Extracted

• • Target

    cc1a40d19711f8f11ba3adbbf734bb088f29a2d9f9097a4e7e9bed0c71c64470.bin

  • Size

    278KB

  • MD5

    fd3966b21ed34d2374cafcfeed38f43d

  • SHA1

    a688e7026e0baa9c152d058a25c832d4f4b9cf50

  • SHA256

    cc1a40d19711f8f11ba3adbbf734bb088f29a2d9f9097a4e7e9bed0c71c64470

  • SHA512

    5e2924cb2c74e8b81a8d51fb8040afaa461b574e0bff0ab37ebac7d2dc84041cc84e45b1227de85838759e5ebb1b3ad9f6cd7efd06be804a4ddba8aadd2d1d7e

  • SSDEEP

    6144:a/tI/xyhBq3AMDEXqCrw7jZYutNbK5W0K8En0gImyCbYb85:Xx4BqwMDEfrYrtU5qrymyCo85

  Score

  10^/10

  xloader_apkbankercollectiondiscoveryevasionimpactinfostealerpersistencetrojan

  • XLoader payload

  • XLoader, MoqHao

    An Android banker and info stealer.

    trojaninfostealerbankerxloader_apk

  • Checks if the Android device is rooted.

    evasion

  • Loads dropped Dex/Jar

    Runs executable file dropped to the device during analysis.

    evasion

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    bankerdiscovery

  • Queries the phone number (MSISDN for GSM devices)

    discovery

  • Reads the content of the MMS message.

    collection

  • Acquires the wake lock

  • Makes use of the framework's foreground persistence service

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence

  • Reads information about phone network operator.

    discovery

  • Requests disabling of battery optimizations (often used to enable hiding in the background).

    evasion
  behavioral1