General
-
Target
6a58560ded9bcc9b2fd428105cad9664c6bb9821780df2127a506a142f640bb8.bin
-
Size
213KB
-
Sample
240809-14m2ca1hnp
-
MD5
ab442d43f8939a6025deb8296826c7dc
-
SHA1
8c911f792145dd4c44c1e1265376d47924b2cf1f
-
SHA256
6a58560ded9bcc9b2fd428105cad9664c6bb9821780df2127a506a142f640bb8
-
SHA512
942b8a789cde5fca353ef58839f4fc2e3e10812a787c8576043f92d9cad331908080bc994c9ca1427f85ad93a6e70f7e9751ecd2835f5a7021147c384083f61e
-
SSDEEP
3072:b3wI0YfCOVl3ZKgt3oB7XVWK/85EVYnLF1xh+DNMQr6RJz3emHSX0hxZNQvpllg:zV64l3UJZQLPGpMU6/zMX0hxZNIg
Malware Config
Targets
-
-
Target
6a58560ded9bcc9b2fd428105cad9664c6bb9821780df2127a506a142f640bb8.bin
-
Size
213KB
-
MD5
ab442d43f8939a6025deb8296826c7dc
-
SHA1
8c911f792145dd4c44c1e1265376d47924b2cf1f
-
SHA256
6a58560ded9bcc9b2fd428105cad9664c6bb9821780df2127a506a142f640bb8
-
SHA512
942b8a789cde5fca353ef58839f4fc2e3e10812a787c8576043f92d9cad331908080bc994c9ca1427f85ad93a6e70f7e9751ecd2835f5a7021147c384083f61e
-
SSDEEP
3072:b3wI0YfCOVl3ZKgt3oB7XVWK/85EVYnLF1xh+DNMQr6RJz3emHSX0hxZNQvpllg:zV64l3UJZQLPGpMU6/zMX0hxZNIg
Score10/10-
XLoader payload
-
XLoader, MoqHao
An Android banker and info stealer.
-
Checks if the Android device is rooted.
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
-
Queries the phone number (MSISDN for GSM devices)
-
Reads the content of the MMS message.
-
Acquires the wake lock
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Requests changing the default SMS application.
-