General
-
Target
d3d0472381e871201563cd16932f16ca222cc19031062346b5443cc43cd17fe3.bin
-
Size
307KB
-
Sample
240906-1xfzfszgnd
-
MD5
3b68660654f4df3371fbe6e22731b58b
-
SHA1
515e25f3c2b0642cd077fb019e3be42db9afabcb
-
SHA256
d3d0472381e871201563cd16932f16ca222cc19031062346b5443cc43cd17fe3
-
SHA512
2b046f3abeccd981c403ef47147567e35966a982b933320a20686a882c4248ad66c575e3b9bab2485ddef288bd3c00144c0e466b1a2bd69710616413fe117b5d
-
SSDEEP
6144:OGegBdXUzrZIltUiVd3oatvj6HR+eWqWMqAPhfRbZ45J7obwgjIOyjlV:OGegBCnZIltR/3Zdj6HTxk5g5jRaV
Static task
static1
Behavioral task
behavioral1
Sample
d3d0472381e871201563cd16932f16ca222cc19031062346b5443cc43cd17fe3.apk
Resource
android-x86-arm-20240910-en
Behavioral task
behavioral2
Sample
d3d0472381e871201563cd16932f16ca222cc19031062346b5443cc43cd17fe3.apk
Resource
android-x64-20240910-en
Behavioral task
behavioral3
Sample
d3d0472381e871201563cd16932f16ca222cc19031062346b5443cc43cd17fe3.apk
Resource
android-x64-arm64-20240910-en
Malware Config
Extracted
xloader_apk
http://91.204.227.39:28844
Targets
-
-
Target
d3d0472381e871201563cd16932f16ca222cc19031062346b5443cc43cd17fe3.bin
-
Size
307KB
-
MD5
3b68660654f4df3371fbe6e22731b58b
-
SHA1
515e25f3c2b0642cd077fb019e3be42db9afabcb
-
SHA256
d3d0472381e871201563cd16932f16ca222cc19031062346b5443cc43cd17fe3
-
SHA512
2b046f3abeccd981c403ef47147567e35966a982b933320a20686a882c4248ad66c575e3b9bab2485ddef288bd3c00144c0e466b1a2bd69710616413fe117b5d
-
SSDEEP
6144:OGegBdXUzrZIltUiVd3oatvj6HR+eWqWMqAPhfRbZ45J7obwgjIOyjlV:OGegBCnZIltR/3Zdj6HTxk5g5jRaV
-
XLoader payload
-
Checks if the Android device is rooted.
-
Queries the phone number (MSISDN for GSM devices)
-
Reads the content of the MMS message.
-
Acquires the wake lock
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Requests changing the default SMS application.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Defense Evasion
Download New Code at Runtime
1Foreground Persistence
1Hide Artifacts
2Suppress Application Icon
1User Evasion
1