General
-
Target
QYADZO.apk
-
Size
40.1MB
-
Sample
241009-xx8spaweqa
-
MD5
c57e877b317a6ae1c731fc398eae134a
-
SHA1
19615fcb1d0cfcc30c114c4f69a62082b5615857
-
SHA256
845df5afe3977d1d0109d725cf63b0c21e23f870ccf2de613f66f96e8ea145bd
-
SHA512
6bd7d975a9a2ec29c6b0ebeb2117f922e5173775e6a3541baa1d9abf8901b8a46e53a8fa04b1b9aa6e51408a7716bc0228ec58268653a5290ec569121d637e5c
-
SSDEEP
786432:H38Ym2d67A9Ls3unQn1SxlMTpxABB9F5d3fHQ62G3Zu3V0u/U1S2h:ITn1SvMNxABB9vdx3ZgygUhh
Behavioral task
behavioral1
Sample
QYADZO.apk
Resource
android-33-x64-arm64-20240624-en
Malware Config
Targets
-
-
Target
QYADZO.apk
-
Size
40.1MB
-
MD5
c57e877b317a6ae1c731fc398eae134a
-
SHA1
19615fcb1d0cfcc30c114c4f69a62082b5615857
-
SHA256
845df5afe3977d1d0109d725cf63b0c21e23f870ccf2de613f66f96e8ea145bd
-
SHA512
6bd7d975a9a2ec29c6b0ebeb2117f922e5173775e6a3541baa1d9abf8901b8a46e53a8fa04b1b9aa6e51408a7716bc0228ec58268653a5290ec569121d637e5c
-
SSDEEP
786432:H38Ym2d67A9Ls3unQn1SxlMTpxABB9F5d3fHQ62G3Zu3V0u/U1S2h:ITn1SvMNxABB9vdx3ZgygUhh
-
Android Xamalicious payload
-
Xamalicious
Xamalicious is an Android backdoor malware implemented with Xamarin framework first seen in December 2023.
-
Acquires the wake lock
-
Checks the application is allowed to request package installs through the package installer
Checks the application is allowed to install additional applications (Might try to install applications from unknown sources).
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries information about active data network
-
Requests allowing to install additional applications from unknown sources.
-
Requests dangerous framework permissions
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-
Requests enabling of the accessibility settings.
-
Tries to add a device administrator.
-