General
-
Target
abf26c2f4d75a33f1c83ed24f1e5b5c0d927a2dfd1ec5e4e0c288987d8cdf5d2.bin
-
Size
209KB
-
Sample
240908-189e5s1aqb
-
MD5
ca92af5f9faf185a017a218a8fd23f94
-
SHA1
9abff9d954359a9c3842f808b497b6726aa42d5a
-
SHA256
abf26c2f4d75a33f1c83ed24f1e5b5c0d927a2dfd1ec5e4e0c288987d8cdf5d2
-
SHA512
322747cf15e25e7af67ae4627b5e9a598a3841be2fe30fce12f9e97b06b3df0143aa33809a9ffd4e12be0a399641565635fecfbd6eaaaa8a1d780e9d49574a93
-
SSDEEP
3072:6nAfMUSext0Deffg/u+vZs6+bCdNTMqgpV8Hdpt25ykzYVnNpYCO4+O1wXQdpIKN:eKpMefl+K6+bCrf0c25anwOrCC
Malware Config
Targets
-
-
Target
abf26c2f4d75a33f1c83ed24f1e5b5c0d927a2dfd1ec5e4e0c288987d8cdf5d2.bin
-
Size
209KB
-
MD5
ca92af5f9faf185a017a218a8fd23f94
-
SHA1
9abff9d954359a9c3842f808b497b6726aa42d5a
-
SHA256
abf26c2f4d75a33f1c83ed24f1e5b5c0d927a2dfd1ec5e4e0c288987d8cdf5d2
-
SHA512
322747cf15e25e7af67ae4627b5e9a598a3841be2fe30fce12f9e97b06b3df0143aa33809a9ffd4e12be0a399641565635fecfbd6eaaaa8a1d780e9d49574a93
-
SSDEEP
3072:6nAfMUSext0Deffg/u+vZs6+bCdNTMqgpV8Hdpt25ykzYVnNpYCO4+O1wXQdpIKN:eKpMefl+K6+bCrf0c25anwOrCC
Score10/10-
XLoader payload
-
XLoader, MoqHao
An Android banker and info stealer.
-
Checks if the Android device is rooted.
-
Removes its main activity from the application launcher
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
-
Queries the phone number (MSISDN for GSM devices)
-
Reads the content of the MMS message.
-
Acquires the wake lock
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Requests changing the default SMS application.
-