General
-
Target
2907e51ccc15432f994455f61ddd90237fe3f000c796c5bd62c80f0a331220cc.bin
-
Size
212KB
-
Sample
241022-142jqsyglm
-
MD5
254467c96686879838ac2ea587c316fc
-
SHA1
ab0f412dc7f0748adb2c77adc3f658aecf7045c0
-
SHA256
2907e51ccc15432f994455f61ddd90237fe3f000c796c5bd62c80f0a331220cc
-
SHA512
6cee5f19e104460fa3fe8a4217998d2ee842516d8abb7276a2d9371587a81ea2642532b7d1f0ab3f6e222752d6e5d04228bb0af89575222db00db96170a74164
-
SSDEEP
6144:MyAnAaRKPniQpXc+9HW1puiU9MgPVKAQ9:MyjaRKPlpM2gDsK7
Static task
static1
Behavioral task
behavioral1
Sample
2907e51ccc15432f994455f61ddd90237fe3f000c796c5bd62c80f0a331220cc.apk
Resource
android-x86-arm-20240910-en
Malware Config
Extracted
xloader_apk
http://91.204.226.54:28899
Targets
-
-
Target
2907e51ccc15432f994455f61ddd90237fe3f000c796c5bd62c80f0a331220cc.bin
-
Size
212KB
-
MD5
254467c96686879838ac2ea587c316fc
-
SHA1
ab0f412dc7f0748adb2c77adc3f658aecf7045c0
-
SHA256
2907e51ccc15432f994455f61ddd90237fe3f000c796c5bd62c80f0a331220cc
-
SHA512
6cee5f19e104460fa3fe8a4217998d2ee842516d8abb7276a2d9371587a81ea2642532b7d1f0ab3f6e222752d6e5d04228bb0af89575222db00db96170a74164
-
SSDEEP
6144:MyAnAaRKPniQpXc+9HW1puiU9MgPVKAQ9:MyjaRKPlpM2gDsK7
-
XLoader payload
-
Checks if the Android device is rooted.
-
Queries account information for other applications stored on the device
Application may abuse the framework's APIs to collect account information stored on the device.
-
Queries the phone number (MSISDN for GSM devices)
-
Reads the content of the MMS message.
-
Acquires the wake lock
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Reads information about phone network operator.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Defense Evasion
Download New Code at Runtime
1Foreground Persistence
1Hide Artifacts
2Suppress Application Icon
1User Evasion
1Virtualization/Sandbox Evasion
1System Checks
1