General
-
Target
2fd99852874c1f595bf3e04fa934694df9523ef0cf7d915442aa002841c08dad.bin
-
Size
212KB
-
Sample
241024-13n71swakg
-
MD5
1166056c59adf67029d1c8badad93a9c
-
SHA1
e0f60f096445ae54eebd343bfedaf6e5c29d32c0
-
SHA256
2fd99852874c1f595bf3e04fa934694df9523ef0cf7d915442aa002841c08dad
-
SHA512
9fabf6f06a0e651142c84b14aeff713c6b8c18d346d323ef738b46973496ab35f930fbcee8b7504ce6049ec6249621a172fa531cd365324cc8382de6adaf9d89
-
SSDEEP
3072:O9BV//AapbWfPP5d7G3ASs7Dcgh9J3hH21Bvu4MiUDxML0vpN0GoY0UXXLcnEd:ORnAaRKPniQpXc+9HW1puiU9MgPVZd
Static task
static1
Behavioral task
behavioral1
Sample
2fd99852874c1f595bf3e04fa934694df9523ef0cf7d915442aa002841c08dad.apk
Resource
android-x86-arm-20240624-en
Malware Config
Extracted
xloader_apk
http://91.204.226.54:28899
Targets
-
-
Target
2fd99852874c1f595bf3e04fa934694df9523ef0cf7d915442aa002841c08dad.bin
-
Size
212KB
-
MD5
1166056c59adf67029d1c8badad93a9c
-
SHA1
e0f60f096445ae54eebd343bfedaf6e5c29d32c0
-
SHA256
2fd99852874c1f595bf3e04fa934694df9523ef0cf7d915442aa002841c08dad
-
SHA512
9fabf6f06a0e651142c84b14aeff713c6b8c18d346d323ef738b46973496ab35f930fbcee8b7504ce6049ec6249621a172fa531cd365324cc8382de6adaf9d89
-
SSDEEP
3072:O9BV//AapbWfPP5d7G3ASs7Dcgh9J3hH21Bvu4MiUDxML0vpN0GoY0UXXLcnEd:ORnAaRKPniQpXc+9HW1puiU9MgPVZd
-
XLoader payload
-
Checks if the Android device is rooted.
-
Queries account information for other applications stored on the device
Application may abuse the framework's APIs to collect account information stored on the device.
-
Queries the phone number (MSISDN for GSM devices)
-
Reads the content of the MMS message.
-
Acquires the wake lock
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Reads information about phone network operator.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Defense Evasion
Download New Code at Runtime
1Foreground Persistence
1Hide Artifacts
2Suppress Application Icon
1User Evasion
1Virtualization/Sandbox Evasion
1System Checks
1