Extracted

• • Target

    9e570d50a20902cae53d54ba39a79c05_JaffaCakes118

  • Size

    302KB

  • MD5

    9e570d50a20902cae53d54ba39a79c05

  • SHA1

    9e38d058a68692a04fbaac87e7e563b9885cb9d9

  • SHA256

    b13856e604ab4dbd3fdef7b5ba4a22622760990d16a002867dcec02b78c275cf

  • SHA512

    d4b5b5ae12f53534e41d082d8a73d5829cf43d206f8a2a6955b4968118bccb6ec3376e006e9476634fdfa3763c2808a7d7aaba46ecc5bdbd26aef9d93745ba1d

  • SSDEEP

    6144:h4N8EMLFo5Pl+wPlShAz7q+ZIsar0cV0WDnKGE6Es2U5CEsmkj4eXwaglj:hWOhzwPlSCz7q+ZIs4Y2KH6ES5CEsmkK

  Score

  10^/10

  xloader_apkbankercollectiondiscoveryevasionimpactinfostealerpersistencestealthtrojan

  • XLoader payload

  • XLoader, MoqHao

    An Android banker and info stealer.

    trojaninfostealerbankerxloader_apk

  • Checks if the Android device is rooted.

    evasion

  • Removes its main activity from the application launcher

    stealthtrojanevasion

  • Loads dropped Dex/Jar

    Runs executable file dropped to the device during analysis.

    evasion

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    bankerdiscovery

  • Queries the phone number (MSISDN for GSM devices)

    discovery

  • Reads the content of the MMS message.

    collection

  • Acquires the wake lock

  • Makes use of the framework's foreground persistence service

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence

  • Requests changing the default SMS application.

    collectionimpact
  behavioral1behavioral2behavioral3