Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
153s -
platform
android-13_x64 -
resource
android-33-x64-arm64-20240910-en -
resource tags
-
submitted
22/10/2024, 22:09
General
-
Target
e0dbd7e7b44d55e3c59c86dc24a81818b0e0bd8bea99fe0f32c75b1f13b95177.apk
-
Size
277KB
-
MD5
88cdb8d2f55835280874ad822434309d
-
SHA1
2794d7792cb3913cf3e88ec80a492e8f0289401e
-
SHA256
e0dbd7e7b44d55e3c59c86dc24a81818b0e0bd8bea99fe0f32c75b1f13b95177
-
SHA512
7a7d1c6ae5c92eea09c7344bb634e91d031061351184e5652f589e70275d9fea7549e216fdb7760f889f56bfe25363ed269f9b639508f128135623746a3b7711
-
SSDEEP
6144:nlXkAbYMVE0Q1pT2kyi6npnfRhzzXHK6XIG/n5DnR2q3lEg56V:lXvbYMoOfiepnf/zbHr5zcclG
Malware Config
Extracted
xloader_apk
http://91.204.226.105:28844
Signatures
-
XLoader payload 1 IoCs
-
XLoader, MoqHao
An Android banker and info stealer.
-
Checks if the Android device is rooted. 1 TTPs 1 IoCs
-
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
-
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Reads the contacts stored on the device. 1 TTPs 1 IoCs
-
Reads the content of the MMS message. 1 TTPs 1 IoCs
-
Acquires the wake lock 1 IoCs
-
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries information about active data network 1 TTPs 1 IoCs
-
Reads information about phone network operator. 1 TTPs
-
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes
-
vtdoi.rvc.dhzuuf.dtuhl1⤵
- Checks if the Android device is rooted.
- Loads dropped Dex/Jar
- Queries account information for other applications stored on the device
- Reads the contacts stored on the device.
- Reads the content of the MMS message.
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Queries information about active data network
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Uses Crypto APIs (Might try to encrypt user data)
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Foreground Persistence
1Hide Artifacts
1User Evasion
1Discovery
Software Discovery
1Security Software Discovery
1System Information Discovery
1System Network Configuration Discovery
2System Network Connections Discovery
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
493KB
MD5105e2dcbc89ff58ece125bfb4f69a612
SHA10d868cd028ceb507544465ae7e68978d025bec4d
SHA2560de0a008613e7a70bafc5b249ffc5b4112ba2a4eef03219e43912efb53604a5a
SHA512254e3df724a160ffd42e0344e58b15bf8ac004ab6c51bf1b2c52cfa35ca3c894ce92d8c6a22d507b410aa35a8c9875ba95e8a6a9e881dfefb40887c8c7b9b465
-
Filesize
36B
MD52f2c6608412220af3f7a18b0e1e158a1
SHA16b709ec9f7baa157170216ef6065b75b376e4a37
SHA256d67559f76ebe39487dcef72c8f4a25fbd6d12a668702db157a579a43fd0ea894
SHA51261eae0e93c791cbb7ac35880a603e4801858dff4f4e0e19ddfff302d56aa1657a113effe80c2d03e76c831a2a881a0eba51a7157b658cf4e609ffe3458e6ac8c