Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
154s -
platform
android-13_x64 -
resource
android-33-x64-arm64-20240910-en -
resource tags
-
submitted
21/10/2024, 22:02
General
-
Target
9dd4a2c7f69bb885c054ff85ed4d17e07baedc2b3d4663c3689f590d2cdb4189.apk
-
Size
283KB
-
MD5
3df0f3488457efadb4c1a150151b9dbe
-
SHA1
1eb9da0f727f360c61cf9b1ac5153a6a9a307b1f
-
SHA256
9dd4a2c7f69bb885c054ff85ed4d17e07baedc2b3d4663c3689f590d2cdb4189
-
SHA512
bcd4dad4086c379aea9e09c96e058c0ffde01c0d3284587aa56ce0f928a3dc5db12ecb04e20435e5631e62bcc5943f97a875288d34bb30cf371376cf698ce63e
-
SSDEEP
6144:FPbxDjSYQdYrEQhV3/fJv87fblRoM8A5O5eIxDPX:FPZbQdYYaPfu7DjQA5O5eIxDPX
Malware Config
Extracted
xloader_apk
http://91.204.226.105:28844
Signatures
-
XLoader payload 1 IoCs
-
XLoader, MoqHao
An Android banker and info stealer.
-
Checks if the Android device is rooted. 1 TTPs 1 IoCs
-
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
-
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Reads the contacts stored on the device. 1 TTPs 1 IoCs
-
Reads the content of the MMS message. 1 TTPs 1 IoCs
-
Acquires the wake lock 1 IoCs
-
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries information about active data network 1 TTPs 1 IoCs
-
Reads information about phone network operator. 1 TTPs
-
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes
-
urkvoa.comxx.yjbcso.avrjma1⤵
- Checks if the Android device is rooted.
- Loads dropped Dex/Jar
- Queries account information for other applications stored on the device
- Reads the contacts stored on the device.
- Reads the content of the MMS message.
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Queries information about active data network
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Uses Crypto APIs (Might try to encrypt user data)
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Foreground Persistence
1Hide Artifacts
1User Evasion
1Discovery
Software Discovery
1Security Software Discovery
1System Information Discovery
1System Network Configuration Discovery
2System Network Connections Discovery
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
505KB
MD51948f47b3ea40b56b95c2afea1715414
SHA15c690f45283971be674c6d8a2e54175b0ecf55eb
SHA25655e4054d9045b3a34d808883c387d64cbae6a402ba7551f1c7a19d6b2bcc5ae7
SHA5128f3e40ff08f864901147cd60dd88191b9f792a746f0d923e3fea3a30f1ce951ec984013641b32ce1130b764f3d27974ac1a4a9d281090c8bbbff02808ffeb436
-
Filesize
36B
MD51ceb1e437275c4de4e8122359c7c09fa
SHA133b673d49fee5a2455f356d7617d3debfb95bdc4
SHA2566882f33fba0c13ba23718939447ad85c6daa3235a053d70cc5e729f501097395
SHA512b9a2a98a9c3c2fa4f0815caafbb374eb980e2353be9c9cabe3a9e57183f3c9bc8f055318456ea79bc94a8bd64ce4fb407514a019000e9d0bd489c513819529f3