Overview

overview

10

Static

static

6

f5f34360ee...06.apk

android-9-x86

10

Analysis

  • max time kernel
    179s
  • max time network
    158s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    20-08-2024 22:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f5f34360ee60ac7e4f44bdcf1b3efbaabb63dc7ee8390ed9cddca7e9e640fc06.apk

  • Size

    440KB

  • MD5

    f269ce549559027cfb75591818d5d31d

  • SHA1

    b2c3bdbcd06b75843354b890c325df7ab4057c89

  • SHA256

    f5f34360ee60ac7e4f44bdcf1b3efbaabb63dc7ee8390ed9cddca7e9e640fc06

  • SHA512

    a485ca238eb529bd6b3157161adaa8bb1ac95b83cd16ce8c22e7ebbb3a277845d8bdb0c736a4b0a0a36fae9f58380fa0c5d73de54096bf5b4ac05760fd48ec03

  • SSDEEP

    12288:DrCF2xrJbiHZYomRfdWlXppDcezvBVS8xklM:vCScZYomSlXoezvPSH2

Score
10/10
xloader_apkbankercollectiondiscoveryevasionimpactinfostealerpersistencestealthtrojan

Malware Config

Extracted

Family

xloader_apk

C2

http://91.204.227.39:28844

DES_key

Signatures

Processes

  • b.ghnmtr.qy
    1⤵
    • Checks if the Android device is rooted.
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Reads the content of the MMS message.
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Requests changing the default SMS application.
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4219

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/b.ghnmtr.qy/files/d
    Filesize

    454KB

    MD5

    70981e80e0fc7d5b58e1e133839e0bcd

    SHA1

    bbd65ce41ca1f65e1646ce902dde824302f7714c

    SHA256

    123d3d05df04c183259f36c78419f0ac8f1e1179e0135611203f11a4f7e16040

    SHA512

    7ab08ee27bfc747dc59ef95ccc0abc60f95e11e921a99b53ffd68aba9321679cdf5c7fa4ad23c738cab2191a06827e9471ab206a1e80d57eaa731fc319e0010c

    Download Submit

  • /data/data/b.ghnmtr.qy/files/oat/d.cur.prof
    Filesize

    891B

    MD5

    ed6ed7e62aaa1004ed24c8eb85dd81c6

    SHA1

    7a1dfa1734d36ce40a1732f06b35852ae11fa448

    SHA256

    9660639d9affdb8b146d39de001154efc07290ef001da6a13d27f4019e6936f8

    SHA512

    f093c7b1ba12839e4489f0bc7866012a3da8fda14c7b0bcd037b8a64f788e29bd9dbbb287126f3c5edf40c3ab315fbadd6cf7f4080396fd93cd704c71aa5f749

    Download Submit