Extracted

• • Target

    f1a4896a6c1e3dfc5023df2f9de14f4f0b6adaca3414a020573d2160ef4cfe4f.bin

  • Size

    310KB

  • MD5

    fd0f9f3a27e841615232b9e1f9172d6b

  • SHA1

    70cd011fcdc3baab08dc3c69ab5a827bac3f48fb

  • SHA256

    f1a4896a6c1e3dfc5023df2f9de14f4f0b6adaca3414a020573d2160ef4cfe4f

  • SHA512

    3fb665e5a52ce9cf878fe0e66b9a7efc902de974956f87b09d3acdeb0d6400b6e53dd2ed47e17e85c54e4bca7ec375cba55212d87c55c36c7c6dbd9c4b7109a1

  • SSDEEP

    6144:pmQ++wolxrahm2gLbNbcjyCqPTHeoZH+hBR5KmFzWizZPnidxY1J+:YmvrahmPbSyL+oeBz5ySdidk+

  Score

  10^/10

  xloader_apkbankercollectiondiscoveryevasionimpactinfostealerpersistencetrojan

  • XLoader payload

  • XLoader, MoqHao

    An Android banker and info stealer.

    trojaninfostealerbankerxloader_apk

  • Checks if the Android device is rooted.

    evasion

  • Loads dropped Dex/Jar

    Runs executable file dropped to the device during analysis.

    evasion

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    bankerdiscovery

  • Queries the phone number (MSISDN for GSM devices)

    discovery

  • Reads the content of the MMS message.

    collection

  • Acquires the wake lock

  • Makes use of the framework's foreground persistence service

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence

  • Requests changing the default SMS application.

    collectionimpact

  • Requests disabling of battery optimizations (often used to enable hiding in the background).

    evasion
  behavioral1behavioral2behavioral3