Extracted

• • Target

    21d09a7f2a7d34860521285010f90f907cbdd4bd31dd4139fe67e72d972bb777.bin

  • Size

    410KB

  • MD5

    0c488bcf20b2fe8713ef2c632c68da09

  • SHA1

    977850ce6c13c28ebd01514583ba35a9d07b34b0

  • SHA256

    21d09a7f2a7d34860521285010f90f907cbdd4bd31dd4139fe67e72d972bb777

  • SHA512

    406ce868df68d4983704911ca1ecb6fc3c589967dc9301eab61e943c19893607d81656c6b63923cb4adb1fd75bb317fb2f5a2d66fefb471aac687c988994ae08

  • SSDEEP

    12288:YsFUhrq7m+nGQL2HGKF0Z+985OL9n17ZLbJq6S3Yu:YsFUE7m+nGQi1F0Z08k17ZLbUV

  Score

  10^/10

  xloader_apkbankercollectiondiscoveryevasionimpactinfostealerpersistencestealthtrojan

  • XLoader payload

  • XLoader, MoqHao

    An Android banker and info stealer.

    trojaninfostealerbankerxloader_apk

  • Checks if the Android device is rooted.

    evasion

  • Removes its main activity from the application launcher

    stealthtrojanevasion

  • Loads dropped Dex/Jar

    Runs executable file dropped to the device during analysis.

    evasion

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    bankerdiscovery

  • Queries the phone number (MSISDN for GSM devices)

    discovery

  • Reads the content of the MMS message.

    collection

  • Acquires the wake lock

  • Makes use of the framework's foreground persistence service

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence

  • Requests changing the default SMS application.

    collectionimpact
  behavioral1