Extracted

• • Target

    d75108dbf3e0d1144ba7f61356c03b100c04b36c6e735dd9b64920912253349b.bin

  • Size

    308KB

  • MD5

    b691686ac259434d41b4d7c00c407093

  • SHA1

    37c90d3bb945b758991638ecdaa57b76ac31e9e6

  • SHA256

    d75108dbf3e0d1144ba7f61356c03b100c04b36c6e735dd9b64920912253349b

  • SHA512

    099637ad66eb190adb6481237ae79d45bc5dcec17216313d6d10c5db94f993c607736305fc21d872ea183928a69cc3bf221a02be4cb41b2fbe08a0c4b3a73c1c

  • SSDEEP

    6144:eM9sn8F2ERoLjDs1A6A6wQ9oPTHeoZH+hBR5KmFzWizZMPFnl3:eMjFIns12q9S+oeBz5ySsl3

  Score

  10^/10

  xloader_apkbankercollectiondiscoveryevasionimpactinfostealerpersistencetrojan

  • XLoader payload

  • XLoader, MoqHao

    An Android banker and info stealer.

    trojaninfostealerbankerxloader_apk

  • Checks if the Android device is rooted.

    evasion

  • Loads dropped Dex/Jar

    Runs executable file dropped to the device during analysis.

    evasion

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    bankerdiscovery

  • Queries the phone number (MSISDN for GSM devices)

    discovery

  • Reads the content of the MMS message.

    collection

  • Acquires the wake lock

  • Makes use of the framework's foreground persistence service

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence

  • Requests changing the default SMS application.

    collectionimpact

  • Requests disabling of battery optimizations (often used to enable hiding in the background).

    evasion
  behavioral1behavioral2behavioral3