General
-
Target
11b07a9b8dfa975fa7d849b681f9a3d8a4333746233f8410d86a9167286efc6b.bin
-
Size
283KB
-
Sample
240918-1yc9ysvgke
-
MD5
07d8e46a2b9bb0514286b5f633321b1f
-
SHA1
4ceba5f14d3586216079efc7eb8ea20e33195dce
-
SHA256
11b07a9b8dfa975fa7d849b681f9a3d8a4333746233f8410d86a9167286efc6b
-
SHA512
77ee917b47a80ba715acbc3f69b7f4a5f19f8ec90851c4f4982544ee043eb38f590b425a210d4e0d081294bbe0a7661ff47043db08977725a6d1c950f85c4e6a
-
SSDEEP
6144:n1rGsxAlQpIZr6EHsQ8xeHOMrt48fBxnf7Ucpzq9R+Bo8/y5B:Wl9r68sQ8kvrt5Rc9sC5B
Malware Config
Targets
-
-
Target
11b07a9b8dfa975fa7d849b681f9a3d8a4333746233f8410d86a9167286efc6b.bin
-
Size
283KB
-
MD5
07d8e46a2b9bb0514286b5f633321b1f
-
SHA1
4ceba5f14d3586216079efc7eb8ea20e33195dce
-
SHA256
11b07a9b8dfa975fa7d849b681f9a3d8a4333746233f8410d86a9167286efc6b
-
SHA512
77ee917b47a80ba715acbc3f69b7f4a5f19f8ec90851c4f4982544ee043eb38f590b425a210d4e0d081294bbe0a7661ff47043db08977725a6d1c950f85c4e6a
-
SSDEEP
6144:n1rGsxAlQpIZr6EHsQ8xeHOMrt48fBxnf7Ucpzq9R+Bo8/y5B:Wl9r68sQ8kvrt5Rc9sC5B
Score10/10-
XLoader payload
-
XLoader, MoqHao
An Android banker and info stealer.
-
Checks if the Android device is rooted.
-
Removes its main activity from the application launcher
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
-
Queries the phone number (MSISDN for GSM devices)
-
Reads the content of the MMS message.
-
Acquires the wake lock
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Requests changing the default SMS application.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Foreground Persistence
1Hide Artifacts
2Suppress Application Icon
1User Evasion
1