Extracted

• • Target

    765589e94647c40a59c4dbf1ed93b76a684adfa02e2c76a0d76c11383a71378f.bin

  • Size

    207KB

  • MD5

    0f64bf632ee3f1453dccd964b5dd85ec

  • SHA1

    6378a0c54ec57c9ea6e1614565895d25438b476a

  • SHA256

    765589e94647c40a59c4dbf1ed93b76a684adfa02e2c76a0d76c11383a71378f

  • SHA512

    2e6cf0f5cd78f682e61f4259fcff51e7f4ced2bcc1b82e482134aadd1f26e477354fb79cf0c04c8bcb5d483b69607cddba22e5295fc6db3b47a4a255c4dfa108

  • SSDEEP

    3072:3PADOBL5yZBCh12OIyns63IEnjNGzTwRDowMB65H2uOr7bz6v4AWI096qldK:3Ph95ycnznpYExGwxlJBkrn2wlK

  Score

  10^/10

  xloader_apkbankercollectiondiscoveryevasionimpactinfostealerpersistencetrojan

  • XLoader payload

  • XLoader, MoqHao

    An Android banker and info stealer.

    trojaninfostealerbankerxloader_apk

  • Checks if the Android device is rooted.

    evasion

  • Loads dropped Dex/Jar

    Runs executable file dropped to the device during analysis.

    evasion

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    bankerdiscovery

  • Queries the phone number (MSISDN for GSM devices)

    discovery

  • Reads the content of the MMS message.

    collection

  • Acquires the wake lock

  • Makes use of the framework's foreground persistence service

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence

  • Requests changing the default SMS application.

    collectionimpact
  behavioral1