xloader_apk | f5a520309af04ce86829a5a5f36f42ef196f2105b1937b67d27ef51aeffbd354 | Triage

Sharing

General

Target

f5a520309af04ce86829a5a5f36f42ef196f2105b1937b67d27ef51aeffbd354.bin
Size

208KB
Sample

240809-18altasbqk
MD5

77518dc071a3ea3cd8d5204f82317d26
SHA1

292c682167ae494ffe0ad7f64ae233ac331ef6c5
SHA256

f5a520309af04ce86829a5a5f36f42ef196f2105b1937b67d27ef51aeffbd354
SHA512

64c2410bbb27304185dc34bf2978b40e58548a1846f9dc8b95b5cd1415a57a95362f09bda9fedd3ab6c12e4a45b186c6ec3d571c88b56e40d922a2e6a926700a
SSDEEP

6144:8Zfa9/aXPTICKhC5sX50AYuFMs4TlIZSj9Pkocy46fylX:8ZfWSXPT6hnSBS4m/ocFlX

Score

10^/10

xloader_apk android banker collection discovery evasion impact infostealer persistence trojan

Malware Config

Targets

- Target
  
  f5a520309af04ce86829a5a5f36f42ef196f2105b1937b67d27ef51aeffbd354.bin
- Size
  
  208KB
- MD5
  
  77518dc071a3ea3cd8d5204f82317d26
- SHA1
  
  292c682167ae494ffe0ad7f64ae233ac331ef6c5
- SHA256
  
  f5a520309af04ce86829a5a5f36f42ef196f2105b1937b67d27ef51aeffbd354
- SHA512
  
  64c2410bbb27304185dc34bf2978b40e58548a1846f9dc8b95b5cd1415a57a95362f09bda9fedd3ab6c12e4a45b186c6ec3d571c88b56e40d922a2e6a926700a
- SSDEEP
  
  6144:8Zfa9/aXPTICKhC5sX50AYuFMs4TlIZSj9Pkocy46fylX:8ZfWSXPT6hnSBS4m/ocFlX
Score

10^/10

xloader_apk banker collection discovery evasion impact infostealer persistence trojan
- XLoader payload
- XLoader, MoqHao
  An Android banker and info stealer.
  trojan infostealer banker xloader_apk
- Checks if the Android device is rooted.
  evasion
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Queries the phone number (MSISDN for GSM devices)
  discovery
- Reads the content of the MMS message.
  collection
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Requests changing the default SMS application.
  collection impact
behavioral1

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

Foreground Persistence

Credential Access

Discovery

Software Discovery

Security Software Discovery

System Information Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Protected User Data

SMS Messages

Command and Control

Exfiltration

Impact

SMS Control

Tasks

static1

behavioral1

xloader_apkbankercollectiondiscoveryevasionimpactinfostealerpersistencetrojan