Overview

overview

10

Static

static

6

29085c60dc...57.apk

android-9-x86

10

29085c60dc...57.apk

android-10-x64

10

29085c60dc...57.apk

android-11-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    137s
  • platform
    android_x64
  • resource
    android-x64-20240624-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
  • submitted
    02-09-2024 22:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    29085c60dc04e953aca4daa1eafc1e909163b29ebc96b65f9d14071b01678757.apk

  • Size

    218KB

  • MD5

    ac22d87f1487ccfc26c2e50e8ed39035

  • SHA1

    4a26c2e63a5410867c9cc042ceac5265e3385186

  • SHA256

    29085c60dc04e953aca4daa1eafc1e909163b29ebc96b65f9d14071b01678757

  • SHA512

    885669f8b1d4344ecb9689b7a48c4d1744ae374b2b6941aaf3b539fd316664363101ad0b5a22d24c2f951202958fe98707c6a4c318592a3812491b76dfbcbe86

  • SSDEEP

    6144:W164a1GDZEdyTA1HkeI8oW5FCmlGhrRQDdiT:kaG/MVkeJ5cmiAdiT

Score
10/10
xloader_apkbankercollectiondiscoveryevasionimpactinfostealerpersistencestealthtrojan

Malware Config

Extracted

Family

xloader_apk

C2

http://91.204.227.39:28844

DES_key

Signatures

Processes

  • tfsx.szzzx.hrbgd
    1⤵
    • Checks if the Android device is rooted.
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Reads the content of the MMS message.
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:5051

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/tfsx.szzzx.hrbgd/files/dex
    Filesize

    456KB

    MD5

    c5654523e4899cf11630fe902e74b494

    SHA1

    d51781ac831b0442d5aaa8fb801d664f0daeb1c4

    SHA256

    fd7e515d5732df7cc5632a8411671fdad79815c7df963ef68f728398c8c8db31

    SHA512

    19e1fdb04673dec606e0376b0ffb4e32bd12d37cf50d22815c114ccc2a76824b114835ef858e0fbc84d89dc6be1e1951be047e24521771c05d6ce43fac137bdb

    Download Submit

  • /data/data/tfsx.szzzx.hrbgd/files/oat/dex.cur.prof
    Filesize

    900B

    MD5

    d3234cfa1d35ffa3dd671dc28462edbe

    SHA1

    73ffc338db0363d7039d77cd68e90232e6e8612c

    SHA256

    761649ed9a004ade1a1572a208a8cd1666df38b8adac69a5b63cbf7632ac49cc

    SHA512

    89efd15df784809a49a6c753fcd96de7c115c0df17397c34e2815444330d36102745c0b9fef2762e5487bc928d12e575871e234036b5fbf04cd13eb58470fe57

    Download Submit