Extracted

• • Target

    a57f1f060cda7b7cc5f03dbd72ace8ce864fbc621b4cf3591107c45f27038173.bin

  • Size

    207KB

  • MD5

    591267fcc0bb130610b4a89cf6177f56

  • SHA1

    d389ac041851fc54af05fdb2149150280c4c36cf

  • SHA256

    a57f1f060cda7b7cc5f03dbd72ace8ce864fbc621b4cf3591107c45f27038173

  • SHA512

    7e1b65a9b0d842e4d0a229baa6ca7daff7a51b1ae87725effce36c29f5568bb8ff62c37429e1d0b2e20bbe52f0bbb26d9cd1b4df6dc8449319258790ceda339c

  • SSDEEP

    6144:ZqrNn2t9yrcmDJfb75YflyBVG8I4odLG/KQL:ZqrNn2tYJX5YoB9I4mgXL

  Score

  10^/10

  xloader_apkbankercollectiondiscoveryevasionimpactinfostealerpersistencetrojan

  • XLoader payload

  • XLoader, MoqHao

    An Android banker and info stealer.

    trojaninfostealerbankerxloader_apk

  • Checks if the Android device is rooted.

    evasion

  • Loads dropped Dex/Jar

    Runs executable file dropped to the device during analysis.

    evasion

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    bankerdiscovery

  • Queries the phone number (MSISDN for GSM devices)

    discovery

  • Reads the content of the MMS message.

    collection

  • Acquires the wake lock

  • Makes use of the framework's foreground persistence service

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence

  • Requests changing the default SMS application.

    collectionimpact
  behavioral1