Overview

overview

10

Static

static

6

eb9394a299...38.apk

android-11-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    134s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240624-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
  • submitted
    27-09-2024 22:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    eb9394a299a2e362ab7ceed590412fb6bcf01d33cfc87b731c00ac99725fb538.apk

  • Size

    278KB

  • MD5

    34a5af4c64ad54b415a75c1f23ed465a

  • SHA1

    531c6c6afd4c6e03bbe969f0c76bede3efea2728

  • SHA256

    eb9394a299a2e362ab7ceed590412fb6bcf01d33cfc87b731c00ac99725fb538

  • SHA512

    4c6a00d8cd0a92f374c6e1652ad701a41857765632d0502dce6371f6d48ec1c9d362535eab4b44c77c8d90e5d0598a67ebe4b6ee8b99fd03fd53308404f52dbb

  • SSDEEP

    6144:mSd9gIXihVbD3L6BwQZBJ37tDhWC+q6FrfMmGAB:mJIXihVbD3+BwkBFtf366mV

Score
10/10
xloader_apkbankercollectiondiscoveryevasionimpactinfostealerpersistencestealthtrojan

Malware Config

Extracted

Family

xloader_apk

C2

http://91.204.227.39:28844

DES_key

Signatures

Processes

  • dvzesq.arlq.wpru.fqyge
    1⤵
    • Checks if the Android device is rooted.
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Reads the content of the MMS message.
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4424

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/dvzesq.arlq.wpru.fqyge/files/b
    Filesize

    493KB

    MD5

    1de744484e7d7385baca06eb02986485

    SHA1

    97398c5e27f988e55327daca9f3b391552acf9e5

    SHA256

    a86d40402acf532ce17f2e6f1c3349fb0fe3e6061507b95be164c242081c6abb

    SHA512

    1e00977c3aab9a2e8c26844d7e6a16bb4e37589a83e49b5e9d1224cca794db586d7a307ae08021e5e979b45d56daacac9b6f285491d5e996fc10e0702784b8c1

    Download Submit

  • /data/user/0/dvzesq.arlq.wpru.fqyge/files/oat/b.cur.prof
    Filesize

    991B

    MD5

    47680f15a1fbddfd84e27dc3e07dcf83

    SHA1

    6d263fd5052c7deb83c9143bf9389e40ea5d0ecc

    SHA256

    199950a4ee7fe434b876a7e5726bf6815231aa6515418fcb2645003a5294d6d7

    SHA512

    d7b95159f4e9bddf20d01f289b34ef2a47688451abacf1bafe60dcf6efb97c775217993a8af8296f4cf7f6495bbdceb95b31cdf419209bb9e68c17b8f9ff048a

    Download Submit