
Size

415KB
Sample

240807-164f4syflh
MD5

f486784a4aff4b540ab311ac79b00329
SHA1

7c6b67be8d2a894c150897764495e234e8fccc2f
SHA256

448f43ba9eff564a16ed0b4294d9f26ad63dd1373797d7a469f4562bc853da46
SHA512

2add1879d1ab5f3f7baa9a9392e24019b642679708dccf08cbd83be324afe9e2d99086cc7e82ef90f8953b19a79b1b593e46faa90b7fda2e1990f0986503d862
SSDEEP

12288:PGUzHDUEYUIz6/V4NBCHkux0GfnGMyl+5vHd0Uvfu:eWH6zK4NcEuiagWHXvm

Score

10^/10

xloader_apk android banker collection discovery evasion impact infostealer persistence trojan

Malware Config

Targets

- Target
  
  448f43ba9eff564a16ed0b4294d9f26ad63dd1373797d7a469f4562bc853da46.bin
- Size
  
  415KB
- MD5
  
  f486784a4aff4b540ab311ac79b00329
- SHA1
  
  7c6b67be8d2a894c150897764495e234e8fccc2f
- SHA256
  
  448f43ba9eff564a16ed0b4294d9f26ad63dd1373797d7a469f4562bc853da46
- SHA512
  
  2add1879d1ab5f3f7baa9a9392e24019b642679708dccf08cbd83be324afe9e2d99086cc7e82ef90f8953b19a79b1b593e46faa90b7fda2e1990f0986503d862
- SSDEEP
  
  12288:PGUzHDUEYUIz6/V4NBCHkux0GfnGMyl+5vHd0Uvfu:eWH6zK4NcEuiagWHXvm
Score

10^/10

xloader_apk banker collection discovery evasion impact infostealer persistence trojan
- XLoader payload
- XLoader, MoqHao
  An Android banker and info stealer.
  trojan infostealer banker xloader_apk
- Checks if the Android device is rooted.
  evasion
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Queries the phone number (MSISDN for GSM devices)
  discovery
- Reads the content of the MMS message.
  collection
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Requests changing the default SMS application.
  collection impact
behavioral1

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

Foreground Persistence

Credential Access

Discovery

Software Discovery

Security Software Discovery

System Information Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Protected User Data

SMS Messages

Command and Control

Exfiltration

Impact

SMS Control

Tasks

static1

behavioral1

xloader_apkbankercollectiondiscoveryevasionimpactinfostealerpersistencetrojan