Overview

overview

10

Static

static

6

e850e7e61d...24.apk

android-9-x86

10

e850e7e61d...24.apk

android-10-x64

10

e850e7e61d...24.apk

android-11-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    android-11_x64
  • resource
    android-x64-arm64-20240910-en
  • resource tags

    arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
  • submitted
    09-09-2024 22:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e850e7e61dded040358ded9de2d18d8fcc10c250cfc878e2b8fafe5353457224.apk

  • Size

    302KB

  • MD5

    756128b2eb4906eef298ea681438f382

  • SHA1

    b81ccbd83d0ecb65cfa7718411c192edfe52de2b

  • SHA256

    e850e7e61dded040358ded9de2d18d8fcc10c250cfc878e2b8fafe5353457224

  • SHA512

    0783b1bbf8f2a87aad3f79eb4b4e473ec357359f128e67a44b6de6e29eedf684d2cbef1ff22b6d9f9a322aadbf9d8b1bbce89a8f04d78b793a7ca3ecc9204a60

  • SSDEEP

    6144:s2DhsPJYlnTv1gZ4oTyM+ihV0WDnKGE6Es2U5CEsmkj4eXwEB+:s2qPJSv1FE9+x2KH6ES5CEsmknXwa+

Score
10/10
xloader_apkbankercollectiondiscoveryevasionimpactinfostealerpersistencestealthtrojan

Malware Config

Extracted

Family

xloader_apk

C2

http://91.204.227.39:28844

DES_key

Signatures

Processes

  • ggbx.wistk.pyxcw
    1⤵
    • Checks if the Android device is rooted.
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Reads the content of the MMS message.
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Requests changing the default SMS application.
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4781

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/ggbx.wistk.pyxcw/files/dex
    Filesize

    580KB

    MD5

    ed9219be2761d62f01f05dee71f02df3

    SHA1

    c2b904961f519a66052c04d444b34ef4c3f00e67

    SHA256

    b8f6a3769331039a5f2dc29eba3adc431a7b086d47ec579cd143da11f137f13d

    SHA512

    420dc0fa4e231a66fa5c26fbd7952f574aa24aec62ecdf387dd376e98dac93cbea493785d67a030bd6d6745b00c7f3b14b693f906124ee6438b6a227d682f8bd

    Download Submit