Overview

overview

10

Static

static

6

0cfe8fe188...78.apk

android-9-x86

10

0cfe8fe188...78.apk

android-10-x64

10

0cfe8fe188...78.apk

android-11-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    android-11_x64
  • resource
    android-x64-arm64-20240910-en
  • resource tags

    arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
  • submitted
    09-09-2024 22:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0cfe8fe1886f8e31921b612dedbe93bb5b292d308b7fb41839d9f4d76ade2c78.apk

  • Size

    309KB

  • MD5

    94eefcb0384f847c03e2993b98734991

  • SHA1

    04e9ee7185d38ff4b8866c2da8b2598cb753375d

  • SHA256

    0cfe8fe1886f8e31921b612dedbe93bb5b292d308b7fb41839d9f4d76ade2c78

  • SHA512

    bc4735f7158ac503ec4ee8f56cb3b62139e8104606371e81e0e18953d881c29be2ced1057f7d628591483e2f292806e5a642ea27896dc1235b3c3b7eea4b48d3

  • SSDEEP

    6144:fqVgL5SsFyXRosVhHn8xsKSyh8cWJ7uc2hWAnFXMemm1lnRKh:S61SFhosVhH8HSyycwzAn1lIh

Score
10/10
xloader_apkbankercollectiondiscoveryevasionimpactinfostealerpersistencestealthtrojan

Malware Config

Extracted

Family

xloader_apk

C2

http://91.204.227.39:28844

DES_key

Signatures

Processes

  • kodv.to.rq
    1⤵
    • Checks if the Android device is rooted.
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Reads the content of the MMS message.
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Requests changing the default SMS application.
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4846

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/kodv.to.rq/files/dex
    Filesize

    580KB

    MD5

    ed9219be2761d62f01f05dee71f02df3

    SHA1

    c2b904961f519a66052c04d444b34ef4c3f00e67

    SHA256

    b8f6a3769331039a5f2dc29eba3adc431a7b086d47ec579cd143da11f137f13d

    SHA512

    420dc0fa4e231a66fa5c26fbd7952f574aa24aec62ecdf387dd376e98dac93cbea493785d67a030bd6d6745b00c7f3b14b693f906124ee6438b6a227d682f8bd

    Download Submit

  • /data/user/0/kodv.to.rq/files/oat/dex.cur.prof
    Filesize

    866B

    MD5

    b3aff47a60621de4f98a14bae67bbf75

    SHA1

    e122e0ad97b0e73141d038d859bcdcde24cd43cc

    SHA256

    0203f863ac216e0e4539fabb4d12857172fe754871ad073ba01bdb7f449cc0dc

    SHA512

    efeea840ca39e59050612af0a66065bac81c676becb63450743508fb5d903bd5a2fd0a6b5742318b42bb52a00f3aed781fc3b4d3f7c6ef67c7d066b836295de6

    Download Submit