Extracted

• • Target

    446b9329dbd79fce6305298b346854a7c8863e5afce13e5a2f780d037a0040d9.bin

  • Size

    208KB

  • MD5

    5eaf9eb4c31983daec37862c8b0a7783

  • SHA1

    c81bb2c72f49da300f8c0a2763f9b3cf8d483aa1

  • SHA256

    446b9329dbd79fce6305298b346854a7c8863e5afce13e5a2f780d037a0040d9

  • SHA512

    979b0458eed8493f60e4c694545c22bf0a436174b5471ca2746410197a659c95ef96585d02e8c4024eeeaf7700e1e98104fd0f16b8120958fad16bcec630c8da

  • SSDEEP

    6144:HTwOdvj4Tq7wJj0L3/gfhOFLkpiwogYcYF0W:Pvjb9zgZwnwoncYF0W

  Score

  10^/10

  xloader_apkbankercollectiondiscoveryevasionimpactinfostealerpersistencetrojan

  • XLoader payload

  • XLoader, MoqHao

    An Android banker and info stealer.

    trojaninfostealerbankerxloader_apk

  • Checks if the Android device is rooted.

    evasion

  • Loads dropped Dex/Jar

    Runs executable file dropped to the device during analysis.

    evasion

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    bankerdiscovery

  • Queries the phone number (MSISDN for GSM devices)

    discovery

  • Reads the content of the MMS message.

    collection

  • Acquires the wake lock

  • Makes use of the framework's foreground persistence service

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence

  • Requests changing the default SMS application.

    collectionimpact
  behavioral1